What were you trying to do that didn't work?

When systemd-user-runtime-dir stop executes, it first deletes the content of /run/user/<UID> using a rm -fr command.
Due to this, when directories have special contexts, (e.g. gnupg has insights_user_tmp_t context when DNF creates the directory from insights), this leads to an AVC:

type=PROCTITLE ... : proctitle=/usr/lib/systemd/systemd-user-runtime-dir stop 0
type=SYSCALL ... : arch=x86_64 syscall=openat success=no exit=EACCES(Permission denied) ... subj=system_u:system_r:systemd_logind_t:s0 key=(null)
type=AVC ... : avc:  denied  { read } for  pid=6916 comm=systemd-user-ru name=gnupg dev="tmpfs" ino=47178 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:insights_client_tmp_t:s0 tclass=dir permissive=0

The question is why a rm -fr is performed, knowing that the /run/user/<UID> is a tmpfs mount by design, so everything on it will be destroyed on unmount.

Alternatively since any context can exist on the mount point (especially for root since for normal users it's not possible to change/set the context), we could have this fixed in the SELinux policy, but this would require a generic "allow" or "dontaudit" rule.

What is the impact of this issue to you?

Cosmetic

Please provide the package NVR for which the bug is seen:

systemd on RHEL8 and RHEL9

How reproducible is this bug?:

Always

Steps to reproduce

1. Login as root
2. Create/copy some directories with special contexts to /run/user/0

   # tar cf - --selinux --no-recursion -C /usr/lib modules | (cd /run/user/0 && tar xf - --selinux)

3. Logout and wait for /run/user/0 to be dismantled (10 seconds after last session logout)

Expected results

No AVC

Actual results

AVC but no other issue