SELinux is preventing /usr/libexec/colord from search access on the directory 2863. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that colord should be allowed search access on the 2863 directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'colord' --raw | audit2allow -M my-colord # semodule -X 300 -i my-colord.pp Additional Information: Source Context system_u:system_r:colord_t:s0 Target Context system_u:system_r:unconfined_service_t:s0 Target Objects 2863 [ dir ] Source colord Source Path /usr/libexec/colord Port Host oracle2 Source RPM Packages colord-1.4.2-1.el8.x86_64 Target RPM Packages SELinux Policy RPM selinux-policy- targeted-3.14.3-139.0.1.el8_10.noarch Local Policy RPM selinux-policy- targeted-3.14.3-139.0.1.el8_10.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name oracle2 Platform Linux oracle2 5.15.0- 210.163.7.el8uek.x86_64 #2 SMP Tue Sep 10 18:31:09 PDT 2024 x86_64 x86_64 Alert Count 6 First Seen 2024-09-25 14:21:14 CEST Last Seen 2024-09-26 10:25:45 CEST Local ID c9eaee7a-7692-4371-a279-454aeea488b6 Raw Audit Messages type=AVC msg=audit(1727339145.267:170): avc: denied { search } for pid=2338 comm="colord" name="2863" dev="proc" ino=42571 scontext=system_u:system_r:colord_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=dir permissive=0 type=SYSCALL msg=audit(1727339145.267:170): arch=x86_64 syscall=openat success=no exit=EACCES a0=ffffff9c a1=558901f4b3f0 a2=0 a3=0 items=0 ppid=1 pid=2338 auid=4294967295 uid=977 gid=977 euid=977 suid=977 fsuid=977 egid=977 sgid=977 fsgid=977 tty=(none) ses=4294967295 comm=colord exe=/usr/libexec/colord subj=system_u:system_r:colord_t:s0 key=(null) Hash: colord,colord_t,unconfined_service_t,dir,search