Bug 2075527 - avc: denied { relabelfrom } for pid=450 comm="journal-offline" name=".#system" dev="vda3" ino=51958 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:obj
Summary: avc: denied { relabelfrom } for pid=450 comm="journal-offline" name=".#sys...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 37
Hardware: All
OS: Unspecified
high
medium
Target Milestone: ---
Assignee: Zdenek Pytela
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: CockpitTest
: 2124427 2137323 2139623 2143157 2152588 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-04-14 12:44 UTC by Bruno Goncalves
Modified: 2023-04-19 23:04 UTC (History)
32 users (show)

Fixed In Version: selinux-policy-37.17-1.fc37
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-12-27 01:12:37 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github fedora-selinux selinux-policy pull 1511 0 None open Allow journalctl relabel with var_log_t and syslogd_var_run_t files 2022-12-13 18:20:12 UTC

Internal Links: 2152823

Description Bruno Goncalves 2022-04-14 12:44:25 UTC 
Description of problem:
The following avc denial is shown when booting a aarch64 machine.

----
time->Thu Apr 14 07:49:13 2022
type=AVC msg=audit(1649936953.070:219): avc:  denied  { relabelfrom } for  pid=450 comm="journal-offline" name=".#system" dev="vda3" ino=51958 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=1
----
time->Thu Apr 14 07:49:13 2022
type=AVC msg=audit(1649936953.070:220): avc:  denied  { relabelto } for  pid=450 comm="journal-offline" name=".#system" dev="vda3" ino=51958 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=1

Version-Release number of selected component (if applicable):
selinux-policy-36.6-1.fc37.noarch
systemd-251~rc1-3.fc37.aarch64

How reproducible:
It seems easily reproducible

Steps to Reproduce:
1.Provision a aarch64 VM with Rawhide
2.Reboot


Additional info:
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          permissive
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      33
selinux-policy-36.6-1.fc37.noarch
----
time->Thu Apr 14 07:49:13 2022
type=AVC msg=audit(1649936953.070:219): avc:  denied  { relabelfrom } for  pid=450 comm="journal-offline" name=".#system" dev="vda3" ino=51958 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=1
----
time->Thu Apr 14 07:49:13 2022
type=AVC msg=audit(1649936953.070:220): avc:  denied  { relabelto } for  pid=450 comm="journal-offline" name=".#system" dev="vda3" ino=51958 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=1
Comment 2 Zdenek Pytela 2022-04-14 16:31:41 UTC 
This is the full audit entry:
----
type=PROCTITLE msg=audit(04/14/2022 12:22:06.334:223) : proctitle=/usr/lib/systemd/systemd-journald
type=PATH msg=audit(04/14/2022 12:22:06.334:223) : item=0 name=(null) inode=78269 dev=00:21 mode=file,640 ouid=root ogid=systemd-journal rdev=00:00 obj=system_u:object_r:var_log_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(04/14/2022 12:22:06.334:223) : cwd=/
type=SYSCALL msg=audit(04/14/2022 12:22:06.334:223) : arch=aarch64 syscall=fsetxattr success=yes exit=0 a0=0x1f a1=0xffff84000c39 a2=0xffff84000e70 a3=0x1f items=1 ppid=1 pid=450 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=journal-offline exe=/usr/lib/systemd/systemd-journald subj=system_u:system_r:syslogd_t:s0 key=(null)
type=AVC msg=audit(04/14/2022 12:22:06.334:223) : avc:  denied  { relabelto } for  pid=450 comm=journal-offline name=.#system dev="vda3" ino=78269 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=1
type=AVC msg=audit(04/14/2022 12:22:06.334:223) : avc:  denied  { relabelfrom } for  pid=450 comm=journal-offline name=.#system dev="vda3" ino=78269 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=1
Comment 3 Zbigniew Jędrzejewski-Szmek 2022-04-22 18:22:49 UTC 
systemd-journald has code [1,2] to finalize a journal file in an asychronous thread.
There hasn't been much changes to this code since 2016, except that we started
making a copy with a tempfile [3,4].

[1] https://github.com/systemd/systemd/commit/ac2e41f510
[2] https://github.com/systemd/systemd/commit/fa7ff4cf03
[3] https://github.com/systemd/systemd/commit/d71ece3f0b
[4] https://github.com/systemd/systemd/commit/5d04cec867

The AVC seems roughly consistent with the code: "journal-offline" thread creates a temporary
file and tries to atomically link it to normal journal file name.
The policy should allow this.
Comment 4 Ben Cotton 2022-08-09 13:14:53 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora Linux 37 development cycle.
Changing version to 37.
Comment 5 Martin Pitt 2022-08-31 07:00:55 UTC 
This happens in Cockpit's tests as well: https://cockpit-logs.us-east-1.linodeobjects.com/pull-17690-20220831-051933-cb3b0276-fedora-37/log.html#256
Comment 6 Zdenek Pytela 2022-09-15 07:11:00 UTC 
*** Bug 2124427 has been marked as a duplicate of this bug. ***
Comment 7 Kamil Páral 2022-09-16 09:06:59 UTC 
Similar problem has been detected:

I started a virtual machine from virt-manager.

hashmarkername: setroubleshoot
kernel:         5.19.8-300.fc37.x86_64
package:        selinux-policy-targeted-37.8-1.fc37.noarch
reason:         SELinux is preventing journal-offline from 'relabelfrom' accesses on the file .#user-1000.
type:           libreport
Comment 8 robin@ivehult.se 2022-09-20 13:18:20 UTC 
Similar issue occured.
Old machine upgraded to Fedora 37 beta.

Raw Audit Messages
type=AVC msg=audit(1663674094.272:31766): avc:  denied  { relabelto } for  pid=806 comm="journal-offline" name=".#user-1000" dev="dm-0" ino=3313234 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=0

kernel:           5.19.9-300.fc37.x86_64
package:          selinux-policy-targeted-37.8-1.fc37.noarch
Policy Type:      targeted
Enforcing Mode:   Enforcing
Source Context:   system_u:system_r:syslogd_t:s0
Target Context:   system_u:object_r:var_log_t:s0
Comment 9 Berend De Schouwer 2022-10-06 10:16:27 UTC 
Similar problem has been detected:

reboot or restart

hashmarkername: setroubleshoot
kernel:         5.19.10-300.fc37.x86_64
package:        selinux-policy-targeted-37.12-2.fc37.noarch
reason:         SELinux is preventing journal-offline from 'relabelto' accesses on the file .#user-1000.
type:           libreport
Comment 10 Ian Laurie 2022-10-17 08:37:18 UTC 
This isn't just arch64, it's happening on x86_64 also.
Comment 11 Zdenek Pytela 2022-10-24 13:13:20 UTC 
*** Bug 2137323 has been marked as a duplicate of this bug. ***
Comment 12 Zdenek Pytela 2022-11-03 08:49:24 UTC 
*** Bug 2139623 has been marked as a duplicate of this bug. ***
Comment 13 Nicolas Berrehouc 2022-11-05 08:51:35 UTC 
Similar problem has been detected:

After update:

# LANG=C dnf history info last
Transaction ID : 725
Begin time     : Fri Nov  4 06:12:45 2022
Begin rpmdb    : c8ddf57c611622e0a62f72dc6aa39ab7022250bea9c62610d9df160cc56c18f2
End time       : Fri Nov  4 06:13:13 2022 (28 seconds)
End rpmdb      : a550eba6602566905fb5ed63daf46f01c7194e8970311b8ba7b811170a411d80
User           : <REMOVED>
Return-Code    : Success
Releasever     : 37
Command Line   : upgrade --refresh --enablerepo=*testing
Comment        : 
Packages Altered:
    Upgrade  fail2ban-all-1.0.1-2.fc37.noarch                               @updates-testing
    Upgraded fail2ban-all-1.0.1-1.fc37.noarch                               @@System
    Upgrade  fail2ban-firewalld-1.0.1-2.fc37.noarch                         @updates-testing
    Upgraded fail2ban-firewalld-1.0.1-1.fc37.noarch                         @@System
    Upgrade  fail2ban-hostsdeny-1.0.1-2.fc37.noarch                         @updates-testing
    Upgraded fail2ban-hostsdeny-1.0.1-1.fc37.noarch                         @@System
    Upgrade  fail2ban-mail-1.0.1-2.fc37.noarch                              @updates-testing
    Upgraded fail2ban-mail-1.0.1-1.fc37.noarch                              @@System
    Upgrade  fail2ban-selinux-1.0.1-2.fc37.noarch                           @updates-testing
    Upgraded fail2ban-selinux-1.0.1-1.fc37.noarch                           @@System
    Upgrade  fail2ban-sendmail-1.0.1-2.fc37.noarch                          @updates-testing
    Upgraded fail2ban-sendmail-1.0.1-1.fc37.noarch                          @@System
    Upgrade  fail2ban-server-1.0.1-2.fc37.noarch                            @updates-testing
    Upgraded fail2ban-server-1.0.1-1.fc37.noarch                            @@System
    Upgrade  fail2ban-shorewall-1.0.1-2.fc37.noarch                         @updates-testing
    Upgraded fail2ban-shorewall-1.0.1-1.fc37.noarch                         @@System
    Upgrade  fail2ban-systemd-1.0.1-2.fc37.noarch                           @updates-testing
    Upgraded fail2ban-systemd-1.0.1-1.fc37.noarch                           @@System
    Upgrade  glib2-2.74.1-2.fc37.x86_64                                     @updates-testing
    Upgraded glib2-2.74.1-1.fc37.x86_64                                     @@System
    Upgrade  gnome-calendar-43.1-3.fc37.x86_64                              @updates-testing
    Upgraded gnome-calendar-43.1-2.fc37.x86_64                              @@System
    Upgrade  gtk4-4.8.2-2.fc37.x86_64                                       @updates-testing
    Upgraded gtk4-4.8.2-1.fc37.x86_64                                       @@System
    Upgrade  ibus-1.5.27-4.fc37.x86_64                                      @updates-testing
    Upgraded ibus-1.5.27-3.fc37.x86_64                                      @@System
    Upgrade  ibus-gtk2-1.5.27-4.fc37.x86_64                                 @updates-testing
    Upgraded ibus-gtk2-1.5.27-3.fc37.x86_64                                 @@System
    Upgrade  ibus-gtk3-1.5.27-4.fc37.x86_64                                 @updates-testing
    Upgraded ibus-gtk3-1.5.27-3.fc37.x86_64                                 @@System
    Upgrade  ibus-gtk4-1.5.27-4.fc37.x86_64                                 @updates-testing
    Upgraded ibus-gtk4-1.5.27-3.fc37.x86_64                                 @@System
    Upgrade  ibus-libs-1.5.27-4.fc37.x86_64                                 @updates-testing
    Upgraded ibus-libs-1.5.27-3.fc37.x86_64                                 @@System
    Upgrade  ibus-setup-1.5.27-4.fc37.noarch                                @updates-testing
    Upgraded ibus-setup-1.5.27-3.fc37.noarch                                @@System
    Upgrade  json-c-0.16-3.fc37.x86_64                                      @updates-testing
    Upgraded json-c-0.16-2.fc37.x86_64                                      @@System
    Upgrade  libvirt-daemon-8.6.0-4.fc37.x86_64                             @updates-testing
    Upgraded libvirt-daemon-8.6.0-3.fc37.x86_64                             @@System
    Upgrade  libvirt-daemon-config-network-8.6.0-4.fc37.x86_64              @updates-testing
    Upgraded libvirt-daemon-config-network-8.6.0-3.fc37.x86_64              @@System
    Upgrade  libvirt-daemon-driver-interface-8.6.0-4.fc37.x86_64            @updates-testing
    Upgraded libvirt-daemon-driver-interface-8.6.0-3.fc37.x86_64            @@System
    Upgrade  libvirt-daemon-driver-network-8.6.0-4.fc37.x86_64              @updates-testing
    Upgraded libvirt-daemon-driver-network-8.6.0-3.fc37.x86_64              @@System
    Upgrade  libvirt-daemon-driver-nodedev-8.6.0-4.fc37.x86_64              @updates-testing
    Upgraded libvirt-daemon-driver-nodedev-8.6.0-3.fc37.x86_64              @@System
    Upgrade  libvirt-daemon-driver-nwfilter-8.6.0-4.fc37.x86_64             @updates-testing
    Upgraded libvirt-daemon-driver-nwfilter-8.6.0-3.fc37.x86_64             @@System
    Upgrade  libvirt-daemon-driver-qemu-8.6.0-4.fc37.x86_64                 @updates-testing
    Upgraded libvirt-daemon-driver-qemu-8.6.0-3.fc37.x86_64                 @@System
    Upgrade  libvirt-daemon-driver-secret-8.6.0-4.fc37.x86_64               @updates-testing
    Upgraded libvirt-daemon-driver-secret-8.6.0-3.fc37.x86_64               @@System
    Upgrade  libvirt-daemon-driver-storage-8.6.0-4.fc37.x86_64              @updates-testing
    Upgraded libvirt-daemon-driver-storage-8.6.0-3.fc37.x86_64              @@System
    Upgrade  libvirt-daemon-driver-storage-core-8.6.0-4.fc37.x86_64         @updates-testing
    Upgraded libvirt-daemon-driver-storage-core-8.6.0-3.fc37.x86_64         @@System
    Upgrade  libvirt-daemon-driver-storage-disk-8.6.0-4.fc37.x86_64         @updates-testing
    Upgraded libvirt-daemon-driver-storage-disk-8.6.0-3.fc37.x86_64         @@System
    Upgrade  libvirt-daemon-driver-storage-gluster-8.6.0-4.fc37.x86_64      @updates-testing
    Upgraded libvirt-daemon-driver-storage-gluster-8.6.0-3.fc37.x86_64      @@System
    Upgrade  libvirt-daemon-driver-storage-iscsi-8.6.0-4.fc37.x86_64        @updates-testing
    Upgraded libvirt-daemon-driver-storage-iscsi-8.6.0-3.fc37.x86_64        @@System
    Upgrade  libvirt-daemon-driver-storage-iscsi-direct-8.6.0-4.fc37.x86_64 @updates-testing
    Upgraded libvirt-daemon-driver-storage-iscsi-direct-8.6.0-3.fc37.x86_64 @@System
    Upgrade  libvirt-daemon-driver-storage-logical-8.6.0-4.fc37.x86_64      @updates-testing
    Upgraded libvirt-daemon-driver-storage-logical-8.6.0-3.fc37.x86_64      @@System
    Upgrade  libvirt-daemon-driver-storage-mpath-8.6.0-4.fc37.x86_64        @updates-testing
    Upgraded libvirt-daemon-driver-storage-mpath-8.6.0-3.fc37.x86_64        @@System
    Upgrade  libvirt-daemon-driver-storage-rbd-8.6.0-4.fc37.x86_64          @updates-testing
    Upgraded libvirt-daemon-driver-storage-rbd-8.6.0-3.fc37.x86_64          @@System
    Upgrade  libvirt-daemon-driver-storage-scsi-8.6.0-4.fc37.x86_64         @updates-testing
    Upgraded libvirt-daemon-driver-storage-scsi-8.6.0-3.fc37.x86_64         @@System
    Upgrade  libvirt-daemon-driver-storage-sheepdog-8.6.0-4.fc37.x86_64     @updates-testing
    Upgraded libvirt-daemon-driver-storage-sheepdog-8.6.0-3.fc37.x86_64     @@System
    Upgrade  libvirt-daemon-driver-storage-zfs-8.6.0-4.fc37.x86_64          @updates-testing
    Upgraded libvirt-daemon-driver-storage-zfs-8.6.0-3.fc37.x86_64          @@System
    Upgrade  libvirt-daemon-kvm-8.6.0-4.fc37.x86_64                         @updates-testing
    Upgraded libvirt-daemon-kvm-8.6.0-3.fc37.x86_64                         @@System
    Upgrade  libvirt-libs-8.6.0-4.fc37.x86_64                               @updates-testing
    Upgraded libvirt-libs-8.6.0-3.fc37.x86_64                               @@System
    Upgrade  xorg-x11-server-Xwayland-22.1.5-1.fc37.x86_64                  @updates-testing
    Upgraded xorg-x11-server-Xwayland-22.1.4-1.fc37.x86_64                  @@System

hashmarkername: setroubleshoot
kernel:         6.0.5-300.fc37.x86_64
package:        selinux-policy-targeted-37.14-1.fc37.noarch
reason:         SELinux is preventing journal-offline from 'relabelfrom' accesses on the fichier .#user-1000.
type:           libreport
Comment 14 Sandro Bonazzola 2022-11-16 09:04:07 UTC 
*** Bug 2143157 has been marked as a duplicate of this bug. ***
Comment 15 hannes 2022-11-19 08:26:08 UTC 
I don't really know if this is relevant, but the error always happens, when using the Citrix Workspace App to connect to my company's citrix environment.
Comment 16 Florian Naumann 2022-11-20 14:51:19 UTC 
Similar problem has been detected:

Shown in SELinux report.

hashmarkername: setroubleshoot
kernel:         6.0.8-300.fc37.x86_64
package:        selinux-policy-targeted-37.14-1.fc37.noarch
reason:         SELinux is preventing journal-offline from 'relabelfrom' accesses on the file .#user-1000.
type:           libreport
Comment 17 markussen.larsen96 2022-11-24 20:40:41 UTC 
Similar problem has been detected:

systemctl 

Any form of use of systemctl after a "dnf groupinstall" done yesterday.

Always associated with another SELinux Alert; Bug 2083900 - SELinux is preventing systemd-gpt-aut from using the 'sys_admin' capabilities

hashmarkername: setroubleshoot
kernel:         6.0.9-300.fc37.x86_64
package:        selinux-policy-targeted-37.14-1.fc37.noarch
reason:         SELinux is preventing journal-offline from 'relabelfrom' accesses on the file .#user-1000.
type:           libreport
Comment 18 Brian J. Murrell 2022-11-29 13:58:26 UTC 
Similar problem has been detected:

Not really sure why this happened.

hashmarkername: setroubleshoot
kernel:         6.0.9-300.fc37.x86_64
package:        selinux-policy-targeted-37.14-1.fc37.noarch
reason:         SELinux is preventing journal-offline from 'relabelfrom' accesses on the file .#user-1001.
type:           libreport
Comment 19 Brian J. Murrell 2022-11-30 22:35:12 UTC 
Similar problem has been detected:

Don't really know what caused this.

hashmarkername: setroubleshoot
kernel:         6.0.9-300.fc37.x86_64
package:        selinux-policy-targeted-37.15-1.fc37.noarch
reason:         SELinux is preventing journal-offline from 'relabelfrom' accesses on the file .#user-1001.
type:           libreport
Comment 20 Davide Repetto 2022-12-05 16:24:39 UTC 
Similar problem has been detected:


This denial happens multiple times a day, on Fedora 37 (mate - in my case) even after "fixfiles onboot".


hashmarkername: setroubleshoot
kernel:         6.0.11-300.fc37.x86_64
package:        selinux-policy-targeted-37.15-1.fc37.noarch
reason:         SELinux is preventing journal-offline from 'relabelto' accesses on the file .#system.
type:           libreport
Comment 21 Davide Repetto 2022-12-05 16:25:29 UTC 
Similar problem has been detected:


This denial happens multiple times a day, on Fedora 37 (mate - in my case) even after "fixfiles onboot".

probably related to: 2075527

hashmarkername: setroubleshoot
kernel:         6.0.11-300.fc37.x86_64
package:        selinux-policy-targeted-37.15-1.fc37.noarch
reason:         SELinux is preventing journal-offline from 'relabelfrom' accesses on the file .#system.
type:           libreport
Comment 22 Davide Repetto 2022-12-09 12:53:56 UTC 
Similar problem has been detected:


This AVC denial happens at boot and occasionally during normal use, with packages from updates-testing:
selinux-policy-37.16-1.fc37.noarch
selinux-policy-minimum-37.16-1.fc37.noarch
selinux-policy-targeted-37.16-1.fc37.noarch


hashmarkername: setroubleshoot
kernel:         6.0.11-300.fc37.x86_64
package:        selinux-policy-targeted-37.16-1.fc37.noarch
reason:         SELinux is preventing journal-offline from 'relabelto' accesses on the file .#system.
type:           libreport
Comment 23 Davide Repetto 2022-12-09 12:55:07 UTC 
Similar problem has been detected:


This AVC denial (still) happens at boot and occasionally during normal use, with packages from updates-testing:
selinux-policy-37.16-1.fc37.noarch
selinux-policy-minimum-37.16-1.fc37.noarch
selinux-policy-targeted-37.16-1.fc37.noarch


hashmarkername: setroubleshoot
kernel:         6.0.11-300.fc37.x86_64
package:        selinux-policy-targeted-37.16-1.fc37.noarch
reason:         SELinux is preventing journal-offline from 'relabelfrom' accesses on the file .#system.
type:           libreport
Comment 24 Philipp Raich 2022-12-09 19:52:20 UTC 
Similar problem has been detected:

login

hashmarkername: setroubleshoot
kernel:         6.0.11-300.fc37.x86_64
package:        selinux-policy-targeted-37.15-1.fc37.noarch
reason:         SELinux is preventing journal-offline from 'relabelfrom' accesses on the file .#user-1000.
type:           libreport
Comment 25 Zdenek Pytela 2022-12-12 12:25:24 UTC 
*** Bug 2152588 has been marked as a duplicate of this bug. ***
Comment 26 kelvalok 2022-12-13 09:46:45 UTC 
Similar problem has been detected:

It happens as I log in in plasma.

hashmarkername: setroubleshoot
kernel:         6.0.11-300.fc37.x86_64
package:        selinux-policy-targeted-37.15-1.fc37.noarch
reason:         SELinux is preventing journal-offline from 'relabelfrom' accesses on the fitxer .#user-1000.
type:           libreport
Comment 27 Luis Vital 2022-12-15 09:30:16 UTC 
Similar problem has been detected:

When I switch on the laptop.

hashmarkername: setroubleshoot
kernel:         6.0.12-300.fc37.x86_64
package:        selinux-policy-targeted-37.15-1.fc37.noarch
reason:         SELinux is preventing journal-offline from 'relabelfrom' accesses on the file .#user-1000.
type:           libreport
Comment 28 Philipp Raich 2022-12-16 20:10:19 UTC 
Similar problem has been detected:

login

hashmarkername: setroubleshoot
kernel:         6.0.12-300.fc37.x86_64
package:        selinux-policy-targeted-37.15-1.fc37.noarch
reason:         SELinux is preventing journal-offline from 'relabelfrom' accesses on the file .#user-1000.
type:           libreport
Comment 29 Fedora Update System 2022-12-21 10:01:12 UTC 
FEDORA-2022-fc84e3e4d5 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-fc84e3e4d5
Comment 30 Dominik 'Rathann' Mierzejewski 2022-12-21 22:39:22 UTC 
Similar problem has been detected:

This alert appeared when I logged in after boot.

hashmarkername: setroubleshoot
kernel:         6.0.13-300.fc37.x86_64
package:        selinux-policy-targeted-37.16-1.fc37.noarch
reason:         SELinux is preventing journal-offline from 'relabelfrom' accesses on the file .#user-1000.
type:           libreport
Comment 31 Fedora Update System 2022-12-22 01:40:44 UTC 
FEDORA-2022-fc84e3e4d5 has been pushed to the Fedora 37 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-fc84e3e4d5`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-fc84e3e4d5

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 32 Fedora Update System 2022-12-27 01:12:37 UTC 
FEDORA-2022-fc84e3e4d5 has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 33 sjhudson 2023-04-19 23:04:36 UTC 
Similar problem has been detected:

Alert appears regularly, at least once a day

hashmarkername: setroubleshoot
kernel:         6.0.7-301.fc37.x86_64
package:        selinux-policy-targeted-37.12-2.fc37.noarch
reason:         SELinux is preventing journal-offline from 'relabelfrom' accesses on the file .#user-1000.
type:           libreport
Note You need to log in before you can comment on or make changes to this bug.