I recently installed Fedora 35 with Xfce and am running into occasional SELinux notifications complaining about this problem:
Code:
SELinux is preventing tumblerd from write access on the sock_file bus.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that tumblerd should be allowed write access on the bus sock_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'tumblerd' --raw | audit2allow -M my-tumblerd
# semodule -X 300 -i my-tumblerd.pp
Additional Information:
Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023
Target Context unconfined_u:object_r:session_dbusd_tmp_t:s0
Target Objects bus [ sock_file ]
Source tumblerd
Source Path tumblerd
Port <Unknown>
Host fedora
Source RPM Packages
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-35.10-1.fc35.noarch
Local Policy RPM selinux-policy-targeted-35.10-1.fc35.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name fedora
Platform Linux fedora 5.15.14-200.fc35.x86_64 #1 SMP Tue
Jan 11 16:49:27 UTC 2022 x86_64 x86_64
Alert Count 104
First Seen 2022-01-20 20:39:27 EET
Last Seen 2022-01-22 11:41:37 EET
Local ID 6dee6fdc-076e-437c-952e-b6b5d3f55760
Raw Audit Messages
type=AVC msg=audit(1642844497.194:323): avc: denied { write } for pid=4987 comm="tumblerd" name="bus" dev="tmpfs" ino=46 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:session_dbusd_tmp_t:s0 tclass=sock_file permissive=0
Hash: tumblerd,thumb_t,session_dbusd_tmp_t,sock_file,write
Thanks SELinux, very useful.
I want to do as instructed here and run those commands, but I'm hesitant since i don't know what the problem really is, or what this fix actually does.