@susejunky Look closer? “rtkit_daemon_t” is what you created? Have you created something awhile back? Or it auto created the second one, or unintended consequences perhaps…
@susejunky So if you run the command semodule -lfull | grep -E "rtkit|rfkill" and paste the output, then should be able to run semodule -X <1-999> -r <module>, but paste output first please.
# semodule -lfull | grep -E "rtkit|rfkill"
100 rtkit pp
#
I’m quite sure that I saw this module (using system-config-selinux -> Policy-Module and searching for rtkit) before I applied any changes to my selinux setup.
No.
I cannot rule out that one.
It’s “~sddm/” –
# cd ~sddm/
# pwd
/var/lib/sddm
#
The only real issue I have with KDE is, the occasional lack of effort expended by the developers in cleaning out old application data when a patch or update is applied.
- Therefore, when a major KDE Plasma update is applied, it often pays to clean out the user’s ‘~/.cache/’ directory before logging in to a freshly updated KDE Plasma session.
- The same applies to system users such as the SDDM daemon user.
- The same applies to cleaning up outdated, no longer applicable, configuration files.
1 Like
@susejunky Hi, so it’s not there, normally it’s removed with the semodule -X <1-999> -r <module> command. So don’t know, maybe it will go at some point.
Perhaps forcing the re-install of the policy may help eg zypper in -f selinux-policy
After my post this morning I ran zypper dup and now I see this:
# ausearch -m avc -ts today | audit2allow
<no matches>
Nothing to do
#
# ausearch -m user_avc -ts boot
----
time->Thu Mar 5 13:16:23 2026
type=USER_AVC msg=audit(1772712983.300:103): pid=1057 uid=498 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for scontext=system_u:system_r:rtkit_daemon_t:s0 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=dbus permissive=0 exe="/usr/bin/dbus-broker" sauid=498 hostname=? addr=? terminal=?'
#
# ausearch -m selinux_err -ts boot
<no matches>
# ausearch -m user_selinux_err -ts boot
<no matches>
#
# journalctl -t setroubleshoot
-- No entries --
#
and
# ausearch -m user_avc -ts today | audit2allow
#============= rtkit_daemon_t ==============
allow rtkit_daemon_t systemd_logind_t:dbus send_msg;
#
But according to your post #10 this user_avc is only a warning?
Do I understand this correctly?
If so, would you mind giving me a brief explanation why user_avc is not as critical a avc? Or is it any thing else which makes the message discussed above a warning instead of an error-message?
@susejunky avc is the only one from the wiki that you would look at creating a policy, you have avc_user and created a policy, which in my understanding is incorrect.
So, there may be unintended consequences from your attempts…
Create a bug report now it looks like it’s cleaned up some…
Follow the instructions at https://en.opensuse.org/Portal:SELinux#Summary_line
Probably something like;
[SELinux] avc: denied { send_msg } for } scontext=system_u:system_r:rtkit_daemon_t:s0"
Then add all the bits from the description section.
Post back the bug number here 
Done, see Bugzilla
Thank you very much for all the information you have provided me with and for your time and patience.
1 Like
@susejunky looks good, hopefully it will get some traction 
According to Bugzilla a fix is already on its way.
@susejunky yes, so now you know what to do, if you see some more
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.