Hello I’m new in Fedora, just installed v42 a couple of days ago, looking for an Android emulator I installed Waydroid 1.51-2 from store (Fedora packages), put the URLs in the OTA fields and it seems it download the image with no problems, but at the moment to open the app (Through its icon or via Konsole) multiples SELinux alerts shows up. The notification is too quick to check but all of them shows the same alert
SELinux is preventing nft from read access on the directory fd.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that nft should be allowed read access on the fd directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'nft' --raw | audit2allow -M my-nft
# semodule -X 300 -i my-nft.pp
Additional Information:
Source Context system_u:system_r:iptables_t:s0
Target Context system_u:system_r:kernel_t:s0
Target Objects fd [ dir ]
Source nft
Source Path nft
Port <Unknown>
Host host
Source RPM Packages
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-41.37-1.fc42.noarch
Local Policy RPM selinux-policy-targeted-41.37-1.fc42.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name hostname
Platform Linux hostname 6.14.2-300.fc42.x86_64 #1 SMP
PREEMPT_DYNAMIC Thu Apr 10 21:50:55 UTC 2025
x86_64
Alert Count 5842
First Seen 2025-04-20 10:52:03 EDT
Last Seen 2025-04-20 23:03:44 EDT
Local ID 70f6f9c3-8e7b-42bf-a709-c26c9e7d6d99
Raw Audit Messages
type=AVC msg=audit(1745204624.536:3813): avc: denied { read } for pid=67540 comm="nft" name="fd" dev="proc" ino=1645797 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir permissive=0
Hash: nft,iptables_t,kernel_t,dir,read
I’ve already tried allowing the access with the commands given by the alert, also I set SELinux to ‘permissive’ and ‘disabled’ just to check but it shows two errors multiple times (image attached)
In addition, according to waydroid it’s running
$ waydroid session start
[23:24:47] Android with user 0 is ready
$ waydroid status:
Session: RUNNING
Container: RUNNING
Vendor type: MAINLINE
IP address: 192.168.240.112
Session user: greens(1000)
Wayland display: wayland-0