SELinux : denied getattr for tl-session

JBL · 12 February 2026 13:05

I was getting a lot of these:
type=AVC msg=audit(1770892256.261:1384): avc: denied { getattr } for pid=35078 comm=“tl-session” name=“/” dev=“pidfs” ino=1 scontext=system_u:system_r:thinlinc_session_t:s0 tcontext=system_u:object_r:pidfs_t:s0 tclass=filesystem permissive=0

Otherwise from a user perspective, the sessions were behaving as expected.

For now I simply added a policy to allow this, but I’m interested to know if this is a common issue and if there’s a better way to address this.

aaron · 13 February 2026 22:28

@CendioOssman any ideas here? Could it be related to this?

CendioOssman · 17 February 2026 13:04

No, that message is expected during normal operation of ThinLinc.

That AVC is not familiar to me. What distribution is this from, @JBL?

JBL · 17 February 2026 15:13

@CendioOssman I’m on Fedora 43.

CendioOssman · 18 February 2026 14:29

Thanks. I can reproduce it here now as well. Like you, I could not see any practical issues. But we should investigate and see how we can resolve it.

I’ve added this bugzilla entry to track it:

Topic		Replies	Views
Fedora 43 issue ThinLinc	5	196	19 November 2025
ThinLinc login fails (No agent server was available) ThinLinc	15	502	27 February 2025
ThinLinc login failed. (No agent server was available) ThinLinc	19	3022	19 January 2024
WARNING vsmagent.sessions: Broken session for user abc, tl-session process 123 does not exist ThinLinc	1	20	17 February 2026
The seesion lasted less than 10 seconds ,it could mena that there is some probelm with your thin Linc systems ThinLinc thinlinc , tlserver	1	826	13 April 2023

SELinux : denied getattr for tl-session

Related topics