On 04/10/2021 09:43, Adi Pircalabu wrote:
Didn't have setroubleshoot-server, so I went and installed it. "sealert -b" does nothing, or I don't know how to use it yet. Then I went and analyzed the audit log with "sealert -a /var/log/audit/audit.log" and here's the important bit: type=AVC msg=audit(1633309984.892:327): avc: denied { audit_control } for pid=2387 comm="(systemd)" capability=30 scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=capability permissive=1 $ ps auxww | egrep 2387 adi 2387 0.0 0.0 24080 16084 ? Ss 12:13 0:00 /usr/lib/systemd/systemd --user So, looks like selinux prevents systemd to run as user adi. Now I need to figure out why all of a sudden.Manged to get my sound back in enforcing mode by running: setsebool -P init_audit_control 1 After reboot I now have: # audit2allow -w -a | tail Possible mismatch between current in-memory boolean settings vs. permanent ones. type=AVC msg=audit(1633309984.892:327): avc: denied { audit_control } for pid=2387 comm="(systemd)" capability=30 scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=capability permissive=1 Was caused by: Unknown - would be allowed by active policy Possible mismatch between this policy and the one under which the audit message was generated. Possible mismatch between current in-memory boolean settings vs. permanent ones. $ ps auxww | egrep pipewire adi 2655 0.2 0.0 349932 17768 ? S<sl 12:36 0:00 /usr/bin/pipewire adi 2656 0.3 0.0 273220 25120 ? S<Lsl 12:36 0:01 /usr/bin/pipewire-pulse adi 2670 0.0 0.0 252976 12312 ? S<l 12:36 0:00 /usr/bin/pipewire-media-session adi 6401 0.0 0.0 221528 792 pts/1 S+ 12:42 0:00 grep -E --color=auto pipewire Still don't know what caused the change in behaviour yet.
On my F34 Gnome VM, I have sound after a full update. [root@f34g ~]# getsebool init_audit_control init_audit_control --> off So, I don't know why you'd have to set it to "on". I'm starting to think you may need to relabel your filesystem. -- Nothing to see here _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
