On one of my machines I noticed a bunch of little pop up messages that don't say much but say opps and that it is probable automatically being reported.

In looking at messages it shows a lot of things about seline and seems linked to /run/systemd/users/1000

Looking at directory, see it showing the owner as root and not 1000?

cd /run/systemd/users/

[root@setzconote users]# ls -l

-rw-r--r--. 1 root root 257 Oct 31 08:42 1000

looking at message log it says to run this command.

sealert -l c9b47966-9b7c-4eeb-a209-b8b4034caba9

SELinux is preventing dbus-daemon from read access on the file 1000.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that dbus-daemon should be allowed read access on the 1000 file by default.

Then you should report this as a bug.

You can generate a local policy module to allow this access.

Do

allow this access for now by executing:

# ausearch -c 'dbus-daemon' --raw | audit2allow -M my-dbusdaemon

# semodule -X 300 -i my-dbusdaemon.pp

Additional Information:

Source Context                system_u:system_r:gnome_atspi_t:s0-s0:c0.c1023

Target Context                system_u:object_r:systemd_logind_var_run_t:s0

Target Objects                1000 [ file ]

Source                        dbus-daemon

Source Path                   dbus-daemon

Port                          <Unknown>

Host                          setzco.dyndns.org

Source RPM Packages          

Target RPM Packages          

SELinux Policy RPM            selinux-policy-targeted-35.19-1.fc35.noarch

Local Policy RPM              selinux-policy-targeted-35.19-1.fc35.noarch

Selinux Enabled               True

Policy Type                   targeted

Enforcing Mode                Permissive

Host Name                     setzco.dyndns.org

Platform                      Linux setzco.dyndns.org 6.0.5-100.fc35.x86_64 #1

                              SMP PREEMPT_DYNAMIC Wed Oct 26 16:27:59 UTC 2022

                              x86_64 x86_64

Alert Count                   43

First Seen                    2022-10-29 17:13:40 ChST

Last Seen                     2022-11-02 22:59:29 ChST

Local ID                      c9b47966-9b7c-4eeb-a209-b8b4034caba9

Raw Audit Messages

type=AVC msg=audit(1667393969.159:396): avc:  denied  { read } for  pid=1494 comm="dbus-daemon" name="1000" dev="tmpfs" ino=1692 scontext=system_u:system_r:gnome_atspi_t:s0-s0:c0.c1023 tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=file permissive=1

Hash: dbus-daemon,gnome_atspi_t,systemd_logind_var_run_t,file,read

Other machines don't seem to show these messages, but haven't looked in logs. Seems it is only right after boot and login, and the fill about 3 screens full of messages, but then the just all close and normal desktop is left??

+------------------------------------------------------------+

 Michael D. Setzer II - Computer Science Instructor (Retired)    

 mailto:mikes@guam.net                           

 mailto:msetzerii@gmail.com

 Guam - Where America's Day Begins                       

 G4L Disk Imaging Project maintainer

 http://sourceforge.net/projects/g4l/

+------------------------------------------------------------+