Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-140911

SELinux denials when login manager stops units as part of target transition

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • CentOS Stream 10
    • selinux-policy
    • None
    • None
    • None
    • rhel-security-selinux
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • CentOS Stream, Red Hat Enterprise Linux
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • All
    • None

      What were you trying to do that didn't work?

      Logging into my desktop through Plasma Login Manager

      What is the impact of this issue to you?

      Some functionality does not work properly (correctly stopping the login manager's Wayland environment)

      Please provide the package NVR for which the bug is seen:

      selinux-policy-42.1.14-1.el10

      How reproducible is this bug?:

      Always

      Steps to reproduce

      1. Install and enable Plasma Login Manager from EPEL
      2. Reboot and try to log in
      3. Observe errors in the journal

      Expected results

      No errors as part of normal operation

      Actual results

      Some errors in the journal:
      Jan 11 20:42:41 steve-desktop systemd[63615]: selinux: avc: denied { stop } for auid=n/a uid=965 gid=965 path="/usr/lib/systemd/user/plasma-login-wayland.target" cmdline="/usr/bin/startplasma-login-wayland" function="bus_unit_method_start_generic" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_unit_file_t:s0 tclass=service permissive=0
      Jan 11 20:42:41 steve-desktop systemd[63615]: SELinux access check scon=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcon=system_u:object_r:xdm_unit_file_t:s0 tclass=service perm=stop state=enforcing function=bus_unit_method_start_generic path=/usr/lib/systemd/user/plasma-login-wayland.target cmdline=/usr/bin/startplasma-login-wayland: Permission denied
      Jan 11 20:42:41 steve-desktop systemd[63615]: selinux: avc: denied { stop } for auid=n/a uid=965 gid=965 path="/usr/lib/systemd/user/plasma-login-kwin_wayland.service" cmdline="/usr/bin/startplasma-login-wayland" function="bus_unit_method_start_generic" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_unit_file_t:s0 tclass=service permissive=0
      Jan 11 20:42:41 steve-desktop systemd[63615]: SELinux access check scon=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcon=system_u:object_r:xdm_unit_file_t:s0 tclass=service perm=stop state=enforcing function=bus_unit_method_start_generic path=/usr/lib/systemd/user/plasma-login-kwin_wayland.service cmdline=/usr/bin/startplasma-login-wayland: Permission denied
       

              rhn-support-zpytela Zdenek Pytela
              ngompa13@gmail.com Neal Gompa
              Zdenek Pytela Zdenek Pytela
              SSG Security QE SSG Security QE
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

                Created:
                Updated: