Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1925791 - SELinux /var/lib/flatpak issues
Summary: SELinux /var/lib/flatpak issues
Keywords:
Status: CLOSED DUPLICATE of bug 1916652
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 33
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Zdenek Pytela
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-02-06 16:11 UTC by Mars
Modified: 2021-04-13 18:51 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-04-13 18:51:19 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
SELINUX LOG FROM SHORT SECONDS (34.37 KB, text/plain)
2021-02-06 16:11 UTC, Mars 		no flags Details
View All

Description Mars 2021-02-06 16:11:52 UTC 
Created attachment 1755354 [details]
SELINUX LOG FROM  SHORT SECONDS

Description of problem:

Selinux prevention


Version-Release number of selected component (if applicable):

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      33

How reproducible:

1. Just turn on my notebook
2. cpu usage is autimatically grow, and found selinux-flatpak log in journal


Actual results:

 - I have no experience a mistake. 
 - journal log
 - and hight cpu usage because setroubleshoot 


Expected results:

This is a selinux issue, so solve it.
I need to remove setroubleshoot?


Additional info:
I attached a selinux-log.log file as attachment:
THE LOG:
-- Logs begin at Sun 2020-05-03 14:06:09 CEST. --
febr 06 17:03:44 wagner setroubleshoot[1146]: SELinux is preventing dbus-daemon from read access on the lnk_file /var/lib/flatpak/exports/share/applications/org.qbittorrent.qBittorrent.desktop. For complete SELinux messages run: sealert -l a089eafa-d902-469c-b1b6-4adbfc20df76
febr 06 17:03:44 wagner setroubleshoot[1146]: SELinux is preventing dbus-daemon from read access on the lnk_file /var/lib/flatpak/exports/share/applications/org.qbittorrent.qBittorrent.desktop.
                                              
                                              *****  Plugin catchall_labels (83.8 confidence) suggests   *******************
                                              
                                              If you want to allow dbus-daemon to have read access on the org.qbittorrent.qBittorrent.desktop lnk_file
                                              Then you need to change the label on /var/lib/flatpak/exports/share/applications/org.qbittorrent.qBittorrent.desktop
                                              Do
                                              # semanage fcontext -a -t FILE_TYPE '/var/lib/flatpak/exports/share/applications/org.qbittorrent.qBittorrent.desktop'
                                              where FILE_TYPE is one of the following: NetworkManager_etc_rw_t, NetworkManager_etc_t, abrt_etc_t, abrt_var_cache_t, admin_home_t, aiccu_etc_t, alsa_etc_rw_t, antivirus_conf_t, asterisk_etc_t, bin_t, bitlbee_conf_t, bluetooth_conf_t, boot_t, bootloader_etc_t, cache_home_t, cert_t, cgconfig_etc_t, cgroup_t, cgrules_etc_t, cluster_conf_t, cobbler_etc_t, condor_conf_t, config_home_t, config_usr_t, conntrackd_conf_t, container_config_t, couchdb_conf_t, courier_etc_t, cpucontrol_conf_t, cupsd_etc_t, cupsd_rw_etc_t, data_home_t, dbus_home_t, dbusd_etc_t, ddclient_etc_t, device_t, devlog_t, dhcp_etc_t, dictd_etc_t, dnsmasq_etc_t, dovecot_etc_t, ecryptfs_t, etc_mail_t, etc_runtime_t, etc_t, exports_t, fetchmail_etc_t, file_context_t, fingerd_etc_t, firewalld_etc_rw_t, firstboot_etc_t, fonts_cache_t, fonts_t, ftpd_etc_t, gconf_etc_t, gconf_home_t, gdomap_conf_t, getty_etc_t, gkeyringd_gnome_home_t, gkeyringd_tmp_t, gnome_home_t, gpm_conf_t, gstreamer_home_t, hddtemp_etc_t, home_root_t, hostname_etc_t, httpd_config_t, hwdata_t, ibacm_conf_t, icc_data_home_t, innd_etc_t, irc_conf_t, irssi_etc_t, kdump_etc_t, kmscon_conf_t, krb5_conf_t, krb5kdc_conf_t, l2tp_conf_t, ld_so_t, lib_t, likewise_etc_t, lircd_etc_t, locale_t, lvm_etc_t, machineid_t, man_cache_t, man_t, mcelog_etc_t, mdadm_conf_t, minidlna_conf_t, minissdpd_conf_t, mock_etc_t, modules_conf_t, mozilla_conf_t, mozilla_plugin_tmp_t, mozilla_plugin_tmpfs_t, mpd_etc_t, mplayer_etc_t, mrtg_etc_t, mscan_etc_t, munin_etc_t, mysqld_etc_t, nagios_etc_t, named_conf_t, net_conf_t, nrpe_etc_t, nslcd_conf_t, ntop_etc_t, ntp_conf_t, nut_conf_t, opendnssec_conf_t, openvpn_etc_rw_t, openvpn_etc_t, openvswitch_rw_t, oracleasm_conf_t, pads_config_t, pam_var_console_t, pdns_conf_t, pegasus_conf_t, pingd_etc_t, piranha_etc_rw_t, piranha_web_conf_t, polipo_etc_t, portreserve_etc_t, postfix_etc_t, postfix_postdrop_t, postgresql_etc_t, postgrey_etc_t, pppd_etc_t, prelude_correlator_config_t, printconf_t, proc_t, psad_etc_t, ptal_etc_t, puppet_etc_t, qmail_etc_t, rabbitmq_conf_t, radiusd_etc_t, radvd_etc_t, redis_conf_t, rhnsd_conf_t, rhsmcertd_config_t, root_t, rpm_script_tmp_t, rpm_var_cache_t, rpm_var_lib_t, rsync_etc_t, samba_etc_t, sanlock_conf_t, security_t, selinux_config_t, selinux_login_config_t, shell_exec_t, shorewall_etc_t, slapd_etc_t, snapperd_conf_t, snort_etc_t, soundd_etc_t, spamd_etc_t, squid_conf_t, src_t, ssh_home_t, sslh_config_t, sssd_conf_t, sssd_var_lib_t, stunnel_etc_t, svc_conf_t, sysfs_t, syslog_conf_t, system_conf_t, system_db_t, system_dbusd_var_lib_t, systemd_hwdb_etc_t, systemd_userdbd_runtime_t, textrel_shlib_t, tftpd_etc_t, tmp_t, tor_etc_t, tuned_etc_t, tuned_rw_etc_t, udev_etc_t, udev_var_run_t, ulogd_etc_t, user_home_dir_t, user_home_t, user_tmp_t, userhelper_conf_t, usr_t, var_lock_t, var_run_t, var_t, varnishd_etc_t, virt_etc_t, virt_var_lib_t, virtlogd_etc_t, vmware_sys_conf_t, webalizer_etc_t, xdm_etc_t, xdm_log_t, xdm_rw_etc_t, xdm_tmpfs_t, xdm_var_lib_t, xdm_var_run_t, xserver_etc_t, xserver_log_t, ypserv_conf_t, zarafa_etc_t, zebra_conf_t.
                                              Then execute:
                                              restorecon -v '/var/lib/flatpak/exports/share/applications/org.qbittorrent.qBittorrent.desktop'
                                              
                                              
                                              *****  Plugin catchall (17.1 confidence) suggests   **************************
                                              
                                              If you believe that dbus-daemon should be allowed read access on the org.qbittorrent.qBittorrent.desktop lnk_file by default.
                                              Then you should report this as a bug.
                                              You can generate a local policy module to allow this access.
                                              Do
                                              allow this access for now by executing:
                                              # ausearch -c 'dbus-daemon' --raw | audit2allow -M my-dbusdaemon
                                              # semodule -X 300 -i my-dbusdaemon.pp
                                              
febr 06 17:03:44 wagner setroubleshoot[1146]: AnalyzeThread.run(): Set alarm timeout to 10
febr 06 17:03:44 wagner setroubleshoot[1146]: AnalyzeThread.run(): Cancel pending alarm
febr 06 17:03:44 wagner setroubleshoot[1146]: failed to retrieve rpm info for /var/lib/flatpak/exports/share/applications/org.videolan.VLC-openvcd.desktop
febr 06 17:03:48 wagner setroubleshoot[1146]: SELinux is preventing dbus-daemon from read access on the lnk_file /var/lib/flatpak/exports/share/applications/org.videolan.VLC-openvcd.desktop. For complete SELinux messages run: sealert -l a089eafa-d902-469c-b1b6-4adbfc20df76
febr 06 17:03:48 wagner setroubleshoot[1146]: SELinux is preventing dbus-daemon from read access on the lnk_file /var/lib/flatpak/exports/share/applications/org.videolan.VLC-openvcd.desktop.
                                              
                                              *****  Plugin catchall_labels (83.8 confidence) suggests   *******************
                                              
                                              If you want to allow dbus-daemon to have read access on the org.videolan.VLC-openvcd.desktop lnk_file
                                              Then you need to change the label on /var/lib/flatpak/exports/share/applications/org.videolan.VLC-openvcd.desktop
                                              Do
                                              # semanage fcontext -a -t FILE_TYPE '/var/lib/flatpak/exports/share/applications/org.videolan.VLC-openvcd.desktop'
                                              where FILE_TYPE is one of the following: NetworkManager_etc_rw_t, NetworkManager_etc_t, abrt_etc_t, abrt_var_cache_t, admin_home_t, aiccu_etc_t, alsa_etc_rw_t, antivirus_conf_t, asterisk_etc_t, bin_t, bitlbee_conf_t, bluetooth_conf_t, boot_t, bootloader_etc_t, cache_home_t, cert_t, cgconfig_etc_t, cgroup_t, cgrules_etc_t, cluster_conf_t, cobbler_etc_t, condor_conf_t, config_home_t, config_usr_t, conntrackd_conf_t, container_config_t, couchdb_conf_t, courier_etc_t, cpucontrol_conf_t, cupsd_etc_t, cupsd_rw_etc_t, data_home_t, dbus_home_t, dbusd_etc_t, ddclient_etc_t, device_t, devlog_t, dhcp_etc_t, dictd_etc_t, dnsmasq_etc_t, dovecot_etc_t, ecryptfs_t, etc_mail_t, etc_runtime_t, etc_t, exports_t, fetchmail_etc_t, file_context_t, fingerd_etc_t, firewalld_etc_rw_t, firstboot_etc_t, fonts_cache_t, fonts_t, ftpd_etc_t, gconf_etc_t, gconf_home_t, gdomap_conf_t, getty_etc_t, gkeyringd_gnome_home_t, gkeyringd_tmp_t, gnome_home_t, gpm_conf_t, gstreamer_home_t, hddtemp_etc_t, home_root_t, hostname_etc_t, httpd_config_t, hwdata_t, ibacm_conf_t, icc_data_home_t, innd_etc_t, irc_conf_t, irssi_etc_t, kdump_etc_t, kmscon_conf_t, krb5_conf_t, krb5kdc_conf_t, l2tp_conf_t, ld_so_t, lib_t, likewise_etc_t, lircd_etc_t, locale_t, lvm_etc_t, machineid_t, man_cache_t, man_t, mcelog_etc_t, mdadm_conf_t, minidlna_conf_t, minissdpd_conf_t, mock_etc_t, modules_conf_t, mozilla_conf_t, mozilla_plugin_tmp_t, mozilla_plugin_tmpfs_t, mpd_etc_t, mplayer_etc_t, mrtg_etc_t, mscan_etc_t, munin_etc_t, mysqld_etc_t, nagios_etc_t, named_conf_t, net_conf_t, nrpe_etc_t, nslcd_conf_t, ntop_etc_t, ntp_conf_t, nut_conf_t, opendnssec_conf_t, openvpn_etc_rw_t, openvpn_etc_t, openvswitch_rw_t, oracleasm_conf_t, pads_config_t, pam_var_console_t, pdns_conf_t, pegasus_conf_t, pingd_etc_t, piranha_etc_rw_t, piranha_web_conf_t, polipo_etc_t, portreserve_etc_t, postfix_etc_t, postfix_postdrop_t, postgresql_etc_t, postgrey_etc_t, pppd_etc_t, prelude_correlator_config_t, printconf_t, proc_t, psad_etc_t, ptal_etc_t, puppet_etc_t, qmail_etc_t, rabbitmq_conf_t, radiusd_etc_t, radvd_etc_t, redis_conf_t, rhnsd_conf_t, rhsmcertd_config_t, root_t, rpm_script_tmp_t, rpm_var_cache_t, rpm_var_lib_t, rsync_etc_t, samba_etc_t, sanlock_conf_t, security_t, selinux_config_t, selinux_login_config_t, shell_exec_t, shorewall_etc_t, slapd_etc_t, snapperd_conf_t, snort_etc_t, soundd_etc_t, spamd_etc_t, squid_conf_t, src_t, ssh_home_t, sslh_config_t, sssd_conf_t, sssd_var_lib_t, stunnel_etc_t, svc_conf_t, sysfs_t, syslog_conf_t, system_conf_t, system_db_t, system_dbusd_var_lib_t, systemd_hwdb_etc_t, systemd_userdbd_runtime_t, textrel_shlib_t, tftpd_etc_t, tmp_t, tor_etc_t, tuned_etc_t, tuned_rw_etc_t, udev_etc_t, udev_var_run_t, ulogd_etc_t, user_home_dir_t, user_home_t, user_tmp_t, userhelper_conf_t, usr_t, var_lock_t, var_run_t, var_t, varnishd_etc_t, virt_etc_t, virt_var_lib_t, virtlogd_etc_t, vmware_sys_conf_t, webalizer_etc_t, xdm_etc_t, xdm_log_t, xdm_rw_etc_t, xdm_tmpfs_t, xdm_var_lib_t, xdm_var_run_t, xserver_etc_t, xserver_log_t, ypserv_conf_t, zarafa_etc_t, zebra_conf_t.
                                              Then execute:
                                              restorecon -v '/var/lib/flatpak/exports/share/applications/org.videolan.VLC-openvcd.desktop'
                                              
                                              
                                              *****  Plugin catchall (17.1 confidence) suggests   **************************
                                              
                                              If you believe that dbus-daemon should be allowed read access on the org.videolan.VLC-openvcd.desktop lnk_file by default.
                                              Then you should report this as a bug.
                                              You can generate a local policy module to allow this access.
                                              Do
                                              allow this access for now by executing:
                                              # ausearch -c 'dbus-daemon' --raw | audit2allow -M my-dbusdaemon
                                              # semodule -X 300 -i my-dbusdaemon.pp
                                              
febr 06 17:03:48 wagner setroubleshoot[1146]: AnalyzeThread.run(): Set alarm timeout to 10
febr 06 17:03:48 wagner setroubleshoot[1146]: AnalyzeThread.run(): Cancel pending alarm
febr 06 17:03:48 wagner setroubleshoot[1146]: failed to retrieve rpm info for /var/lib/flatpak/exports/share/applications/com.obsproject.Studio.desktop
febr 06 17:03:51 wagner setroubleshoot[1146]: SELinux is preventing dbus-daemon from read access on the lnk_file /var/lib/flatpak/exports/share/applications/com.obsproject.Studio.desktop. For complete SELinux messages run: sealert -l a089eafa-d902-469c-b1b6-4adbfc20df76
febr 06 17:03:51 wagner setroubleshoot[1146]: SELinux is preventing dbus-daemon from read access on the lnk_file /var/lib/flatpak/exports/share/applications/com.obsproject.Studio.desktop.
                                              
                                              *****  Plugin catchall_labels (83.8 confidence) suggests   *******************
                                              
                                              If you want to allow dbus-daemon to have read access on the com.obsproject.Studio.desktop lnk_file
                                              Then you need to change the label on /var/lib/flatpak/exports/share/applications/com.obsproject.Studio.desktop
                                              Do
                                              # semanage fcontext -a -t FILE_TYPE '/var/lib/flatpak/exports/share/applications/com.obsproject.Studio.desktop'
                                              where FILE_TYPE is one of the following: NetworkManager_etc_rw_t, NetworkManager_etc_t, abrt_etc_t, abrt_var_cache_t, admin_home_t, aiccu_etc_t, alsa_etc_rw_t, antivirus_conf_t, asterisk_etc_t, bin_t, bitlbee_conf_t, bluetooth_conf_t, boot_t, bootloader_etc_t, cache_home_t, cert_t, cgconfig_etc_t, cgroup_t, cgrules_etc_t, cluster_conf_t, cobbler_etc_t, condor_conf_t, config_home_t, config_usr_t, conntrackd_conf_t, container_config_t, couchdb_conf_t, courier_etc_t, cpucontrol_conf_t, cupsd_etc_t, cupsd_rw_etc_t, data_home_t, dbus_home_t, dbusd_etc_t, ddclient_etc_t, device_t, devlog_t, dhcp_etc_t, dictd_etc_t, dnsmasq_etc_t, dovecot_etc_t, ecryptfs_t, etc_mail_t, etc_runtime_t, etc_t, exports_t, fetchmail_etc_t, file_context_t, fingerd_etc_t, firewalld_etc_rw_t, firstboot_etc_t, fonts_cache_t, fonts_t, ftpd_etc_t, gconf_etc_t, gconf_home_t, gdomap_conf_t, getty_etc_t, gkeyringd_gnome_home_t, gkeyringd_tmp_t, gnome_home_t, gpm_conf_t, gstreamer_home_t, hddtemp_etc_t, home_root_t, hostname_etc_t, httpd_config_t, hwdata_t, ibacm_conf_t, icc_data_home_t, innd_etc_t, irc_conf_t, irssi_etc_t, kdump_etc_t, kmscon_conf_t, krb5_conf_t, krb5kdc_conf_t, l2tp_conf_t, ld_so_t, lib_t, likewise_etc_t, lircd_etc_t, locale_t, lvm_etc_t, machineid_t, man_cache_t, man_t, mcelog_etc_t, mdadm_conf_t, minidlna_conf_t, minissdpd_conf_t, mock_etc_t, modules_conf_t, mozilla_conf_t, mozilla_plugin_tmp_t, mozilla_plugin_tmpfs_t, mpd_etc_t, mplayer_etc_t, mrtg_etc_t, mscan_etc_t, munin_etc_t, mysqld_etc_t, nagios_etc_t, named_conf_t, net_conf_t, nrpe_etc_t, nslcd_conf_t, ntop_etc_t, ntp_conf_t, nut_conf_t, opendnssec_conf_t, openvpn_etc_rw_t, openvpn_etc_t, openvswitch_rw_t, oracleasm_conf_t, pads_config_t, pam_var_console_t, pdns_conf_t, pegasus_conf_t, pingd_etc_t, piranha_etc_rw_t, piranha_web_conf_t, polipo_etc_t, portreserve_etc_t, postfix_etc_t, postfix_postdrop_t, postgresql_etc_t, postgrey_etc_t, pppd_etc_t, prelude_correlator_config_t, printconf_t, proc_t, psad_etc_t, ptal_etc_t, puppet_etc_t, qmail_etc_t, rabbitmq_conf_t, radiusd_etc_t, radvd_etc_t, redis_conf_t, rhnsd_conf_t, rhsmcertd_config_t, root_t, rpm_script_tmp_t, rpm_var_cache_t, rpm_var_lib_t, rsync_etc_t, samba_etc_t, sanlock_conf_t, security_t, selinux_config_t, selinux_login_config_t, shell_exec_t, shorewall_etc_t, slapd_etc_t, snapperd_conf_t, snort_etc_t, soundd_etc_t, spamd_etc_t, squid_conf_t, src_t, ssh_home_t, sslh_config_t, sssd_conf_t, sssd_var_lib_t, stunnel_etc_t, svc_conf_t, sysfs_t, syslog_conf_t, system_conf_t, system_db_t, system_dbusd_var_lib_t, systemd_hwdb_etc_t, systemd_userdbd_runtime_t, textrel_shlib_t, tftpd_etc_t, tmp_t, tor_etc_t, tuned_etc_t, tuned_rw_etc_t, udev_etc_t, udev_var_run_t, ulogd_etc_t, user_home_dir_t, user_home_t, user_tmp_t, userhelper_conf_t, usr_t, var_lock_t, var_run_t, var_t, varnishd_etc_t, virt_etc_t, virt_var_lib_t, virtlogd_etc_t, vmware_sys_conf_t, webalizer_etc_t, xdm_etc_t, xdm_log_t, xdm_rw_etc_t, xdm_tmpfs_t, xdm_var_lib_t, xdm_var_run_t, xserver_etc_t, xserver_log_t, ypserv_conf_t, zarafa_etc_t, zebra_conf_t.
                                              Then execute:
                                              restorecon -v '/var/lib/flatpak/exports/share/applications/com.obsproject.Studio.desktop'
                                              
                                              
                                              *****  Plugin catchall (17.1 confidence) suggests   **************************
                                              
                                              If you believe that dbus-daemon should be allowed read access on the com.obsproject.Studio.desktop lnk_file by default.
                                              Then you should report this as a bug.
                                              You can generate a local policy module to allow this access.
                                              Do
                                              allow this access for now by executing:
                                              # ausearch -c 'dbus-daemon' --raw | audit2allow -M my-dbusdaemon
                                              # semodule -X 300 -i my-dbusdaemon.pp
                                              
febr 06 17:03:51 wagner setroubleshoot[1146]: AnalyzeThread.run(): Set alarm timeout to 10
febr 06 17:03:51 wagner setroubleshoot[1146]: AnalyzeThread.run(): Cancel pending alarm
febr 06 17:03:51 wagner setroubleshoot[1146]: failed to retrieve rpm info for /var/lib/flatpak/exports/share/applications/com.microsoft.Teams.desktop
febr 06 17:03:55 wagner setroubleshoot[1146]: SELinux is preventing dbus-daemon from read access on the lnk_file /var/lib/flatpak/exports/share/applications/com.microsoft.Teams.desktop. For complete SELinux messages run: sealert -l a089eafa-d902-469c-b1b6-4adbfc20df76
febr 06 17:03:55 wagner setroubleshoot[1146]: SELinux is preventing dbus-daemon from read access on the lnk_file /var/lib/flatpak/exports/share/applications/com.microsoft.Teams.desktop.
                                              
                                              *****  Plugin catchall_labels (83.8 confidence) suggests   *******************
                                              
                                              If you want to allow dbus-daemon to have read access on the com.microsoft.Teams.desktop lnk_file
                                              Then you need to change the label on /var/lib/flatpak/exports/share/applications/com.microsoft.Teams.desktop
                                              Do
                                              # semanage fcontext -a -t FILE_TYPE '/var/lib/flatpak/exports/share/applications/com.microsoft.Teams.desktop'
                                              where FILE_TYPE is one of the following: NetworkManager_etc_rw_t, NetworkManager_etc_t, abrt_etc_t, abrt_var_cache_t, admin_home_t, aiccu_etc_t, alsa_etc_rw_t, antivirus_conf_t, asterisk_etc_t, bin_t, bitlbee_conf_t, bluetooth_conf_t, boot_t, bootloader_etc_t, cache_home_t, cert_t, cgconfig_etc_t, cgroup_t, cgrules_etc_t, cluster_conf_t, cobbler_etc_t, condor_conf_t, config_home_t, config_usr_t, conntrackd_conf_t, container_config_t, couchdb_conf_t, courier_etc_t, cpucontrol_conf_t, cupsd_etc_t, cupsd_rw_etc_t, data_home_t, dbus_home_t, dbusd_etc_t, ddclient_etc_t, device_t, devlog_t, dhcp_etc_t, dictd_etc_t, dnsmasq_etc_t, dovecot_etc_t, ecryptfs_t, etc_mail_t, etc_runtime_t, etc_t, exports_t, fetchmail_etc_t, file_context_t, fingerd_etc_t, firewalld_etc_rw_t, firstboot_etc_t, fonts_cache_t, fonts_t, ftpd_etc_t, gconf_etc_t, gconf_home_t, gdomap_conf_t, getty_etc_t, gkeyringd_gnome_home_t, gkeyringd_tmp_t, gnome_home_t, gpm_conf_t, gstreamer_home_t, hddtemp_etc_t, home_root_t, hostname_etc_t, httpd_config_t, hwdata_t, ibacm_conf_t, icc_data_home_t, innd_etc_t, irc_conf_t, irssi_etc_t, kdump_etc_t, kmscon_conf_t, krb5_conf_t, krb5kdc_conf_t, l2tp_conf_t, ld_so_t, lib_t, likewise_etc_t, lircd_etc_t, locale_t, lvm_etc_t, machineid_t, man_cache_t, man_t, mcelog_etc_t, mdadm_conf_t, minidlna_conf_t, minissdpd_conf_t, mock_etc_t, modules_conf_t, mozilla_conf_t, mozilla_plugin_tmp_t, mozilla_plugin_tmpfs_t, mpd_etc_t, mplayer_etc_t, mrtg_etc_t, mscan_etc_t, munin_etc_t, mysqld_etc_t, nagios_etc_t, named_conf_t, net_conf_t, nrpe_etc_t, nslcd_conf_t, ntop_etc_t, ntp_conf_t, nut_conf_t, opendnssec_conf_t, openvpn_etc_rw_t, openvpn_etc_t, openvswitch_rw_t, oracleasm_conf_t, pads_config_t, pam_var_console_t, pdns_conf_t, pegasus_conf_t, pingd_etc_t, piranha_etc_rw_t, piranha_web_conf_t, polipo_etc_t, portreserve_etc_t, postfix_etc_t, postfix_postdrop_t, postgresql_etc_t, postgrey_etc_t, pppd_etc_t, prelude_correlator_config_t, printconf_t, proc_t, psad_etc_t, ptal_etc_t, puppet_etc_t, qmail_etc_t, rabbitmq_conf_t, radiusd_etc_t, radvd_etc_t, redis_conf_t, rhnsd_conf_t, rhsmcertd_config_t, root_t, rpm_script_tmp_t, rpm_var_cache_t, rpm_var_lib_t, rsync_etc_t, samba_etc_t, sanlock_conf_t, security_t, selinux_config_t, selinux_login_config_t, shell_exec_t, shorewall_etc_t, slapd_etc_t, snapperd_conf_t, snort_etc_t, soundd_etc_t, spamd_etc_t, squid_conf_t, src_t, ssh_home_t, sslh_config_t, sssd_conf_t, sssd_var_lib_t, stunnel_etc_t, svc_conf_t, sysfs_t, syslog_conf_t, system_conf_t, system_db_t, system_dbusd_var_lib_t, systemd_hwdb_etc_t, systemd_userdbd_runtime_t, textrel_shlib_t, tftpd_etc_t, tmp_t, tor_etc_t, tuned_etc_t, tuned_rw_etc_t, udev_etc_t, udev_var_run_t, ulogd_etc_t, user_home_dir_t, user_home_t, user_tmp_t, userhelper_conf_t, usr_t, var_lock_t, var_run_t, var_t, varnishd_etc_t, virt_etc_t, virt_var_lib_t, virtlogd_etc_t, vmware_sys_conf_t, webalizer_etc_t, xdm_etc_t, xdm_log_t, xdm_rw_etc_t, xdm_tmpfs_t, xdm_var_lib_t, xdm_var_run_t, xserver_etc_t, xserver_log_t, ypserv_conf_t, zarafa_etc_t, zebra_conf_t.
                                              Then execute:
                                              restorecon -v '/var/lib/flatpak/exports/share/applications/com.microsoft.Teams.desktop'
                                              
                                              
                                              *****  Plugin catchall (17.1 confidence) suggests   **************************
                                              
                                              If you believe that dbus-daemon should be allowed read access on the com.microsoft.Teams.desktop lnk_file by default.
                                              Then you should report this as a bug.
                                              You can generate a local policy module to allow this access.
                                              Do
                                              allow this access for now by executing:
                                              # ausearch -c 'dbus-daemon' --raw | audit2allow -M my-dbusdaemon
                                              # semodule -X 300 -i my-dbusdaemon.pp
                                              
febr 06 17:03:55 wagner setroubleshoot[1146]: AnalyzeThread.run(): Set alarm timeout to 10
febr 06 17:03:55 wagner setroubleshoot[1146]: AnalyzeThread.run(): Cancel pending alarm
febr 06 17:03:55 wagner setroubleshoot[1146]: failed to retrieve rpm info for /var/lib/flatpak/exports/share/applications/org.gnome.gitlab.YaLTeR.VideoTrimmer.desktop
febr 06 17:03:58 wagner setroubleshoot[1146]: SELinux is preventing dbus-daemon from read access on the lnk_file /var/lib/flatpak/exports/share/applications/org.gnome.gitlab.YaLTeR.VideoTrimmer.desktop. For complete SELinux messages run: sealert -l a089eafa-d902-469c-b1b6-4adbfc20df76
febr 06 17:03:58 wagner setroubleshoot[1146]: SELinux is preventing dbus-daemon from read access on the lnk_file /var/lib/flatpak/exports/share/applications/org.gnome.gitlab.YaLTeR.VideoTrimmer.desktop.
                                              
                                              *****  Plugin catchall_labels (83.8 confidence) suggests   *******************
                                              
                                              If you want to allow dbus-daemon to have read access on the org.gnome.gitlab.YaLTeR.VideoTrimmer.desktop lnk_file
                                              Then you need to change the label on /var/lib/flatpak/exports/share/applications/org.gnome.gitlab.YaLTeR.VideoTrimmer.desktop
                                              Do
                                              # semanage fcontext -a -t FILE_TYPE '/var/lib/flatpak/exports/share/applications/org.gnome.gitlab.YaLTeR.VideoTrimmer.desktop'
                                              where FILE_TYPE is one of the following: NetworkManager_etc_rw_t, NetworkManager_etc_t, abrt_etc_t, abrt_var_cache_t, admin_home_t, aiccu_etc_t, alsa_etc_rw_t, antivirus_conf_t, asterisk_etc_t, bin_t, bitlbee_conf_t, bluetooth_conf_t, boot_t, bootloader_etc_t, cache_home_t, cert_t, cgconfig_etc_t, cgroup_t, cgrules_etc_t, cluster_conf_t, cobbler_etc_t, condor_conf_t, config_home_t, config_usr_t, conntrackd_conf_t, container_config_t, couchdb_conf_t, courier_etc_t, cpucontrol_conf_t, cupsd_etc_t, cupsd_rw_etc_t, data_home_t, dbus_home_t, dbusd_etc_t, ddclient_etc_t, device_t, devlog_t, dhcp_etc_t, dictd_etc_t, dnsmasq_etc_t, dovecot_etc_t, ecryptfs_t, etc_mail_t, etc_runtime_t, etc_t, exports_t, fetchmail_etc_t, file_context_t, fingerd_etc_t, firewalld_etc_rw_t, firstboot_etc_t, fonts_cache_t, fonts_t, ftpd_etc_t, gconf_etc_t, gconf_home_t, gdomap_conf_t, getty_etc_t, gkeyringd_gnome_home_t, gkeyringd_tmp_t, gnome_home_t, gpm_conf_t, gstreamer_home_t, hddtemp_etc_t, home_root_t, hostname_etc_t, httpd_config_t, hwdata_t, ibacm_conf_t, icc_data_home_t, innd_etc_t, irc_conf_t, irssi_etc_t, kdump_etc_t, kmscon_conf_t, krb5_conf_t, krb5kdc_conf_t, l2tp_conf_t, ld_so_t, lib_t, likewise_etc_t, lircd_etc_t, locale_t, lvm_etc_t, machineid_t, man_cache_t, man_t, mcelog_etc_t, mdadm_conf_t, minidlna_conf_t, minissdpd_conf_t, mock_etc_t, modules_conf_t, mozilla_conf_t, mozilla_plugin_tmp_t, mozilla_plugin_tmpfs_t, mpd_etc_t, mplayer_etc_t, mrtg_etc_t, mscan_etc_t, munin_etc_t, mysqld_etc_t, nagios_etc_t, named_conf_t, net_conf_t, nrpe_etc_t, nslcd_conf_t, ntop_etc_t, ntp_conf_t, nut_conf_t, opendnssec_conf_t, openvpn_etc_rw_t, openvpn_etc_t, openvswitch_rw_t, oracleasm_conf_t, pads_config_t, pam_var_console_t, pdns_conf_t, pegasus_conf_t, pingd_etc_t, piranha_etc_rw_t, piranha_web_conf_t, polipo_etc_t, portreserve_etc_t, postfix_etc_t, postfix_postdrop_t, postgresql_etc_t, postgrey_etc_t, pppd_etc_t, prelude_correlator_config_t, printconf_t, proc_t, psad_etc_t, ptal_etc_t, puppet_etc_t, qmail_etc_t, rabbitmq_conf_t, radiusd_etc_t, radvd_etc_t, redis_conf_t, rhnsd_conf_t, rhsmcertd_config_t, root_t, rpm_script_tmp_t, rpm_var_cache_t, rpm_var_lib_t, rsync_etc_t, samba_etc_t, sanlock_conf_t, security_t, selinux_config_t, selinux_login_config_t, shell_exec_t, shorewall_etc_t, slapd_etc_t, snapperd_conf_t, snort_etc_t, soundd_etc_t, spamd_etc_t, squid_conf_t, src_t, ssh_home_t, sslh_config_t, sssd_conf_t, sssd_var_lib_t, stunnel_etc_t, svc_conf_t, sysfs_t, syslog_conf_t, system_conf_t, system_db_t, system_dbusd_var_lib_t, systemd_hwdb_etc_t, systemd_userdbd_runtime_t, textrel_shlib_t, tftpd_etc_t, tmp_t, tor_etc_t, tuned_etc_t, tuned_rw_etc_t, udev_etc_t, udev_var_run_t, ulogd_etc_t, user_home_dir_t, user_home_t, user_tmp_t, userhelper_conf_t, usr_t, var_lock_t, var_run_t, var_t, varnishd_etc_t, virt_etc_t, virt_var_lib_t, virtlogd_etc_t, vmware_sys_conf_t, webalizer_etc_t, xdm_etc_t, xdm_log_t, xdm_rw_etc_t, xdm_tmpfs_t, xdm_var_lib_t, xdm_var_run_t, xserver_etc_t, xserver_log_t, ypserv_conf_t, zarafa_etc_t, zebra_conf_t.
                                              Then execute:
                                              restorecon -v '/var/lib/flatpak/exports/share/applications/org.gnome.gitlab.YaLTeR.VideoTrimmer.desktop'
                                              
                                              
                                              *****  Plugin catchall (17.1 confidence) suggests   **************************
                                              
                                              If you believe that dbus-daemon should be allowed read access on the org.gnome.gitlab.YaLTeR.VideoTrimmer.desktop lnk_file by default.
                                              Then you should report this as a bug.
                                              You can generate a local policy module to allow this access.
                                              Do
                                              allow this access for now by executing:
                                              # ausearch -c 'dbus-daemon' --raw | audit2allow -M my-dbusdaemon
                                              # semodule -X 300 -i my-dbusdaemon.pp
                                              
febr 06 17:03:58 wagner setroubleshoot[1146]: AnalyzeThread.run(): Set alarm timeout to 10
febr 06 17:03:58 wagner setroubleshoot[1146]: AnalyzeThread.run(): Cancel pending alarm
febr 06 17:03:58 wagner setroubleshoot[1146]: failed to retrieve rpm info for /var/lib/flatpak/exports/share/applications/org.libreoffice.LibreOffice.desktop
febr 06 17:04:02 wagner setroubleshoot[1146]: SELinux is preventing dbus-daemon from read access on the lnk_file /var/lib/flatpak/exports/share/applications/org.libreoffice.LibreOffice.desktop. For complete SELinux messages run: sealert -l a089eafa-d902-469c-b1b6-4adbfc20df76
febr 06 17:04:02 wagner setroubleshoot[1146]: SELinux is preventing dbus-daemon from read access on the lnk_file /var/lib/flatpak/exports/share/applications/org.libreoffice.LibreOffice.desktop.
                                              
                                              *****  Plugin catchall_labels (83.8 confidence) suggests   *******************
                                              
                                              If you want to allow dbus-daemon to have read access on the org.libreoffice.LibreOffice.desktop lnk_file
                                              Then you need to change the label on /var/lib/flatpak/exports/share/applications/org.libreoffice.LibreOffice.desktop
                                              Do
                                              # semanage fcontext -a -t FILE_TYPE '/var/lib/flatpak/exports/share/applications/org.libreoffice.LibreOffice.desktop'
                                              where FILE_TYPE is one of the following: NetworkManager_etc_rw_t, NetworkManager_etc_t, abrt_etc_t, abrt_var_cache_t, admin_home_t, aiccu_etc_t, alsa_etc_rw_t, antivirus_conf_t, asterisk_etc_t, bin_t, bitlbee_conf_t, bluetooth_conf_t, boot_t, bootloader_etc_t, cache_home_t, cert_t, cgconfig_etc_t, cgroup_t, cgrules_etc_t, cluster_conf_t, cobbler_etc_t, condor_conf_t, config_home_t, config_usr_t, conntrackd_conf_t, container_config_t, couchdb_conf_t, courier_etc_t, cpucontrol_conf_t, cupsd_etc_t, cupsd_rw_etc_t, data_home_t, dbus_home_t, dbusd_etc_t, ddclient_etc_t, device_t, devlog_t, dhcp_etc_t, dictd_etc_t, dnsmasq_etc_t, dovecot_etc_t, ecryptfs_t, etc_mail_t, etc_runtime_t, etc_t, exports_t, fetchmail_etc_t, file_context_t, fingerd_etc_t, firewalld_etc_rw_t, firstboot_etc_t, fonts_cache_t, fonts_t, ftpd_etc_t, gconf_etc_t, gconf_home_t, gdomap_conf_t, getty_etc_t, gkeyringd_gnome_home_t, gkeyringd_tmp_t, gnome_home_t, gpm_conf_t, gstreamer_home_t, hddtemp_etc_t, home_root_t, hostname_etc_t, httpd_config_t, hwdata_t, ibacm_conf_t, icc_data_home_t, innd_etc_t, irc_conf_t, irssi_etc_t, kdump_etc_t, kmscon_conf_t, krb5_conf_t, krb5kdc_conf_t, l2tp_conf_t, ld_so_t, lib_t, likewise_etc_t, lircd_etc_t, locale_t, lvm_etc_t, machineid_t, man_cache_t, man_t, mcelog_etc_t, mdadm_conf_t, minidlna_conf_t, minissdpd_conf_t, mock_etc_t, modules_conf_t, mozilla_conf_t, mozilla_plugin_tmp_t, mozilla_plugin_tmpfs_t, mpd_etc_t, mplayer_etc_t, mrtg_etc_t, mscan_etc_t, munin_etc_t, mysqld_etc_t, nagios_etc_t, named_conf_t, net_conf_t, nrpe_etc_t, nslcd_conf_t, ntop_etc_t, ntp_conf_t, nut_conf_t, opendnssec_conf_t, openvpn_etc_rw_t, openvpn_etc_t, openvswitch_rw_t, oracleasm_conf_t, pads_config_t, pam_var_console_t, pdns_conf_t, pegasus_conf_t, pingd_etc_t, piranha_etc_rw_t, piranha_web_conf_t, polipo_etc_t, portreserve_etc_t, postfix_etc_t, postfix_postdrop_t, postgresql_etc_t, postgrey_etc_t, pppd_etc_t, prelude_correlator_config_t, printconf_t, proc_t, psad_etc_t, ptal_etc_t, puppet_etc_t, qmail_etc_t, rabbitmq_conf_t, radiusd_etc_t, radvd_etc_t, redis_conf_t, rhnsd_conf_t, rhsmcertd_config_t, root_t, rpm_script_tmp_t, rpm_var_cache_t, rpm_var_lib_t, rsync_etc_t, samba_etc_t, sanlock_conf_t, security_t, selinux_config_t, selinux_login_config_t, shell_exec_t, shorewall_etc_t, slapd_etc_t, snapperd_conf_t, snort_etc_t, soundd_etc_t, spamd_etc_t, squid_conf_t, src_t, ssh_home_t, sslh_config_t, sssd_conf_t, sssd_var_lib_t, stunnel_etc_t, svc_conf_t, sysfs_t, syslog_conf_t, system_conf_t, system_db_t, system_dbusd_var_lib_t, systemd_hwdb_etc_t, systemd_userdbd_runtime_t, textrel_shlib_t, tftpd_etc_t, tmp_t, tor_etc_t, tuned_etc_t, tuned_rw_etc_t, udev_etc_t, udev_var_run_t, ulogd_etc_t, user_home_dir_t, user_home_t, user_tmp_t, userhelper_conf_t, usr_t, var_lock_t, var_run_t, var_t, varnishd_etc_t, virt_etc_t, virt_var_lib_t, virtlogd_etc_t, vmware_sys_conf_t, webalizer_etc_t, xdm_etc_t, xdm_log_t, xdm_rw_etc_t, xdm_tmpfs_t, xdm_var_lib_t, xdm_var_run_t, xserver_etc_t, xserver_log_t, ypserv_conf_t, zarafa_etc_t, zebra_conf_t.
                                              Then execute:
                                              restorecon -v '/var/lib/flatpak/exports/share/applications/org.libreoffice.LibreOffice.desktop'
                                              
                                              
                                              *****  Plugin catchall (17.1 confidence) suggests   **************************
                                              
                                              If you believe that dbus-daemon should be allowed read access on the org.libreoffice.LibreOffice.desktop lnk_file by default.
                                              Then you should report this as a bug.
                                              You can generate a local policy module to allow this access.
                                              Do
                                              allow this access for now by executing:
                                              # ausearch -c 'dbus-daemon' --raw | audit2allow -M my-dbusdaemon
                                              # semodule -X 300 -i my-dbusdaemon.pp
                                              
febr 06 17:04:02 wagner setroubleshoot[1146]: AnalyzeThread.run(): Set alarm timeout to 10
febr 06 17:04:02 wagner setroubleshoot[1146]: AnalyzeThread.run(): Cancel pending alarm
febr 06 17:04:02 wagner setroubleshoot[1146]: failed to retrieve rpm info for /var/lib/flatpak/exports/share/applications/com.google.AndroidStudio.desktop
Comment 1 Zdenek Pytela 2021-04-13 18:51:19 UTC 

*** This bug has been marked as a duplicate of bug 1916652 ***
Note You need to log in before you can comment on or make changes to this bug.