Description of problem: SELinux is preventing kwin_wayland from 'getattr' accesses on the chr_file /dev/dri/renderD129. ***** Plugin restorecon (90.5 confidence) suggests ************************ If you want to fix the label. /dev/dri/renderD129 default label should be dri_device_t. Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly. Do # /sbin/restorecon -v /dev/dri/renderD129 ***** Plugin device (9.50 confidence) suggests **************************** If you want to allow kwin_wayland to have getattr access on the renderD129 chr_file Then you need to change the label on /dev/dri/renderD129 to a type of a similar device. Do # semanage fcontext -a -t SIMILAR_TYPE '/dev/dri/renderD129' # restorecon -v '/dev/dri/renderD129' ***** Plugin catchall (1.40 confidence) suggests ************************** If you believe that kwin_wayland should be allowed getattr access on the renderD129 chr_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'kwin_wayland' --raw | audit2allow -M my-kwinwayland # semodule -X 300 -i my-kwinwayland.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:device_t:s0 Target Objects /dev/dri/renderD129 [ chr_file ] Source kwin_wayland Source Path kwin_wayland Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-38.17-1.fc38.noarch Local Policy RPM selinux-policy-targeted-38.17-1.fc38.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 6.3.8-200.fc38.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Jun 15 02:15:40 UTC 2023 x86_64 Alert Count 75 First Seen 2023-05-13 14:40:11 +04 Last Seen 2023-06-30 09:26:57 +04 Local ID 63541a66-cfa8-46d0-b91b-43c5ef534ff7 Raw Audit Messages type=AVC msg=audit(1688102817.360:195): avc: denied { getattr } for pid=1735 comm="kwin_wayland" path="/dev/dri/renderD129" dev="devtmpfs" ino=1188 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=0 Hash: kwin_wayland,xdm_t,device_t,chr_file,getattr Version-Release number of selected component: selinux-policy-targeted-38.17-1.fc38.noarch Additional info: reporter: libreport-2.17.10 component: selinux-policy package: selinux-policy-targeted-38.17-1.fc38.noarch hashmarkername: setroubleshoot event_log: 2023-06-30-09:53:58> Looking for similar problems in bugzilla reason: SELinux is preventing kwin_wayland from 'getattr' accesses on the chr_file /dev/dri/renderD129. kernel: 6.3.8-200.fc38.x86_64 type: libreport component: selinux-policy
Created attachment 1973326 [details] File: os_info
Created attachment 1973327 [details] File: description
Hi Ahmed, Can you please reproduce the issue in permissive mode? # setenforce 0 And collect AVC denials: # ausearch -i -m avc,user_avc,selinux_err,user_selinux_err -ts today Thank you, Nikola
type=USER_AVC msg=audit(07/16/23 09:03:04.991:234) : pid=1 uid=root auid=unset ses=unset subj=system_u:system_r:init_t:s0 msg='avc: denied { status } for auid=unset uid=root gid=root cmdline="" function="method_get_unit_file_state" scontext=system_u:system_r:snappy_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=system permissive=1 exe=/usr/lib/systemd/systemd sauid=root hostname=? addr=? terminal=?' -- By The Way: I Changed to X11 to fix this issue, because computer freezed frequentely . After I Changed to X11 From WayLand. Working Fine Now!