Ask Your Question

SELinux AVC denial after a hitched update

asked 2018-11-03 20:37:38 -0500

verlioca gravatar image

updated 2018-11-03 21:47:55 -0500

A couple of days ago I've upgraded to F29. Everything went smoothly, no issue. Yesterday, when I was going to turn off the computer, it suggested I restart and install updates. Well, alright. Then update installation froze at 97%. I waited for 2 hours w. no HDD activity, and then I simply turned the computer off with a button, then turned it on again. It booted, I was able to log in. And then a notification appeared: "New SELinux alert. AVC denial".

It has two alerts.

  1. SELinux is preventing systemd-logind from read access on the blk_file sda1.

Raw Audit Messages type=AVC msg=audit(1541292460.708:194): avc: denied { read } for pid=793 comm="systemd-logind" name="sda1" dev="devtmpfs" ino=3091 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permissive=0

  1. SELinux is preventing systemd-user-ru from read access on the directory dbus-1.

Raw Audit Messages type=AVC msg=audit(1541292523.534:257): avc: denied { read } for pid=2193 comm="systemd-user-ru" name="dbus-1" dev="tmpfs" ino=31986 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:session_dbusd_tmp_t:s0 tclass=dir permissive=0

Troubleshooting doesn't suggest anything except "If you think that it should have access..."

According to sestatus, SELinux is in enforced mode.

Everything seems to work as usual. At least, I have not run into any problem yet. dnf shows that there are no updates to install.

ETA: This repeats every time the computer boots or is restarted, and also it happens if I go into Settings "Devices" tab, but not every time. Other Settings tabs do not produce this notification.

Could please somebody advise, what it is and how to fix? I think this has something to do with the recent update: either the fact that it has stalled in the end (although maybe it was only the percentage counter), or something was changed with it, which leads to this notification.

I'm not very experienced Fedora user, although I'm trying. :) So please be gentle if possible. :)

Thank you in advance.

edit retag flag offensive close merge delete


If you are not experiencing any problem leave selinux alone

Panther gravatar imagePanther ( 2018-11-03 21:56:22 -0500 )edit

If there's a notification, there must be a problem somewhere. Just because I haven't yet run into anything doesn't mean that there's no problem. :(

verlioca gravatar imageverlioca ( 2018-11-04 08:33:41 -0500 )edit

Not true, not every single denial needs to be fixed. I use confined users and get lots of denials that do not affect function. Some denials are silent by default .

Panther gravatar imagePanther ( 2018-11-04 10:49:49 -0500 )edit

2 Answers

Sort by ยป oldest newest most voted

answered 2018-11-11 05:09:48 -0500

verlioca gravatar image

The issue got resolved on its own after the latest update.

edit flag offensive delete link more

answered 2018-11-04 07:25:25 -0500

FranciscoD_ gravatar image

Try a complete relabel. That usually fixes an selinux issues if there are any:

sudo fixfiles onboot

It'll relabel the whole file system on the next boot, and it could take a while. Given that your update didn't complete, I'd also recommend you go through the cleanups steps documented here just to make sure that the packages are properly installed:

edit flag offensive delete link more


Thank you for the suggestion. Unfortunately, it didn't help.

As for the updates, I cleared DNF cache and rebuilt RPM database. Checking for updates doesn't bring anything up. Again, no issues, everything works, except for this SELinux notification on boot.

verlioca gravatar imageverlioca ( 2018-11-04 08:30:29 -0500 )edit

Question Tools

1 follower


Asked: 2018-11-03 20:37:38 -0500

Seen: 427 times

Last updated: Nov 04 '18