SELinux is preventing gnome-shell from write access on the sock_file dbus-XodxlWoUr5


A confined service like gnome-shell working in the selinux domain xdm_t will probably never match something that is in the target domain unconfined_service_t.

Looking up what matches the source xdm_t, object unix_stream_socket and permission connectto on my Fedora 32 I came up with this:

allow xdm_t xdm_t:unix_stream_socket { accept append bind connect connectto create getattr getopt ioctl listen lock read setattr setopt shutdown write };

Try what happens if you change the target context on the /tmp/dbus-UpA49W7Z0x.

If you want to be careful you could follow these steps:

touch /.autorelabel
chcon -t xdm_t /tmp/dbus-UpA49W7ZOx

Should that mess things up so you can’t use the system it will be relabeled on hard reboot. On the other hand if it solves the problem you can make it persistent with

semanage fcontext -a -t xdm_t /tmp/dbus-UpA49W7ZOx

(You could also start with checking if the file should have some other label than unconfined_service_t with the command “matchpathcon -V /tmp/dbus-UpA49W7Z0x”)