Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1949712 - SELinux is preventing gnome-session-c from 'write' accesses on the sock_file dbus-7hye6voX3Y.
Summary: SELinux is preventing gnome-session-c from 'write' accesses on the sock_file ...
Keywords:
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 34
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Zdenek Pytela
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:1d3d8f1b9a61b0958fc77ee0c9c...
: 1950642 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-04-14 21:23 UTC by cube00
Modified: 2021-07-09 14:27 UTC (History)
25 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: ---
Embargoed:


Attachments (Terms of Use)

Description cube00 2021-04-14 21:23:08 UTC
Description of problem:
Happened while logging into the system.
SELinux is preventing gnome-session-c from 'write' accesses on the sock_file dbus-7hye6voX3Y.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that gnome-session-c should be allowed write access on the dbus-7hye6voX3Y sock_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'gnome-session-c' --raw | audit2allow -M my-gnomesessionc
# semodule -X 300 -i my-gnomesessionc.pp

Additional Information:
Source Context                system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context                system_u:object_r:tmp_t:s0
Target Objects                dbus-7hye6voX3Y [ sock_file ]
Source                        gnome-session-c
Source Path                   gnome-session-c
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            selinux-policy-targeted-34.3-1.fc34.noarch
Local Policy RPM              selinux-policy-targeted-34.3-1.fc34.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 5.11.13-300.fc34.x86_64 #1 SMP Sun
                              Apr 11 15:07:42 UTC 2021 x86_64 x86_64
Alert Count                   32
First Seen                    2021-04-14 10:20:59 ACST
Last Seen                     2021-04-15 06:48:34 ACST
Local ID                      d4b05193-20a3-4bf2-a633-dc13ef23afbe

Raw Audit Messages
type=AVC msg=audit(1618435114.178:589): avc:  denied  { write } for  pid=1682 comm="gsd-color" name="dbus-7hye6voX3Y" dev="tmpfs" ino=59 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0


Hash: gnome-session-c,xdm_t,tmp_t,sock_file,write

Version-Release number of selected component:
selinux-policy-targeted-34.3-1.fc34.noarch

Additional info:
component:      selinux-policy
reporter:       libreport-2.14.0
hashmarkername: setroubleshoot
kernel:         5.11.13-300.fc34.x86_64
type:           libreport

Comment 1 Fabio Valentini 2021-04-15 07:51:39 UTC
Similar problem has been detected:

Happens every time I log into a GNOME session (Xorg, if that matters).

hashmarkername: setroubleshoot
kernel:         5.11.13-300.fc34.x86_64
package:        selinux-policy-targeted-34.3-1.fc34.noarch
reason:         SELinux is preventing gnome-session-c from 'write' accesses on the sock_file dbus-B6LDpHB9pK.
type:           libreport

Comment 2 Zdenek Pytela 2021-04-19 16:16:00 UTC
*** Bug 1950642 has been marked as a duplicate of this bug. ***

Comment 3 Jeremy Linton 2021-04-23 05:40:38 UTC
Similar problem has been detected:

F34 testing, clean install f34 server, dnf group install "Fedora Workstation" login, install some apps, point ff at cockpit, spin up a container,logout.

hashmarkername: setroubleshoot
kernel:         5.11.12-300.fc34.aarch64
package:        selinux-policy-targeted-34-1.fc34.noarch
reason:         SELinux is preventing gnome-session-c from 'write' accesses on the sock_file dbus-wWVTPGCBgB.
type:           libreport

Comment 4 vincent 2021-04-30 19:39:23 UTC
Similar problem has been detected:

After login into Cinnamon

hashmarkername: setroubleshoot
kernel:         5.11.16-300.fc34.x86_64
package:        selinux-policy-targeted-34.3-1.fc34.noarch
reason:         SELinux is preventing gnome-session-c from 'write' accesses on the sock_file dbus-fhn9EU9tAf.
type:           libreport

Comment 5 John Dodson 2021-05-04 12:56:40 UTC
*** Bug 1956802 has been marked as a duplicate of this bug. ***

Comment 6 thedatum+bz 2021-05-04 21:06:51 UTC
Similar problem has been detected:

Shows up on boot after upgrading to Fedora 34.

hashmarkername: setroubleshoot
kernel:         5.11.17-300.fc34.x86_64
package:        selinux-policy-targeted-34.4-1.fc34.noarch
reason:         SELinux is preventing gnome-session-c from 'write' accesses on the sock_file dbus-w2wJTPzxCu.
type:           libreport

Comment 7 Brian J. Murrell 2021-05-04 22:08:02 UTC
Similar problem has been detected:

Log in to GNOME

hashmarkername: setroubleshoot
kernel:         5.11.17-300.fc34.x86_64
package:        selinux-policy-targeted-34.4-1.fc34.noarch
reason:         SELinux is preventing gnome-session-c from 'write' accesses on the sock_file dbus-iiIAGHOXaB.
type:           libreport

Comment 8 Carlos Mogas da Silva 2021-06-15 20:14:46 UTC
Similar problem has been detected:

Happens right after a normal boot

hashmarkername: setroubleshoot
kernel:         5.12.9-300.fc34.x86_64
package:        selinux-policy-targeted-34.11-1.fc34.noarch
reason:         SELinux is preventing gnome-session-c from 'write' accesses on the sock_file dbus-DYc1JVls2z.
type:           libreport

Comment 9 Fabio Valentini 2021-06-16 08:05:46 UTC
Similar problem has been detected:

Happens every boot after login.

hashmarkername: setroubleshoot
kernel:         5.12.10-300.fc34.x86_64
package:        selinux-policy-targeted-34.11-1.fc34.noarch
reason:         SELinux is preventing gnome-session-c from 'write' accesses on the sock_file dbus-uUd7l3I7Bm.
type:           libreport

Comment 10 John Dodson 2021-06-16 09:22:52 UTC
I get this same problem - among other selinux problems that really should have been seen in testing
& not allowed to get this far. How can we encourage better pre-release testing?

type=AVC msg=audit(15/06/21 22:00:19.863:669) : avc:  denied  { write } for  pid=1081 comm=gnome-session-c name=dbus-i1j6NBZFlC dev="tmpfs" ino=43 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0 
type=AVC msg=audit(15/06/21 22:00:20.689:670) : avc:  denied  { write } for  pid=1102 comm=gnome-shell name=dbus-i1j6NBZFlC dev="tmpfs" ino=43 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0 
type=AVC msg=audit(15/06/21 22:00:21.315:685) : avc:  denied  { write } for  pid=1134 comm=ibus-x11 name=dbus-i1j6NBZFlC dev="tmpfs" ino=43 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0 
type=AVC msg=audit(15/06/21 22:00:21.992:692) : avc:  denied  { write } for  pid=1232 comm=gsd-media-keys name=dbus-i1j6NBZFlC dev="tmpfs" ino=43 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0 
type=AVC msg=audit(15/06/21 22:00:21.995:693) : avc:  denied  { write } for  pid=1242 comm=gsd-power name=dbus-i1j6NBZFlC dev="tmpfs" ino=43 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0 
type=AVC msg=audit(15/06/21 22:00:22.006:694) : avc:  denied  { write } for  pid=1215 comm=gsd-wacom name=dbus-i1j6NBZFlC dev="tmpfs" ino=43 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0 
type=AVC msg=audit(15/06/21 22:00:22.021:695) : avc:  denied  { write } for  pid=1219 comm=gsd-color name=dbus-i1j6NBZFlC dev="tmpfs" ino=43 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0 
type=AVC msg=audit(15/06/21 22:00:22.040:696) : avc:  denied  { write } for  pid=1222 comm=gsd-keyboard name=dbus-i1j6NBZFlC dev="tmpfs" ino=43 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0

Comment 11 John Dodson 2021-06-21 22:45:35 UTC
More today after boot/login...

type=AVC msg=audit(21/06/21 08:25:33.396:669) : avc:  denied  { write } for  pid=1080 comm=gnome-session-c name=dbus-2EbzofzkPG dev="tmpfs" ino=43 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0 
type=AVC msg=audit(21/06/21 08:25:34.189:670) : avc:  denied  { write } for  pid=1102 comm=gnome-shell name=dbus-2EbzofzkPG dev="tmpfs" ino=43 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0 
type=AVC msg=audit(21/06/21 08:25:34.744:684) : avc:  denied  { write } for  pid=1130 comm=ibus-x11 name=dbus-2EbzofzkPG dev="tmpfs" ino=43 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0 
type=AVC msg=audit(21/06/21 08:25:35.261:692) : avc:  denied  { write } for  pid=1231 comm=gsd-media-keys name=dbus-2EbzofzkPG dev="tmpfs" ino=43 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0 
type=AVC msg=audit(21/06/21 08:25:35.269:693) : avc:  denied  { write } for  pid=1220 comm=gsd-keyboard name=dbus-2EbzofzkPG dev="tmpfs" ino=43 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0 
type=AVC msg=audit(21/06/21 08:25:35.285:694) : avc:  denied  { write } for  pid=1213 comm=gsd-wacom name=dbus-2EbzofzkPG dev="tmpfs" ino=43 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0 
type=AVC msg=audit(21/06/21 08:25:35.305:695) : avc:  denied  { write } for  pid=1217 comm=gsd-color name=dbus-2EbzofzkPG dev="tmpfs" ino=43 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0 
type=AVC msg=audit(21/06/21 08:25:35.373:696) : avc:  denied  { write } for  pid=1243 comm=gsd-power name=dbus-2EbzofzkPG dev="tmpfs" ino=43 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0

Comment 12 Michael 2021-06-28 00:59:02 UTC
Similar problem has been detected:

Logged in after upgrade from F33 to F34

hashmarkername: setroubleshoot
kernel:         5.12.12-300.fc34.x86_64
package:        selinux-policy-targeted-34.11-1.fc34.noarch
reason:         SELinux is preventing gnome-session-c from 'write' accesses on the sock_file dbus-YdsL6u9Bx8.
type:           libreport

Comment 13 Nathan Berg 2021-07-09 14:27:24 UTC
Similar problem has been detected:

The alert was present on the desktop following waking my laptop following it being in sleep mode overnight.

The system did not immediately "wake" when the lid was opened but after about a minute is screen did wake to the login.

hashmarkername: setroubleshoot
kernel:         5.12.9-300.fc34.x86_64
package:        selinux-policy-targeted-34.11-1.fc34.noarch
reason:         SELinux is preventing gnome-session-c from 'write' accesses on the sock_file dbus-MSFZRjTpPp.
type:           libreport


Note You need to log in before you can comment on or make changes to this bug.