Constantly getting SE Linux AVC denial notifications after upgrading to Fedora 41

Hi everyone

I noticed that after updating to Fedora 41 Beta with KDE Plasma 6.2.0 I keep getting these random “SE Linux error” notifications. The OS works perfectly fine, but these notifications are becoming really annoying.

The problem is that the notifications disappear and don’t appear in the notification panel. I tried running sudo ausearch -m avc,user_avc -ts recent in terminal and it gave me the follow output:

time->Fri Oct 18 15:40:08 2024
type=AVC msg=audit(1729258808.972:1532): avc:  denied  { getattr } for  pid=2357 comm="power-profiles-" path="/sys/devices/pci0000:00/0000:00:01.1/0000:01:00.0/drm/card0/uevent" dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1
----
time->Fri Oct 18 15:41:39 2024
type=AVC msg=audit(1729258899.237:1589): avc:  denied  { read } for  pid=2357 comm="power-profiles-" name="uevent" dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1
----
time->Fri Oct 18 15:41:39 2024
type=AVC msg=audit(1729258899.237:1590): avc:  denied  { open } for  pid=2357 comm="power-profiles-" path="/sys/devices/pci0000:00/0000:00:01.1/0000:01:00.0/drm/card0/uevent" dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1
----
time->Fri Oct 18 15:41:39 2024
type=AVC msg=audit(1729258899.237:1591): avc:  denied  { getattr } for  pid=2357 comm="power-profiles-" path="/sys/devices/pci0000:00/0000:00:01.1/0000:01:00.0/drm/card0/uevent" dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1
----
time->Fri Oct 18 15:41:39 2024
type=AVC msg=audit(1729258899.237:1592): avc:  denied  { read } for  pid=2357 comm="power-profiles-" name="c226:0" dev="tmpfs" ino=5600 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1
----
time->Fri Oct 18 15:41:39 2024
type=AVC msg=audit(1729258899.237:1593): avc:  denied  { open } for  pid=2357 comm="power-profiles-" path="/run/udev/data/c226:0" dev="tmpfs" ino=5600 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1
----
time->Fri Oct 18 15:41:39 2024
type=AVC msg=audit(1729258899.237:1594): avc:  denied  { getattr } for  pid=2357 comm="power-profiles-" path="/run/udev/data/c226:0" dev="tmpfs" ino=5600 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1
----
time->Fri Oct 18 15:42:39 2024
type=AVC msg=audit(1729258959.444:1599): avc:  denied  { read } for  pid=2357 comm="power-profiles-" name="c226:0" dev="tmpfs" ino=5600 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1
----
time->Fri Oct 18 15:42:39 2024
type=AVC msg=audit(1729258959.444:1600): avc:  denied  { open } for  pid=2357 comm="power-profiles-" path="/run/udev/data/c226:0" dev="tmpfs" ino=5600 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1
----
time->Fri Oct 18 15:42:39 2024
type=AVC msg=audit(1729258959.444:1601): avc:  denied  { getattr } for  pid=2357 comm="power-profiles-" path="/run/udev/data/c226:0" dev="tmpfs" ino=5600 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1

As you can see it’s giving me this error almost every 2 minutes. For some reason it’s giving an error about the powerprofiles. I have a Lenovo Ideapad Gaming 3 15ARH05. I don’t know what this means or what further diagnostics I have to do.

I hope someone can help me with further diagnosing what the issue is.

Thanks in advance
Mohamed

More context would be useful.

Can you provide the output of …

uname -r
cat /proc/sys/kernel/tainted
sudo dnf repolist
sudo ausearch -i -m avc,user_avc,selinux_err,user_selinux_err -ts today
lscpu
lspci

Please put all in code boxes (this means, mark the respective output once you copied it to here and then click the </> button).

Also, can you link the entries to any action(s)?

Before filing a bug report (especially because you seem to have no issues), I would check the next update of the selinux-policies, maybe that already solves the issue, but it seems that there are some issues in the build that is proposed as selinux-policy update (so do not test it with a production system). Yet, I assume there will be an updated build soon and hopefully the next update for the selinux-policies will be therefore released soon too:
Fedora Updates System

If you have a testing system (on which you do not care if it breaks) to test the current build, you might check out if the current update in testing (so the one with issues) makes a difference and let us know → FEDORA-2024-8707c24571 — bugfix update for selinux-policy — Fedora Updates System

There is indeed a comment in the update that refers to an issue about “power-profiles-daemon”: I assume you have this problem:
https://bugzilla.redhat.com/show_bug.cgi?id=2319355
→ you could follow that problem and provide data if you are asked for. You might start with a post there and add the output of your ausearch there. Yet, if I get it right, the current update build does not yet solve this issue. So you might just wait and follow the bugtracker and provide data.

In any case, provide the above details I asked for.

@zpytela Just in case you want to skim the error logs, not sure if you have seen that before.


Supplement: Mohamed, can you provide also the output of sudo dnf info selinux* --installed ? I am not sure but I think in beta the testing repo is enabled by default. So you maybe have that update already installed. That is relevant as the regression is reported for the update. If you have not yet installed this update, that would indicate that the regression was there already before. That might be useful information.

Hi Chris

Thank you for your help. I’ll happily provide more context. At the moment I can’t link the entries to any actions. They seem to appear randomly (maybe they stop appearing when the battery is fully charged and plugged in, I’m not sure though).

I’ve also ran the commands you provided:
uname -r

6.11.3-300.fc41.x86_64

cat /proc/sys/kernel/tainted

512

sudo dnf repolist

repo id                                                                                                   repo name                                                                                                                         
code                                                                                                      Visual Studio Code                                                                                                                
copr:copr.fedorainfracloud.org:kwizart:fedy                                                               Copr repo for fedy owned by kwizart                                                                                               
copr:copr.fedorainfracloud.org:phracek:PyCharm                                                            Copr repo for PyCharm owned by phracek                                                                                            
copr:copr.fedorainfracloud.org:sunwire:envycontrol                                                        Copr repo for envycontrol owned by sunwire                                                                                        
cuda-fedora37-x86_64                                                                                      cuda-fedora37-x86_64                                                                                                              
docker-ce-stable                                                                                          Docker CE Stable - x86_64                                                                                                         
fedora                                                                                                    Fedora 41 - x86_64                                                                                                                
fedora-cisco-openh264                                                                                     Fedora 41 openh264 (From Cisco) - x86_64                                                                                          
google-chrome                                                                                             google-chrome                                                                                                                     
rpmfusion-free                                                                                            RPM Fusion for Fedora 41 - Free                                                                                                   
rpmfusion-free-tainted                                                                                    RPM Fusion for Fedora 41 - Free tainted                                                                                           
rpmfusion-free-updates-testing                                                                            RPM Fusion for Fedora 41 - Free - Test Updates                                                                                    
rpmfusion-nonfree                                                                                         RPM Fusion for Fedora 41 - Nonfree                                                                                                
rpmfusion-nonfree-nvidia-driver                                                                           RPM Fusion for Fedora 41 - Nonfree - NVIDIA Driver                                                                                
rpmfusion-nonfree-steam                                                                                   RPM Fusion for Fedora 41 - Nonfree - Steam                                                                                        
rpmfusion-nonfree-tainted                                                                                 RPM Fusion for Fedora 41 - Nonfree tainted                                                                                        
rpmfusion-nonfree-updates-testing                                                                         RPM Fusion for Fedora 41 - Nonfree - Test Updates                                                                                 
tailscale-stable                                                                                          Tailscale stable                                                                                                                  
updates                                                                                                   Fedora 41 - x86_64 - Updates                                                                                                      
updates-testing                                                                                           Fedora 41 - x86_64 - Test Updates                                                                                                 
WineHQ                                                                                                    WineHQ packages 

sudo ausearch -i -m avc,user_avc,selinux_err,user_selinux_err -ts today

_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:12:25.896:2671) : avc:  denied  { open } for  pid=2357 comm=power-profiles- path=/run/udev/data/c226:0 dev="tmpfs" ino=8355 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:12:25.896:2672) : avc:  denied  { getattr } for  pid=2357 comm=power-profiles- path=/run/udev/data/c226:0 dev="tmpfs" ino=8355 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:13:26.090:2677) : avc:  denied  { read } for  pid=2357 comm=power-profiles- name=uevent dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:13:26.090:2678) : avc:  denied  { open } for  pid=2357 comm=power-profiles- path=/sys/devices/pci0000:00/0000:00:01.1/0000:01:00.0/drm/card0/uevent dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:13:26.090:2679) : avc:  denied  { getattr } for  pid=2357 comm=power-profiles- path=/sys/devices/pci0000:00/0000:00:01.1/0000:01:00.0/drm/card0/uevent dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:16:26.637:2684) : avc:  denied  { read } for  pid=2357 comm=power-profiles- name=c226:0 dev="tmpfs" ino=8355 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:16:26.637:2685) : avc:  denied  { open } for  pid=2357 comm=power-profiles- path=/run/udev/data/c226:0 dev="tmpfs" ino=8355 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:16:26.637:2686) : avc:  denied  { getattr } for  pid=2357 comm=power-profiles- path=/run/udev/data/c226:0 dev="tmpfs" ino=8355 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:17:26.823:2691) : avc:  denied  { read } for  pid=2357 comm=power-profiles- name=uevent dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:17:26.823:2692) : avc:  denied  { open } for  pid=2357 comm=power-profiles- path=/sys/devices/pci0000:00/0000:00:01.1/0000:01:00.0/drm/card0/uevent dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:17:26.823:2693) : avc:  denied  { getattr } for  pid=2357 comm=power-profiles- path=/sys/devices/pci0000:00/0000:00:01.1/0000:01:00.0/drm/card0/uevent dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:18:57.072:2698) : avc:  denied  { read } for  pid=2357 comm=power-profiles- name=c226:0 dev="tmpfs" ino=8355 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:18:57.072:2699) : avc:  denied  { open } for  pid=2357 comm=power-profiles- path=/run/udev/data/c226:0 dev="tmpfs" ino=8355 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:18:57.072:2700) : avc:  denied  { getattr } for  pid=2357 comm=power-profiles- path=/run/udev/data/c226:0 dev="tmpfs" ino=8355 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:20:27.336:2705) : avc:  denied  { read } for  pid=2357 comm=power-profiles- name=uevent dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:20:27.336:2706) : avc:  denied  { open } for  pid=2357 comm=power-profiles- path=/sys/devices/pci0000:00/0000:00:01.1/0000:01:00.0/drm/card0/uevent dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:20:27.336:2707) : avc:  denied  { getattr } for  pid=2357 comm=power-profiles- path=/sys/devices/pci0000:00/0000:00:01.1/0000:01:00.0/drm/card0/uevent dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:23:58.004:2712) : avc:  denied  { read } for  pid=2357 comm=power-profiles- name=c226:0 dev="tmpfs" ino=8355 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:23:58.004:2713) : avc:  denied  { open } for  pid=2357 comm=power-profiles- path=/run/udev/data/c226:0 dev="tmpfs" ino=8355 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:23:58.004:2714) : avc:  denied  { getattr } for  pid=2357 comm=power-profiles- path=/run/udev/data/c226:0 dev="tmpfs" ino=8355 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:25:58.400:2719) : avc:  denied  { read } for  pid=2357 comm=power-profiles- name=uevent dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:25:58.400:2720) : avc:  denied  { open } for  pid=2357 comm=power-profiles- path=/sys/devices/pci0000:00/0000:00:01.1/0000:01:00.0/drm/card0/uevent dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:25:58.400:2721) : avc:  denied  { getattr } for  pid=2357 comm=power-profiles- path=/sys/devices/pci0000:00/0000:00:01.1/0000:01:00.0/drm/card0/uevent dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:27:58.777:2726) : avc:  denied  { read } for  pid=2357 comm=power-profiles- name=c226:0 dev="tmpfs" ino=8355 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:27:58.778:2727) : avc:  denied  { open } for  pid=2357 comm=power-profiles- path=/run/udev/data/c226:0 dev="tmpfs" ino=8355 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:27:58.778:2728) : avc:  denied  { getattr } for  pid=2357 comm=power-profiles- path=/run/udev/data/c226:0 dev="tmpfs" ino=8355 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:30:29.233:2733) : avc:  denied  { read } for  pid=2357 comm=power-profiles- name=uevent dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:30:29.233:2734) : avc:  denied  { open } for  pid=2357 comm=power-profiles- path=/sys/devices/pci0000:00/0000:00:01.1/0000:01:00.0/drm/card0/uevent dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:30:29.233:2735) : avc:  denied  { getattr } for  pid=2357 comm=power-profiles- path=/sys/devices/pci0000:00/0000:00:01.1/0000:01:00.0/drm/card0/uevent dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:33:29.831:2740) : avc:  denied  { read } for  pid=2357 comm=power-profiles- name=uevent dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:33:29.831:2741) : avc:  denied  { open } for  pid=2357 comm=power-profiles- path=/sys/devices/pci0000:00/0000:00:01.1/0000:01:00.0/drm/card0/uevent dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:33:29.831:2742) : avc:  denied  { getattr } for  pid=2357 comm=power-profiles- path=/sys/devices/pci0000:00/0000:00:01.1/0000:01:00.0/drm/card0/uevent dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:33:29.831:2743) : avc:  denied  { read } for  pid=2357 comm=power-profiles- name=c226:0 dev="tmpfs" ino=8355 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:33:29.831:2744) : avc:  denied  { open } for  pid=2357 comm=power-profiles- path=/run/udev/data/c226:0 dev="tmpfs" ino=8355 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:33:29.831:2745) : avc:  denied  { getattr } for  pid=2357 comm=power-profiles- path=/run/udev/data/c226:0 dev="tmpfs" ino=8355 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:37:00.481:2750) : avc:  denied  { read } for  pid=2357 comm=power-profiles- name=c226:0 dev="tmpfs" ino=8355 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:37:00.481:2751) : avc:  denied  { open } for  pid=2357 comm=power-profiles- path=/run/udev/data/c226:0 dev="tmpfs" ino=8355 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:37:00.481:2752) : avc:  denied  { getattr } for  pid=2357 comm=power-profiles- path=/run/udev/data/c226:0 dev="tmpfs" ino=8355 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:41:01.263:2757) : avc:  denied  { read } for  pid=2357 comm=power-profiles- name=uevent dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:41:01.263:2758) : avc:  denied  { open } for  pid=2357 comm=power-profiles- path=/sys/devices/pci0000:00/0000:00:01.1/0000:01:00.0/drm/card0/uevent dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:41:01.263:2759) : avc:  denied  { getattr } for  pid=2357 comm=power-profiles- path=/sys/devices/pci0000:00/0000:00:01.1/0000:01:00.0/drm/card0/uevent dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:41:01.263:2760) : avc:  denied  { read } for  pid=2357 comm=power-profiles- name=c226:0 dev="tmpfs" ino=8355 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:41:01.263:2761) : avc:  denied  { open } for  pid=2357 comm=power-profiles- path=/run/udev/data/c226:0 dev="tmpfs" ino=8355 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:41:01.263:2762) : avc:  denied  { getattr } for  pid=2357 comm=power-profiles- path=/run/udev/data/c226:0 dev="tmpfs" ino=8355 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:46:02.206:2767) : avc:  denied  { read } for  pid=2357 comm=power-profiles- name=uevent dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:46:02.206:2768) : avc:  denied  { open } for  pid=2357 comm=power-profiles- path=/sys/devices/pci0000:00/0000:00:01.1/0000:01:00.0/drm/card0/uevent dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:46:02.206:2769) : avc:  denied  { getattr } for  pid=2357 comm=power-profiles- path=/sys/devices/pci0000:00/0000:00:01.1/0000:01:00.0/drm/card0/uevent dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:46:02.206:2770) : avc:  denied  { read } for  pid=2357 comm=power-profiles- name=+drm:card0-HDMI-A-1 dev="tmpfs" ino=3782 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:46:02.206:2771) : avc:  denied  { open } for  pid=2357 comm=power-profiles- path=/run/udev/data/+drm:card0-HDMI-A-1 dev="tmpfs" ino=3782 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 20:46:02.206:2772) : avc:  denied  { getattr } for  pid=2357 comm=power-profiles- path=/run/udev/data/+drm:card0-HDMI-A-1 dev="tmpfs" ino=3782 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 21:01:02.851:2779) : avc:  denied  { read } for  pid=2357 comm=power-profiles- name=uevent dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 21:01:02.851:2780) : avc:  denied  { open } for  pid=2357 comm=power-profiles- path=/sys/devices/pci0000:00/0000:00:01.1/0000:01:00.0/drm/card0/uevent dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 21:01:02.851:2781) : avc:  denied  { getattr } for  pid=2357 comm=power-profiles- path=/sys/devices/pci0000:00/0000:00:01.1/0000:01:00.0/drm/card0/uevent dev="sysfs" ino=53823 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 21:01:02.851:2782) : avc:  denied  { read } for  pid=2357 comm=power-profiles- name=c226:0 dev="tmpfs" ino=8355 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 21:01:02.851:2783) : avc:  denied  { open } for  pid=2357 comm=power-profiles- path=/run/udev/data/c226:0 dev="tmpfs" ino=8355 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 
----
type=AVC msg=audit(18/10/24 21:01:02.851:2784) : avc:  denied  { getattr } for  pid=2357 comm=power-profiles- path=/run/udev/data/c226:0 dev="tmpfs" ino=8355 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1 

lscpu

Architecture:             x86_64
  CPU op-mode(s):         32-bit, 64-bit
  Address sizes:          48 bits physical, 48 bits virtual
  Byte Order:             Little Endian
CPU(s):                   12
  On-line CPU(s) list:    0-11
Vendor ID:                AuthenticAMD
  Model name:             AMD Ryzen 5 4600H with Radeon Graphics
    CPU family:           23
    Model:                96
    Thread(s) per core:   2
    Core(s) per socket:   6
    Socket(s):            1
    Stepping:             1
    Frequency boost:      enabled
    CPU(s) scaling MHz:   58%
    CPU max MHz:          3000,0000
    CPU min MHz:          1400,0000
    BogoMIPS:             5988,61
    Flags:                fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid extd_apic
                          id aperfmperf rapl pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs skinit wdt tce
                           topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb cat_l3 cdp_l3 hw_pstate ssbd mba ibrs ibpb stibp vmmcall fsgsbase bmi1 avx2 smep bmi2 cqm rdt_a rdseed adx smap clflushopt clwb sha_ni xsaveopt xsav
                          ec xgetbv1 cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local clzero irperf xsaveerptr rdpru wbnoinvd cppc arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold 
                          avic v_vmsave_vmload vgif v_spec_ctrl umip rdpid overflow_recov succor smca
Virtualization features:  
  Virtualization:         AMD-V
Caches (sum of all):      
  L1d:                    192 KiB (6 instances)
  L1i:                    192 KiB (6 instances)
  L2:                     3 MiB (6 instances)
  L3:                     8 MiB (2 instances)
NUMA:                     
  NUMA node(s):           1
  NUMA node0 CPU(s):      0-11
Vulnerabilities:          
  Gather data sampling:   Not affected
  Itlb multihit:          Not affected
  L1tf:                   Not affected
  Mds:                    Not affected
  Meltdown:               Not affected
  Mmio stale data:        Not affected
  Reg file data sampling: Not affected
  Retbleed:               Mitigation; untrained return thunk; SMT enabled with STIBP protection
  Spec rstack overflow:   Mitigation; Safe RET
  Spec store bypass:      Mitigation; Speculative Store Bypass disabled via prctl
  Spectre v1:             Mitigation; usercopy/swapgs barriers and __user pointer sanitization
  Spectre v2:             Mitigation; Retpolines; IBPB conditional; STIBP always-on; RSB filling; PBRSB-eIBRS Not affected; BHI Not affected
  Srbds:                  Not affected
  Tsx async abort:        Not affected

lspci

00:00.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne Root Complex
00:00.2 IOMMU: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne IOMMU
00:01.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Renoir PCIe Dummy Host Bridge
00:01.1 PCI bridge: Advanced Micro Devices, Inc. [AMD] Renoir PCIe GPP Bridge
00:01.2 PCI bridge: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne PCIe GPP Bridge
00:02.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Renoir PCIe Dummy Host Bridge
00:02.1 PCI bridge: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne PCIe GPP Bridge
00:02.2 PCI bridge: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne PCIe GPP Bridge
00:02.4 PCI bridge: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne PCIe GPP Bridge
00:08.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Renoir PCIe Dummy Host Bridge
00:08.1 PCI bridge: Advanced Micro Devices, Inc. [AMD] Renoir Internal PCIe GPP Bridge to Bus
00:08.2 PCI bridge: Advanced Micro Devices, Inc. [AMD] Renoir Internal PCIe GPP Bridge to Bus
00:14.0 SMBus: Advanced Micro Devices, Inc. [AMD] FCH SMBus Controller (rev 51)
00:14.3 ISA bridge: Advanced Micro Devices, Inc. [AMD] FCH LPC Bridge (rev 51)
00:18.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Renoir Device 24: Function 0
00:18.1 Host bridge: Advanced Micro Devices, Inc. [AMD] Renoir Device 24: Function 1
00:18.2 Host bridge: Advanced Micro Devices, Inc. [AMD] Renoir Device 24: Function 2
00:18.3 Host bridge: Advanced Micro Devices, Inc. [AMD] Renoir Device 24: Function 3
00:18.4 Host bridge: Advanced Micro Devices, Inc. [AMD] Renoir Device 24: Function 4
00:18.5 Host bridge: Advanced Micro Devices, Inc. [AMD] Renoir Device 24: Function 5
00:18.6 Host bridge: Advanced Micro Devices, Inc. [AMD] Renoir Device 24: Function 6
00:18.7 Host bridge: Advanced Micro Devices, Inc. [AMD] Renoir Device 24: Function 7
01:00.0 VGA compatible controller: NVIDIA Corporation TU117M [GeForce GTX 1650 Ti Mobile] (rev a1)
01:00.1 Audio device: NVIDIA Corporation Device 10fa (rev a1)
02:00.0 Non-Volatile memory controller: Intel Corporation SSD 660P Series (rev 03)
03:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8211/8411 PCI Express Gigabit Ethernet Controller (rev 10)
04:00.0 Network controller: Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter (rev 32)
05:00.0 Non-Volatile memory controller: Samsung Electronics Co Ltd NVMe SSD Controller 980 (DRAM-less)
06:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Renoir [Radeon Vega Series / Radeon Vega Mobile Series] (rev c7)
06:00.2 Encryption controller: Advanced Micro Devices, Inc. [AMD] Family 17h (Models 10h-1fh) Platform Security Processor
06:00.3 USB controller: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne USB 3.1
06:00.4 USB controller: Advanced Micro Devices, Inc. [AMD] Renoir/Cezanne USB 3.1
06:00.5 Multimedia controller: Advanced Micro Devices, Inc. [AMD] ACP/ACP3X/ACP6x Audio Coprocessor (rev 01)
06:00.6 Audio device: Advanced Micro Devices, Inc. [AMD] Family 17h/19h HD Audio Controller
07:00.0 SATA controller: Advanced Micro Devices, Inc. [AMD] FCH SATA Controller [AHCI mode] (rev 81)
07:00.1 SATA controller: Advanced Micro Devices, Inc. [AMD] FCH SATA Controller [AHCI mode] (rev 81)

Indeed as you suspected in Fedora 41 beta, the selinux testing repo is enabled by default:

Name            : selinux-policy
Epoch           : 0
Version         : 41.21
Release         : 1.fc41
Architecture    : noarch
Installed size  : 31.4 KiB
Source          : selinux-policy-41.21-1.fc41.src.rpm
From repository : updates-testing
Summary         : SELinux policy configuration
URL             : https://github.com/fedora-selinux/selinux-policy
License         : GPL-2.0-or-later
Description     : SELinux core policy package.
                : Originally based off of reference policy,
                : the policy has been adjusted to provide support for Fedora.
Vendor          : Fedora Project

Name            : selinux-policy-targeted
Epoch           : 0
Version         : 41.21
Release         : 1.fc41
Architecture    : noarch
Installed size  : 18.4 MiB
Source          : selinux-policy-41.21-1.fc41.src.rpm
From repository : updates-testing
Summary         : SELinux targeted policy
URL             : https://github.com/fedora-selinux/selinux-policy
License         : GPL-2.0-or-later
Description     : SELinux targeted policy package.
Vendor          : Fedora Project

I’ll take a look into the bugzilla bug reports.

Thank you very much for your fast and helpful response.

Indeed, you have already the build from testing installed. I expect that bug ticket describes the issue you have.

Keep following the ticket and provide related information there. If a new build was built, it will appear in bodhi → Fedora Updates System

Usually, new builds are linked to the bug reports. This means, an automatic comment will be posted in the bug report that contains the link of the very build that aims to solve the issue (like the bodhi link I provided above). In such a case, you might contribute by testing a new build and provide early feedback about if it solves the issue. If you need any help about this, feel free to ask here.

As the issue is known and people already consider it, I guess an update that solves the issue will be released soon.

However, once something solved the issue (I expect it will be the next update, or the one after it), it would be nice if you let us know here: that way other users who experience the same issue can find here both the topic with the problem and the solution.

By the way, if you post something in the bugzilla report, you might also contain a link to this topic, in order to link the two tickets that are obviously connected.

Different manifests in ausearch outputs can help the developer to identify the origin of the issue. Yours is not equal to the output that is shown in the bugzilla ticket.

@py0xc3 power-profiles-daemon is a service confined since selinux-policy-40.21, but the domain is in permissive mode so no syscall is actually blocked, these denials will be fixed in the very next build

Thanks :classic_smiley:


Mohamed, you just have to wait for the next update of the selinux-policy.

If you want, you can keep checking the bodhi page of selinux-policies - once you installed the next update that appears there, you are encouraged to verify that the issue was solved and add positive or negative karma to the very bodhi page (with a comment) about if the update solves the issue.

Let me know if you have any issues.