Since upgrading from a fairly clean F33 (installed from scratch a few months
ago) to F34 I get regular (upon each desktop login, I believe) SELinux denials
on what appears to be a dbus socket from gnome-shell and other components:
type=AVC msg=audit(1621790705.033:963): avc: denied { write } for
pid=136319 comm="gnome-shell" name="dbus-QyPy1X95QF" dev="tmpfs" ino=368
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0
Similar denials occur immediately following for gsd-keyboard, gsd-power,
gsd-media-keys, gsd-color and gsd-wacom, always in that order as far as I can
tell.
Is this a bug in the upgrade process? A known bug? Something misconfigured by
me? (I didn't readily find anything in Bugzilla or by searching)
I can obviously trivially fix it for myself (audit2allow says "allow xdm_t
tmp_t:sock_file write;") but if it's an SELinux policy or upgrade bug then it
should presumably be fixed.
Tim
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
