On 04/10/2021 09:43, Adi Pircalabu wrote:
Didn't have setroubleshoot-server, so I went and installed it. "sealert -b" does nothing, or I don't know how to use it yet. Then I went and analyzed the audit log with "sealert -a /var/log/audit/audit.log" and here's the important bit:
type=AVC msg=audit(1633309984.892:327): avc: denied { audit_control } for pid=2387 comm="(systemd)" capability=30 scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=capability permissive=1
$ ps auxww | egrep 2387 adi 2387 0.0 0.0 24080 16084 ? Ss 12:13 0:00 /usr/lib/systemd/systemd --user
So, looks like selinux prevents systemd to run as user adi. Now I need to figure out why all of a sudden.
Manged to get my sound back in enforcing mode by running: setsebool -P init_audit_control 1 After reboot I now have: # audit2allow -w -a | tail
Possible mismatch between current in-memory boolean settings vs. permanent ones.
type=AVC msg=audit(1633309984.892:327): avc: denied { audit_control } for pid=2387 comm="(systemd)" capability=30 scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=capability permissive=1 Was caused by: Unknown - would be allowed by active policy Possible mismatch between this policy and the one under which the audit message was generated.
Possible mismatch between current in-memory boolean settings vs. permanent ones.
$ ps auxww | egrep pipewire adi 2655 0.2 0.0 349932 17768 ? S<sl 12:36 0:00 /usr/bin/pipewire adi 2656 0.3 0.0 273220 25120 ? S<Lsl 12:36 0:01 /usr/bin/pipewire-pulse adi 2670 0.0 0.0 252976 12312 ? S<l 12:36 0:00 /usr/bin/pipewire-media-session adi 6401 0.0 0.0 221528 792 pts/1 S+ 12:42 0:00 grep -E --color=auto pipewire
Still don't know what caused the change in behaviour yet.
On my F34 Gnome VM, I have sound after a full update.
[root@f34g ~]# getsebool init_audit_control init_audit_control --> off
So, I don't know why you'd have to set it to "on".
I'm starting to think you may need to relabel your filesystem.
-- Nothing to see here