Hi,
i tried out the .15 build but i still get the same errors as before. managed to get
several sealert errors concerning it.
SELinux is preventing /usr/bin/gnome-shell from execute access on the file
2F6465762F6D71756575652F666669366548614844202864656C6574656429.
***** Plugin catchall_boolean (89.3 confidence) suggests ******************
If you want to allow staff to exec content
Then you must tell SELinux about this by enabling the 'staff_exec_content'
boolean.
Do
setsebool -P staff_exec_content 1
***** Plugin catchall (11.6 confidence) suggests **************************
If you believe that gnome-shell should be allowed execute access on the
2F6465762F6D71756575652F666669366548614844202864656C6574656429 file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'gnome-shell' --raw | audit2allow -M my-gnomeshell
# semodule -X 300 -i my-gnomeshell.pp
Additional Information:
Source Context staff_u:staff_r:staff_t:s0-s0:c0.c1023
Target Context staff_u:object_r:user_tmp_t:s0
Target Objects 2F6465762F6D71756575652F66666936654861484420286465
6C6574656429 [ file ]
Source gnome-shell
Source Path /usr/bin/gnome-shell
Port <Unknown>
Host localhost.localdomain
Source RPM Packages gnome-shell-3.24.3-2.fc26.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-260.15.fc26.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name localhost.localdomain
Platform Linux localhost.localdomain
4.13.11-200.fc26.x86_64 #1 SMP Thu Nov 2 18:28:35
UTC 2017 x86_64 x86_64
Alert Count 169
First Seen 2017-11-08 15:10:57 EET
Last Seen 2017-11-08 15:40:56 EET
Local ID 1ee8e0ca-857d-4d2f-8f9b-8e16c68d6ee5
Raw Audit Messages
type=AVC msg=audit(1510148456.218:4834): avc: denied { execute } for pid=2120
comm="gnome-shell"
path=2F6465762F6D71756575652F666669366548614844202864656C6574656429 dev="mqueue"
ino=45757 scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023
tcontext=staff_u:object_r:user_tmp_t:s0 tclass=file permissive=0
type=SYSCALL msg=audit(1510148456.218:4834): arch=x86_64 syscall=mmap success=no
exit=EACCES a0=0 a1=1000 a2=5 a3=1 items=0 ppid=2027 pid=2120 auid=1000 uid=1000 gid=1000
euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=tty2 ses=4
comm=gnome-shell exe=/usr/bin/gnome-shell subj=staff_u:staff_r:staff_t:s0-s0:c0.c1023
key=(null)
Hash: gnome-shell,staff_t,user_tmp_t,file,execute
........................
Thanks.
Sindano