Description of problem: just pops up SELinux is preventing blocking-2 from 'write' accesses on the sock_file org.gnome.DisplayManager. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that blocking-2 should be allowed write access on the org.gnome.DisplayManager sock_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'blocking-2' --raw | audit2allow -M my-blocking2 # semodule -X 300 -i my-blocking2.pp Additional Information: Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Context system_u:object_r:xdm_var_run_t:s0 Target Objects org.gnome.DisplayManager [ sock_file ] Source blocking-2 Source Path blocking-2 Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-42.18-1.fc43.noarch Local Policy RPM selinux-policy-targeted-42.18-1.fc43.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 6.17.9-300.fc43.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Nov 24 23:31:27 UTC 2025 x86_64 Alert Count 307 First Seen 2025-11-15 22:47:28 CET Last Seen 2025-12-07 09:24:44 CET Local ID ae4da056-b6bf-4a45-b190-c0810211d257 Raw Audit Messages type=AVC msg=audit(1765095884.414:741): avc: denied { write } for pid=55950 comm="blocking-2" name="org.gnome.DisplayManager" dev="tmpfs" ino=3504 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_var_run_t:s0 tclass=sock_file permissive=0 Hash: blocking-2,thumb_t,xdm_var_run_t,sock_file,write Version-Release number of selected component: selinux-policy-targeted-42.18-1.fc43.noarch Additional info: reporter: libreport-2.17.15 reason: SELinux is preventing blocking-2 from 'write' accesses on the sock_file org.gnome.DisplayManager. package: selinux-policy-targeted-42.18-1.fc43.noarch component: selinux-policy hashmarkername: setroubleshoot type: libreport kernel: 6.17.9-300.fc43.x86_64 comment: just pops up component: selinux-policy
Created attachment 2117797 [details] File: description
Created attachment 2117798 [details] File: os_info
*** Bug 2422031 has been marked as a duplicate of this bug. ***
*** Bug 2421806 has been marked as a duplicate of this bug. ***
*** Bug 2422041 has been marked as a duplicate of this bug. ***
*** Bug 2419966 has been marked as a duplicate of this bug. ***
*** Bug 2421046 has been marked as a duplicate of this bug. ***
What version is fixed? Still happening with selinux-policy.noarch 42.19-1.fc43 updates selinux-policy-targeted.noarch 42.19-1.fc43 updates SELinux is preventing blocking-1 from write access on the sock_file org.gnome.DisplayManager. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that blocking-1 should be allowed write access on the org.gnome.DisplayManager sock_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'blocking-1' --raw | audit2allow -M my-blocking1 # semodule -X 300 -i my-blocking1.pp Additional Information: Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Context system_u:object_r:xdm_var_run_t:s0 Target Objects org.gnome.DisplayManager [ sock_file ] Source blocking-1 Source Path blocking-1 Port <Unknown> Host X Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-42.19-1.fc43.noarch Local Policy RPM selinux-policy-targeted-42.19-1.fc43.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name X Platform Linux X 6.17.12-300.fc43.x86_64 #1 SMP PREEMPT_DYNAMIC Sat Dec 13 05:06:24 UTC 2025 x86_64 Alert Count 95 First Seen 2025-11-25 13:43:42 AEDT Last Seen 2025-12-22 16:18:15 AEDT Local ID e4f85bfa-f478-4f35-8ee8-f4b7378fb983 Raw Audit Messages type=AVC msg=audit(1766380695.604:2109): avc: denied { write } for pid=1282317 comm="blocking-17" name="org.gnome.DisplayManager" dev="tmpfs" ino=3370 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_var_run_t:s0 tclass=sock_file permissive=0 Hash: blocking-1,thumb_t,xdm_var_run_t,sock_file,write
Thanks for spotting this, looks I misread the report.
On a slightly related matter, can you comment on why often the policy files will be updated but only the date on them changes? The content remains the same. It's not as if they are regenerated for a reason. Almost as if someone is using a Makefile with inconsistent dependencies.
FEDORA-2026-c3af1a6b23 (selinux-policy-42.20-1.fc43) has been submitted as an update to Fedora 43. https://bodhi.fedoraproject.org/updates/FEDORA-2026-c3af1a6b23
FEDORA-2026-c3af1a6b23 has been pushed to the Fedora 43 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2026-c3af1a6b23` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2026-c3af1a6b23 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2026-c3af1a6b23 (selinux-policy-42.20-1.fc43) has been pushed to the Fedora 43 stable repository. If problem still persists, please make note of it in this bug report.