Tim Jackson kirjoitti 25.5.2021 klo 0.58:
Since upgrading from a fairly clean F33 (installed from scratch a few
months ago) to F34 I get regular (upon each desktop login, I believe)
SELinux denials on what appears to be a dbus socket from gnome-shell and
other components:
type=AVC msg=audit(1621790705.033:963): avc: denied { write } for
pid=136319 comm="gnome-shell" name="dbus-QyPy1X95QF" dev="tmpfs" ino=368
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0
Similar denials occur immediately following for gsd-keyboard, gsd-power,
gsd-media-keys, gsd-color and gsd-wacom, always in that order as far as
I can tell.
Is this a bug in the upgrade process? A known bug? Something
misconfigured by me? (I didn't readily find anything in Bugzilla or by
searching)
I can obviously trivially fix it for myself (audit2allow says "allow
xdm_t tmp_t:sock_file write;") but if it's an SELinux policy or upgrade
bug then it should presumably be fixed.
Is this the same as bug 1941853 [1]? Your AVC is similar to the one in
the report, though not identical). That bug is being discussed in bug
comments: "Yes, this needs to be addressed in the policy."
[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1941853
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
