2360900 – Litany of gnome-remote-desktop policy bugs (create, bind, getattr, nlmsg_read, create, connect, getattr, name_connect)

Bug 2360900 - Litany of gnome-remote-desktop policy bugs (create, bind, getattr, nlmsg_read, create, connect, getattr, name_connect)

Summary: Litany of gnome-remote-desktop policy bugs (create, bind, getattr, nlmsg_read...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	42
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Zdenek Pytela
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Duplicates (16):	2354201 2354202 2354203 2354204 2354205 2354206 2354207 2354208 2356683 2356684 2356686 2356689 2356690 2356691 2356692 2356693 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-04-18 04:33 UTC by Bryan
Modified:	2026-03-08 23:59 UTC (History)
CC List:	8 users (show)
Fixed In Version:	selinux-policy-41.39-1.fc42
Clone Of:
Environment:
Last Closed:	2025-05-07 03:21:26 UTC
Type:	Bug
Embargoed:
Dependent Products:
Flags:	zpytela: mirror+

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	fedora-selinux selinux-policy pull 2652	0	None	open	Allow gnome-remote-desktop additional sockets permissions	2025-04-22 12:38:58 UTC
Red Hat Issue Tracker	FC-1614	0	None	None	None	2025-04-22 12:41:17 UTC

Description Bryan 2025-04-18 04:33:12 UTC

SELinux is preventing gnome-remote-de from 'create' accesses on the netlink_route_socket labeled gnome_remote_desktop_t.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that gnome-remote-de should be allowed create access on netlink_route_socket labeled gnome_remote_desktop_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'gnome-remote-de' --raw | audit2allow -M my-gnomeremotede
# semodule -X 300 -i my-gnomeremotede.pp

Additional Information:
Source Context                system_u:system_r:gnome_remote_desktop_t:s0
Target Context                system_u:system_r:gnome_remote_desktop_t:s0
Target Objects                Unknown [ netlink_route_socket ]
Source                        gnome-remote-de
Source Path                   gnome-remote-de
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            selinux-policy-targeted-41.37-1.fc42.noarch
Local Policy RPM              selinux-policy-targeted-41.37-1.fc42.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     (removed)
Platform                      Linux (removed) 6.14.2-300.fc42.x86_64 #1 SMP
                              PREEMPT_DYNAMIC Thu Apr 10 21:50:55 UTC 2025
                              x86_64
Alert Count                   1
First Seen                    2025-04-18 00:25:10 EDT
Last Seen                     2025-04-18 00:25:10 EDT
Local ID                      88dbef4a-414b-4266-83a3-4ac67cd0d0b3

Raw Audit Messages
type=AVC msg=audit(1744950310.572:1428): avc:  denied  { create } for  pid=301095 comm="gnome-remote-de" scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=netlink_route_socket permissive=1


Hash: gnome-remote-de,gnome_remote_desktop_t,gnome_remote_desktop_t,netlink_route_socket,create

SELinux is preventing gnome-remote-de from 'bind' accesses on the netlink_route_socket labeled gnome_remote_desktop_t.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that gnome-remote-de should be allowed bind access on netlink_route_socket labeled gnome_remote_desktop_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'gnome-remote-de' --raw | audit2allow -M my-gnomeremotede
# semodule -X 300 -i my-gnomeremotede.pp

Additional Information:
Source Context                system_u:system_r:gnome_remote_desktop_t:s0
Target Context                system_u:system_r:gnome_remote_desktop_t:s0
Target Objects                Unknown [ netlink_route_socket ]
Source                        gnome-remote-de
Source Path                   gnome-remote-de
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            selinux-policy-targeted-41.37-1.fc42.noarch
Local Policy RPM              selinux-policy-targeted-41.37-1.fc42.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     (removed)
Platform                      Linux (removed) 6.14.2-300.fc42.x86_64 #1 SMP
                              PREEMPT_DYNAMIC Thu Apr 10 21:50:55 UTC 2025
                              x86_64
Alert Count                   1
First Seen                    2025-04-18 00:25:10 EDT
Last Seen                     2025-04-18 00:25:10 EDT
Local ID                      0021de63-066d-4624-b517-f5a8562b348b

Raw Audit Messages
type=AVC msg=audit(1744950310.572:1429): avc:  denied  { bind } for  pid=301095 comm="gnome-remote-de" scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=netlink_route_socket permissive=1


Hash: gnome-remote-de,gnome_remote_desktop_t,gnome_remote_desktop_t,netlink_route_socket,bind

SELinux is preventing gnome-remote-de from 'getattr' accesses on the netlink_route_socket labeled gnome_remote_desktop_t.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that gnome-remote-de should be allowed getattr access on netlink_route_socket labeled gnome_remote_desktop_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'gnome-remote-de' --raw | audit2allow -M my-gnomeremotede
# semodule -X 300 -i my-gnomeremotede.pp

Additional Information:
Source Context                system_u:system_r:gnome_remote_desktop_t:s0
Target Context                system_u:system_r:gnome_remote_desktop_t:s0
Target Objects                Unknown [ netlink_route_socket ]
Source                        gnome-remote-de
Source Path                   gnome-remote-de
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            selinux-policy-targeted-41.37-1.fc42.noarch
Local Policy RPM              selinux-policy-targeted-41.37-1.fc42.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     (removed)
Platform                      Linux (removed) 6.14.2-300.fc42.x86_64 #1 SMP
                              PREEMPT_DYNAMIC Thu Apr 10 21:50:55 UTC 2025
                              x86_64
Alert Count                   1
First Seen                    2025-04-18 00:25:10 EDT
Last Seen                     2025-04-18 00:25:10 EDT
Local ID                      d61f3bd6-aeac-4195-a19d-362f55f48de9

Raw Audit Messages
type=AVC msg=audit(1744950310.572:1430): avc:  denied  { getattr } for  pid=301095 comm="gnome-remote-de" scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=netlink_route_socket permissive=1


Hash: gnome-remote-de,gnome_remote_desktop_t,gnome_remote_desktop_t,netlink_route_socket,getattr

SELinux is preventing gnome-remote-de from 'nlmsg_read' accesses on the netlink_route_socket labeled gnome_remote_desktop_t.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that gnome-remote-de should be allowed nlmsg_read access on netlink_route_socket labeled gnome_remote_desktop_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'gnome-remote-de' --raw | audit2allow -M my-gnomeremotede
# semodule -X 300 -i my-gnomeremotede.pp

Additional Information:
Source Context                system_u:system_r:gnome_remote_desktop_t:s0
Target Context                system_u:system_r:gnome_remote_desktop_t:s0
Target Objects                Unknown [ netlink_route_socket ]
Source                        gnome-remote-de
Source Path                   gnome-remote-de
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            selinux-policy-targeted-41.37-1.fc42.noarch
Local Policy RPM              selinux-policy-targeted-41.37-1.fc42.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     (removed)
Platform                      Linux (removed) 6.14.2-300.fc42.x86_64 #1 SMP
                              PREEMPT_DYNAMIC Thu Apr 10 21:50:55 UTC 2025
                              x86_64
Alert Count                   1
First Seen                    2025-04-18 00:25:10 EDT
Last Seen                     2025-04-18 00:25:10 EDT
Local ID                      1961f712-1fcd-4e5c-ad42-1b491264613c

Raw Audit Messages
type=AVC msg=audit(1744950310.572:1431): avc:  denied  { nlmsg_read } for  pid=301095 comm="gnome-remote-de" scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=netlink_route_socket permissive=1


Hash: gnome-remote-de,gnome_remote_desktop_t,gnome_remote_desktop_t,netlink_route_socket,nlmsg_read

SELinux is preventing gnome-remote-de from 'create' accesses on the udp_socket port None.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that gnome-remote-de should be allowed create access on the port None udp_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'gnome-remote-de' --raw | audit2allow -M my-gnomeremotede
# semodule -X 300 -i my-gnomeremotede.pp

Additional Information:
Source Context                system_u:system_r:gnome_remote_desktop_t:s0
Target Context                system_u:system_r:gnome_remote_desktop_t:s0
Target Objects                port None [ udp_socket ]
Source                        gnome-remote-de
Source Path                   gnome-remote-de
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            selinux-policy-targeted-41.37-1.fc42.noarch
Local Policy RPM              selinux-policy-targeted-41.37-1.fc42.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     (removed)
Platform                      Linux (removed) 6.14.2-300.fc42.x86_64 #1 SMP
                              PREEMPT_DYNAMIC Thu Apr 10 21:50:55 UTC 2025
                              x86_64
Alert Count                   1
First Seen                    2025-04-18 00:25:10 EDT
Last Seen                     2025-04-18 00:25:10 EDT
Local ID                      393e8ac0-6870-4b98-b070-9e98109b8566

Raw Audit Messages
type=AVC msg=audit(1744950310.572:1432): avc:  denied  { create } for  pid=301095 comm="gnome-remote-de" scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1


Hash: gnome-remote-de,gnome_remote_desktop_t,gnome_remote_desktop_t,udp_socket,create

SELinux is preventing gnome-remote-de from 'connect' accesses on the udp_socket port None.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that gnome-remote-de should be allowed connect access on the port None udp_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'gnome-remote-de' --raw | audit2allow -M my-gnomeremotede
# semodule -X 300 -i my-gnomeremotede.pp

Additional Information:
Source Context                system_u:system_r:gnome_remote_desktop_t:s0
Target Context                system_u:system_r:gnome_remote_desktop_t:s0
Target Objects                port None [ udp_socket ]
Source                        gnome-remote-de
Source Path                   gnome-remote-de
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            selinux-policy-targeted-41.37-1.fc42.noarch
Local Policy RPM              selinux-policy-targeted-41.37-1.fc42.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     (removed)
Platform                      Linux (removed) 6.14.2-300.fc42.x86_64 #1 SMP
                              PREEMPT_DYNAMIC Thu Apr 10 21:50:55 UTC 2025
                              x86_64
Alert Count                   1
First Seen                    2025-04-18 00:25:10 EDT
Last Seen                     2025-04-18 00:25:10 EDT
Local ID                      e9389b79-632d-47c2-91d0-0e981a464189

Raw Audit Messages
type=AVC msg=audit(1744950310.572:1433): avc:  denied  { connect } for  pid=301095 comm="gnome-remote-de" scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1


Hash: gnome-remote-de,gnome_remote_desktop_t,gnome_remote_desktop_t,udp_socket,connect

SELinux is preventing gnome-remote-de from 'getattr' accesses on the udp_socket port None.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that gnome-remote-de should be allowed getattr access on the port None udp_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'gnome-remote-de' --raw | audit2allow -M my-gnomeremotede
# semodule -X 300 -i my-gnomeremotede.pp

Additional Information:
Source Context                system_u:system_r:gnome_remote_desktop_t:s0
Target Context                system_u:system_r:gnome_remote_desktop_t:s0
Target Objects                port None [ udp_socket ]
Source                        gnome-remote-de
Source Path                   gnome-remote-de
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            selinux-policy-targeted-41.37-1.fc42.noarch
Local Policy RPM              selinux-policy-targeted-41.37-1.fc42.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     (removed)
Platform                      Linux (removed) 6.14.2-300.fc42.x86_64 #1 SMP
                              PREEMPT_DYNAMIC Thu Apr 10 21:50:55 UTC 2025
                              x86_64
Alert Count                   1
First Seen                    2025-04-18 00:25:10 EDT
Last Seen                     2025-04-18 00:25:10 EDT
Local ID                      a03702f5-7ace-40d3-8cd5-19612a9dd211

Raw Audit Messages
type=AVC msg=audit(1744950310.572:1434): avc:  denied  { getattr } for  pid=301095 comm="gnome-remote-de" laddr=127.0.0.1 lport=35204 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1


Hash: gnome-remote-de,gnome_remote_desktop_t,gnome_remote_desktop_t,udp_socket,getattr

SELinux is preventing gnome-remote-de from 'name_connect' accesses on the tcp_socket port 2321.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that gnome-remote-de should be allowed name_connect access on the port 2321 tcp_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'gnome-remote-de' --raw | audit2allow -M my-gnomeremotede
# semodule -X 300 -i my-gnomeremotede.pp

Additional Information:
Source Context                system_u:system_r:gnome_remote_desktop_t:s0
Target Context                system_u:object_r:unreserved_port_t:s0
Target Objects                port 2321 [ tcp_socket ]
Source                        gnome-remote-de
Source Path                   gnome-remote-de
Port                          2321
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            selinux-policy-targeted-41.37-1.fc42.noarch
Local Policy RPM              selinux-policy-targeted-41.37-1.fc42.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     (removed)
Platform                      Linux (removed) 6.14.2-300.fc42.x86_64 #1 SMP
                              PREEMPT_DYNAMIC Thu Apr 10 21:50:55 UTC 2025
                              x86_64
Alert Count                   1
First Seen                    2025-04-18 00:25:10 EDT
Last Seen                     2025-04-18 00:25:10 EDT
Local ID                      5482fa50-1ebc-49a6-887f-5e500fe2a90b

Raw Audit Messages
type=AVC msg=audit(1744950310.572:1435): avc:  denied  { name_connect } for  pid=301095 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1


Hash: gnome-remote-de,gnome_remote_desktop_t,unreserved_port_t,tcp_socket,name_connect

Comment 1 Zdenek Pytela 2025-04-22 12:38:59 UTC

Hi,

I added socket-related permissions which are probably needed after the package update:
https://github.com/fedora-selinux/selinux-policy/pull/2652
you can try copr build from checks -> rpmbuild -> rawhide

The name_connect permission to 2321/udp is not addressed - is this some local configuration?
By default, the 3389-3399/tcp range is allowed.

Comment 2 Zdenek Pytela 2025-04-22 14:12:27 UTC

*** Bug 2356693 has been marked as a duplicate of this bug. ***

Comment 3 Zdenek Pytela 2025-04-22 14:12:42 UTC

*** Bug 2356692 has been marked as a duplicate of this bug. ***

Comment 4 Zdenek Pytela 2025-04-22 14:12:54 UTC

*** Bug 2356691 has been marked as a duplicate of this bug. ***

Comment 5 Zdenek Pytela 2025-04-22 14:13:06 UTC

*** Bug 2356690 has been marked as a duplicate of this bug. ***

Comment 6 Zdenek Pytela 2025-04-22 14:15:45 UTC

*** Bug 2356689 has been marked as a duplicate of this bug. ***

Comment 7 Zdenek Pytela 2025-04-22 14:17:26 UTC

*** Bug 2356686 has been marked as a duplicate of this bug. ***

Comment 8 Zdenek Pytela 2025-04-22 14:17:38 UTC

*** Bug 2356684 has been marked as a duplicate of this bug. ***

Comment 9 Zdenek Pytela 2025-04-22 14:17:53 UTC

*** Bug 2356683 has been marked as a duplicate of this bug. ***

Comment 10 Bryan 2025-04-22 15:23:12 UTC

Not sure about port 2321, it's not a local config, maybe keyring or polkit/authentication?

[bryan@workstation]~$ sudo ausearch -c gnome-remote-de --raw | audit2why | grep -i 2321
type=AVC msg=audit(1730487652.970:104): avc:  denied  { getattr } for  pid=2788 comm="gnome-remote-de" laddr=127.0.0.1 lport=38693 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1
type=AVC msg=audit(1730487652.970:105): avc:  denied  { name_connect } for  pid=2788 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1730908639.297:123): avc:  denied  { getattr } for  pid=3403 comm="gnome-remote-de" laddr=127.0.0.1 lport=36869 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1
type=AVC msg=audit(1730908639.297:124): avc:  denied  { name_connect } for  pid=3403 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1731640726.406:135): avc:  denied  { getattr } for  pid=2992 comm="gnome-remote-de" laddr=127.0.0.1 lport=47413 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1
type=AVC msg=audit(1731640726.406:136): avc:  denied  { name_connect } for  pid=2992 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1732563706.530:125): avc:  denied  { getattr } for  pid=2918 comm="gnome-remote-de" laddr=127.0.0.1 lport=59677 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1
type=AVC msg=audit(1732563706.531:126): avc:  denied  { name_connect } for  pid=2918 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1732921383.828:3331): avc:  denied  { getattr } for  pid=119496 comm="gnome-remote-de" laddr=127.0.0.1 lport=54659 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1
type=AVC msg=audit(1732921383.828:3332): avc:  denied  { name_connect } for  pid=119496 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1734365506.247:119): avc:  denied  { getattr } for  pid=3170 comm="gnome-remote-de" laddr=127.0.0.1 lport=45560 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1
type=AVC msg=audit(1734365506.247:120): avc:  denied  { name_connect } for  pid=3170 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1734366145.926:127): avc:  denied  { getattr } for  pid=3255 comm="gnome-remote-de" laddr=127.0.0.1 lport=45874 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1
type=AVC msg=audit(1734366145.926:128): avc:  denied  { name_connect } for  pid=3255 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1736911793.136:16172): avc:  denied  { getattr } for  pid=1194482 comm="gnome-remote-de" laddr=127.0.0.1 lport=42688 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1
type=AVC msg=audit(1736911793.136:16173): avc:  denied  { name_connect } for  pid=1194482 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1739192019.932:142): avc:  denied  { getattr } for  pid=3031 comm="gnome-remote-de" laddr=127.0.0.1 lport=50633 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1
type=AVC msg=audit(1739192019.932:143): avc:  denied  { name_connect } for  pid=3031 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1739194245.977:111): avc:  denied  { getattr } for  pid=5282 comm="gnome-remote-de" laddr=127.0.0.1 lport=35721 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1
type=AVC msg=audit(1739194245.977:112): avc:  denied  { name_connect } for  pid=5282 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1740185414.377:119): avc:  denied  { getattr } for  pid=3730 comm="gnome-remote-de" laddr=127.0.0.1 lport=55333 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1
type=AVC msg=audit(1740185414.377:120): avc:  denied  { name_connect } for  pid=3730 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1740188058.824:123): avc:  denied  { getattr } for  pid=26197 comm="gnome-remote-de" laddr=127.0.0.1 lport=55552 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1
type=AVC msg=audit(1740188058.824:124): avc:  denied  { name_connect } for  pid=26197 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1740520908.428:129): avc:  denied  { getattr } for  pid=2973 comm="gnome-remote-de" laddr=127.0.0.1 lport=52081 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1
type=AVC msg=audit(1740520908.428:130): avc:  denied  { name_connect } for  pid=2973 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1736294461.041:118): avc:  denied  { getattr } for  pid=3135 comm="gnome-remote-de" laddr=127.0.0.1 lport=39201 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1
type=AVC msg=audit(1736294461.041:119): avc:  denied  { name_connect } for  pid=3135 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1736294460.886:113): avc:  denied  { getattr } for  pid=3177 comm="gnome-remote-de" laddr=127.0.0.1 lport=40667 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1
type=AVC msg=audit(1736294460.886:114): avc:  denied  { name_connect } for  pid=3177 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1736294445.539:119): avc:  denied  { getattr } for  pid=3813 comm="gnome-remote-de" laddr=127.0.0.1 lport=36362 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1
type=AVC msg=audit(1736294445.539:120): avc:  denied  { name_connect } for  pid=3813 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1740546823.506:120): avc:  denied  { getattr } for  pid=19577 comm="gnome-remote-de" laddr=127.0.0.1 lport=60238 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1
type=AVC msg=audit(1740546823.506:121): avc:  denied  { name_connect } for  pid=19577 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1740555263.001:123): avc:  denied  { getattr } for  pid=3383 comm="gnome-remote-de" laddr=127.0.0.1 lport=47926 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1
type=AVC msg=audit(1740555263.001:124): avc:  denied  { name_connect } for  pid=3383 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1740609677.700:116): avc:  denied  { getattr } for  pid=9993 comm="gnome-remote-de" laddr=127.0.0.1 lport=57466 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1
type=AVC msg=audit(1740609677.700:117): avc:  denied  { name_connect } for  pid=9993 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1740615476.347:114): avc:  denied  { getattr } for  pid=3393 comm="gnome-remote-de" laddr=127.0.0.1 lport=34628 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1
type=AVC msg=audit(1740615476.347:115): avc:  denied  { name_connect } for  pid=3393 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1741044769.731:118): avc:  denied  { getattr } for  pid=3336 comm="gnome-remote-de" laddr=127.0.0.1 lport=53067 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1
type=AVC msg=audit(1741044769.731:119): avc:  denied  { name_connect } for  pid=3336 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1743691352.572:124): avc:  denied  { getattr } for  pid=3414 comm="gnome-remote-de" laddr=127.0.0.1 lport=46466 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1
type=AVC msg=audit(1743691352.572:125): avc:  denied  { name_connect } for  pid=3414 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1743705569.676:124): avc:  denied  { getattr } for  pid=5452 comm="gnome-remote-de" laddr=127.0.0.1 lport=59398 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1
type=AVC msg=audit(1743705569.676:125): avc:  denied  { name_connect } for  pid=5452 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1743705931.763:120): avc:  denied  { getattr } for  pid=4520 comm="gnome-remote-de" laddr=127.0.0.1 lport=57278 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1
type=AVC msg=audit(1743705931.763:121): avc:  denied  { name_connect } for  pid=4520 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1744914880.583:4852): avc:  denied  { getattr } for  pid=3241805 comm="gnome-remote-de" laddr=127.0.0.1 lport=47088 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1
type=AVC msg=audit(1744914880.583:4853): avc:  denied  { name_connect } for  pid=3241805 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1744935337.188:117): avc:  denied  { getattr } for  pid=2439 comm="gnome-remote-de" laddr=127.0.0.1 lport=58723 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1
type=AVC msg=audit(1744935337.188:118): avc:  denied  { name_connect } for  pid=2439 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1
type=AVC msg=audit(1744950310.572:1434): avc:  denied  { getattr } for  pid=301095 comm="gnome-remote-de" laddr=127.0.0.1 lport=35204 faddr=127.0.0.1 fport=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:gnome_remote_desktop_t:s0 tclass=udp_socket permissive=1
type=AVC msg=audit(1744950310.572:1435): avc:  denied  { name_connect } for  pid=301095 comm="gnome-remote-de" dest=2321 scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=1

Comment 11 Zdenek Pytela 2025-04-22 16:56:07 UTC

*** Bug 2354208 has been marked as a duplicate of this bug. ***

Comment 12 Zdenek Pytela 2025-04-22 16:56:13 UTC

*** Bug 2354207 has been marked as a duplicate of this bug. ***

Comment 13 Zdenek Pytela 2025-04-22 16:56:21 UTC

*** Bug 2354206 has been marked as a duplicate of this bug. ***

Comment 14 Zdenek Pytela 2025-04-22 16:56:28 UTC

*** Bug 2354205 has been marked as a duplicate of this bug. ***

Comment 15 Zdenek Pytela 2025-04-22 16:56:35 UTC

*** Bug 2354204 has been marked as a duplicate of this bug. ***

Comment 16 Zdenek Pytela 2025-04-22 16:56:43 UTC

*** Bug 2354203 has been marked as a duplicate of this bug. ***

Comment 17 Zdenek Pytela 2025-04-22 16:56:51 UTC

*** Bug 2354202 has been marked as a duplicate of this bug. ***

Comment 18 Zdenek Pytela 2025-04-22 16:56:58 UTC

*** Bug 2354201 has been marked as a duplicate of this bug. ***

Comment 19 Fedora Update System 2025-05-02 07:41:26 UTC

FEDORA-2025-d1510e7fa1 (selinux-policy-41.39-1.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-d1510e7fa1

Comment 20 Fedora Update System 2025-05-03 02:50:04 UTC

FEDORA-2025-d1510e7fa1 has been pushed to the Fedora 42 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-d1510e7fa1`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-d1510e7fa1

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 21 Fedora Update System 2025-05-07 03:21:26 UTC

FEDORA-2025-d1510e7fa1 (selinux-policy-41.39-1.fc42) has been pushed to the Fedora 42 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 22 northtima94 2026-03-06 13:59:09 UTC Comment hidden (spam)

This comment was flagged as spam, view the edit history to see the original text if required.

Note You need to log in before you can comment on or make changes to this bug.