This is a strange one. Really just a minor bug because it does not affect functionality at all. I first ran into this when downloading a PDF file. Then lately I found out that it will throw the alert simply by copying a PDF file. It is related to bubblewrap. It is also related to thumbnails. At first I did not realize that there were more than one alert coming up. So my son pointed out to me that was the case. I am going to add a screenshot of all the alerts because I could not find a way to copy and paste that info. I have been trying to avoid posting screenshots but can not find any other way to get the info here except by doing just that.
I do have a bug report in over at Bugzilla. But that is not getting any traction at all and nobody has responded to it. I did find another bug report by someone using Open SUSE and he claimed that it went away when he switched from X11 to Wayland… That can be found here…
Sorry, I keep forgetting to include the information that I am on the MATE-Compiz spin of Fedora 43. There were no relevant tags for that.
Here is that screenshot… As you can see they are all listed as “notify” so no action is taken. This thing is just “bugging” me at the moment. I keep trying to nail it down but with no luck. And there has not been any SELinux updates that fix it either. It is related to user namespaces and also thumbnail creation for sure. Only happens with PDF files and not image files. I even installed atril-thumbnailer but nothing changed. Clearly an issue with bubblewrap…
Just going to copy and paste a response that I put up in a different thread because it contains all the relevant information about bwarp…
I am still having issues with bubblewrap as well. Mainly when downloading PDF files and it throws up an SELinux alert. The PDF still downloads just fine. But something is going on.
This morning after booting up I did a ps -ax command and saw two entries for bwrap. Both said “bwrap --unshare-all --die-with-parent --chdir / --r”. Then a bit later that was gone when I did another ps-ax.
Finally when I went to test for the PDF download bug (which I do have a report in at Bugzilla) I had no issue actually copying and pasting a PDF file from a folder on to the desktop. But when I tried a download the SELinux alert popped back up. This time it was only four things…
And when I did another ps-ax , this time it came up with…
bwrap --unshare-all --die-with-parent --chdir / --ro-bind /usr /usr --dev /dev --ro-bind-try /etc/ld.so.cache /etc/ld.so.cache --ro-bind-try /nix/store /nix/store --tmpfs /tmp-home --tmpfs /tmp-run --clearenv
Doing a ps-ax now still shows the same thing for bwrap. Two lines with what I posted above…
I looked at the man page for bwrap to try to decipher a couple of things. It does say that the --unshare-all option tries to create a user namespace among other things.
Unshare all possible namespaces. Currently equivalent with: --unshare-user-try --unshare-ipc --unshare-pid --unshare-net --unshare-uts --unshare-cgroup-try
Yeah. I get it now. I sat down with my son and he explained that the line was just truncated. So that makes sense now.
The crazy thing about this whole bwrap throwing SELinux alerts is that it just did it on my newer computer when all I did was copy and paste a PDF file from a folder onto the desktop. Only got one alert for that and it was bwrap, mounton and the /tmp directory. I really wish that someone would figure this out. One month on from the release of 43 and there are still problems with it. The only good thing about this bug is that it is not affecting functionality at all. But it is a bit ridiculous to have to deal with those alerts just for copying and pasting a PDF file.
Have you worked out yet, what the selinux error message is actually stating? What action it’s trying to do which is in violation of the current selinux restrictions??
No. All the SELinux alerts come up with “mounton, mount, unmount” just like in the screenshot above. Also over at Bugzilla nobody has bothered to respond to my bug report besides someone else who is having a similar issue. His bug report has not been addressed either. You can find those bug reports by going to Bugzilla and doing a search for “bwrap SELinux” and they will come up…
Obviously it is also related to user namespaces. Also it should be noted that in order to get rid of SELinux alert messages every single time I took a screenshot I had to disable the systemd-homed service.
One month in and still dealing with these bugs in 43…
One thing I will say is at this point I am only getting 4 alerts vs. the 11 I was getting previously. Don’t know if that is progress or not. Also this morning I did not get an alert when copying and pasting a PDF, something which had happened previously as well. So now I am only getting them when I download a PDF file and there are only 4.
Also, since I am running two different computers via KVM switch to a shared monitor and keyboard, I test things out on both computers and am getting the same thing on both of them. I really am trying my best to eliminate variables and troubleshoot.
Pls provide the following output: ausearch -i -m avc,user_avc,selinux_err,user_selinux_err -ts <startdate or starttime> Change <startdate or starttime> accordingly, so all relevant Selinux output is included.
Unfortunately when I do that I get an error message.
Error opening config file (Permission denied)
NOTE - using built-in end_of_event_timeout: 2
NOTE - using built-in logs: /var/log/audit/audit.log
Error opening /var/log/audit/audit.log (Permission denied)
