https://bugzilla.suse.com/show_bug.cgi?id=1210207 Bug ID: 1210207 Summary: selinux: missing policy for dbus allow msg for xdm_t Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: MicroOS Assignee: kubic-bugs@opensuse.org Reporter: luca.dimaio1@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Created attachment 866166 --> https://bugzilla.suse.com/attachment.cgi?id=866166&action=edit generated rule for selinux with audit2allow After latest update of either gpg or selinux, now communication with gpg-agent is denied by selinux: Apr 06 09:47:58 localhost dbus-daemon[1914]: avc: denied { send_msg } for msgtype=method_return dest=:1.1048 spid=1892 tpid=5585 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:spc_t:s0 tclass=dbus permissive=0 Running audit2why avc: denied { send_msg } for msgtype=method_return dest=:1.1048 spid=1892 tpid=5585 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:spc_t:s0 tclass=dbus permissive=0 Was caused by: Missing type enforcement (TE) allow rule. You can use audit2allow to generate a loadable module to allow this access. In fact, audit2allow generates a valid module, and everything works like before Attaching here the generated modules, loading them fixes the issue -- You are receiving this mail because: You are on the CC list for the bug.