SELinux AVC denial after a hitched update
A couple of days ago I've upgraded to F29. Everything went smoothly, no issue. Yesterday, when I was going to turn off the computer, it suggested I restart and install updates. Well, alright. Then update installation froze at 97%. I waited for 2 hours w. no HDD activity, and then I simply turned the computer off with a button, then turned it on again. It booted, I was able to log in. And then a notification appeared: "New SELinux alert. AVC denial".
It has two alerts.
- SELinux is preventing systemd-logind from read access on the blk_file sda1.
Raw Audit Messages type=AVC msg=audit(1541292460.708:194): avc: denied { read } for pid=793 comm="systemd-logind" name="sda1" dev="devtmpfs" ino=3091 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permissive=0
- SELinux is preventing systemd-user-ru from read access on the directory dbus-1.
Raw Audit Messages type=AVC msg=audit(1541292523.534:257): avc: denied { read } for pid=2193 comm="systemd-user-ru" name="dbus-1" dev="tmpfs" ino=31986 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:session_dbusd_tmp_t:s0 tclass=dir permissive=0
Troubleshooting doesn't suggest anything except "If you think that it should have access..."
According to sestatus, SELinux is in enforced mode.
Everything seems to work as usual. At least, I have not run into any problem yet. dnf shows that there are no updates to install.
ETA: This repeats every time the computer boots or is restarted, and also it happens if I go into Settings "Devices" tab, but not every time. Other Settings tabs do not produce this notification.
Could please somebody advise, what it is and how to fix? I think this has something to do with the recent update: either the fact that it has stalled in the end (although maybe it was only the percentage counter), or something was changed with it, which leads to this notification.
I'm not very experienced Fedora user, although I'm trying. :) So please be gentle if possible. :)
Thank you in advance.
If you are not experiencing any problem leave selinux alone
If there's a notification, there must be a problem somewhere. Just because I haven't yet run into anything doesn't mean that there's no problem. :(
Not true, not every single denial needs to be fixed. I use confined users and get lots of denials that do not affect function. Some denials are silent by default .