After upgrading from Fedora 39 to Fedora 40, I started getting SELinux errors every time I log in or unlock the lock screen.
Here’s the full output from the details in SETroubleshoot.
SELinux is preventing systemd-logind from integrity access on the lockdown labeled systemd_logind_t.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that systemd-logind should be allowed integrity access on lockdown labeled systemd_logind_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'systemd-logind' --raw | audit2allow -M my-systemdlogind
# semodule -X 300 -i my-systemdlogind.pp
Additional Information:
Source Context system_u:system_r:systemd_logind_t:s0
Target Context system_u:system_r:systemd_logind_t:s0
Target Objects Unknown [ lockdown ]
Source systemd-logind
Source Path systemd-logind
Port <Unknown>
Host aerie
Source RPM Packages
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-40.28-1.fc40.noarch
Local Policy RPM selinux-policy-targeted-40.28-1.fc40.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name aerie
Platform Linux aerie 5.15.164-200.fc40.x86_64 #1 SMP Mon
Aug 12 10:08:28 UTC 2024 x86_64
Alert Count 15
First Seen 2024-10-15 01:21:05 BST
Last Seen 2024-10-15 09:02:06 BST
Local ID 9e2fc1b0-fa82-4e6a-8170-61fa09b976bd
Raw Audit Messages
type=AVC msg=audit(1728979326.1:525): avc: denied { integrity } for pid=1526 comm="systemd-logind" lockdown_reason="hibernation" scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=lockdown permissive=0
Hash: systemd-logind,systemd_logind_t,systemd_logind_t,lockdown,integrity