Are SELinux alarms frequent on Fedora?

Hi, I have installed Fedora 37 on a virtual machine and then upgraded to F38. I received 2 SELinux alarms

SELinux prevents plymouthd access map on chr_file /dev/dri/card0
SELinux prevents systemd access map on file /etc/selinux/targeted/policy/policy.33.

As an Ubuntu user, I am not familiar with SELinux. I would like to know if SELinux alarms are something to expect so often on Fedora, or it’s me having bad luck.

Usually it depends on how much you deviate from the default setup, although it can sometimes happen due to package updates, but it is likely to be fixed by the near future updates.

You can typically ignore it unless it directly interferes with your activity, excessively floods the journal, or has a specific reproducible pattern that can be fixed or reported.

3 Likes

If you are staying with software from Fedora’s official repos, you shouldn’t see any warnings.

Once you start adding third-party software, it is a bit of time and chance, but you still shouldn’t see much if anything. There are ways to silence known but insignificant warnings. Unfortunately, SELinux’s CLI is a bit complex.

Sometimes the problem is that the permissions are set incorrectly on some files. There is a common and simple fix for that problem – restorecon -rv <path-to-file-or-directory>.

Edit: So in your specific case, I would recommend trying restorecon -rv /etc/selinux/targeted/policy. (No news is good news.)

1 Like