Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1943574
Summary: | SELinux is preventing gnome-shell from 'connectto' accesses on the unix_stream_socket /tmp/dbus-ufLMg28o5I. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Andras Feher <afeher> |
Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> |
Status: | ASSIGNED --- | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 34 | CC: | ajtbecool, aqaruoti21, bojan, dwalsh, Gecko8211, grepl.miroslav, hlopes, ilaurie, joardar73, luizfercp, lvrabec, me+fedoraproject, mikhail.v.gavrilov, mmalik, omosnace, plautrba, redhat74, shawn, vmojzis, zpytela |
Target Milestone: | --- | Keywords: | Triaged |
Target Release: | --- | ||
Hardware: | aarch64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:55d30bfde59b26775ef0646555081e56dfd3c23a0e8c631c10fcfcbeaa4ab794;VARIANT_ID=workstation; | ||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Andras Feher
2021-03-26 13:42:16 UTC
*** Bug 1945270 has been marked as a duplicate of this bug. *** Similar problem has been detected: Booted fc34 WS and logged in. hashmarkername: setroubleshoot kernel: 5.11.14-300.fc34.x86_64 package: selinux-policy-targeted-34.3-1.fc34.noarch reason: SELinux is preventing gnome-shell from 'connectto' accesses on the unix_stream_socket /tmp/dbus-fGwdvY3I84. type: libreport Similar problem has been detected: Upgrade to F34. hashmarkername: setroubleshoot kernel: 5.11.16-300.fc34.x86_64 package: selinux-policy-targeted-34.3-1.fc34.noarch reason: SELinux is preventing gnome-shell from 'connectto' accesses on the unix_stream_socket /tmp/dbus-b8KDrikwqA. type: libreport Similar problem has been detected: Happened after upgrade from F33 to F34. hashmarkername: setroubleshoot kernel: 5.11.18-300.fc34.x86_64 package: selinux-policy-targeted-34.5-1.fc34.noarch reason: SELinux is preventing gnome-shell from 'connectto' accesses on the unix_stream_socket /tmp/dbus-ZsyysHDIwE. type: libreport *** Bug 1963074 has been marked as a duplicate of this bug. *** Similar problem has been detected: SELinux is preventing gnome-shell from connectto access on the unix_stream_socket /tmp/dbus-RcST4EcrmP. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that gnome-shell should be allowed connectto access on the dbus-RcST4EcrmP unix_stream_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'gnome-shell' --raw | audit2allow -M my-gnomeshell # semodule -X 300 -i my-gnomeshell.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:system_r:unconfined_service_t:s0-s0:c0.c1 023 Target Objects /tmp/dbus-RcST4EcrmP [ unix_stream_socket ] Source gnome-shell Source Path gnome-shell Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-34.7-1.fc34.noarch Local Policy RPM selinux-policy-targeted-34.7-1.fc34.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux fedora 5.12.6-300.fc34.x86_64 #1 SMP Sat May 22 20:42:55 UTC 2021 x86_64 x86_64 Alert Count 7 First Seen 2021-05-27 17:22:58 EDT Last Seen 2021-05-27 17:23:02 EDT Local ID 4cf34877-a9ed-4324-a42d-1ffeeeceecb8 Raw Audit Messages type=AVC msg=audit(1622150582.606:752): avc: denied { connectto } for pid=2452 comm="ibus-x11" path="/tmp/dbus-RcST4EcrmP" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:unconfined_service_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=0 Hash: gnome-shell,xdm_t,unconfined_service_t,unix_stream_socket,connectto hashmarkername: setroubleshoot kernel: 5.12.6-300.fc34.x86_64 package: selinux-policy-targeted-34.7-1.fc34.noarch reason: SELinux is preventing gnome-shell from 'connectto' accesses on the unix_stream_socket /tmp/dbus-RcST4EcrmP. type: libreport Similar problem has been detected: - Installed Fedora Workstation 34 - Replace gnome shell with xfce shell - installed snapd - installed icloud-for-linux hashmarkername: setroubleshoot kernel: 5.12.13-300.fc34.x86_64 package: selinux-policy-targeted-34.12-1.fc34.noarch reason: SELinux is preventing gnome-shell from 'connectto' accesses on the unix_stream_socket /tmp/dbus-iaa4NpKPWv. type: libreport |