Commit 948cd6ee authored by Peter Hutterer's avatar Peter Hutterer

doc: add instructions for handling SELinux denials

Signed-off-by: Peter Hutterer's avatarPeter Hutterer <>
Reviewed-by: Eric Engestrom's avatarEric Engestrom <>
parent ca1edce2
......@@ -102,6 +102,30 @@ overwriting manually installed files.
<li><b>Arch</b>: ```sudo packman -S libinput```</li>
@subsection building_selinux SELinux adjustments
On systems with SELinux, overwriting the distribution-provided package with
a manually built libinput may cause SELinux denials. This usually manifests
when gdm does not start because it is denied access to libinput. The journal
shows a log message in the form of:
May 25 15:28:42 localhost.localdomain audit[23268]: AVC avc: denied { execute } for pid=23268 comm="gnome-shell" path="/usr/lib64/" dev="dm-0" ino=1709093 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0
May 25 15:28:42 localhost.localdomain org.gnome.Shell.desktop[23270]: /usr/bin/gnome-shell: error while loading shared libraries: failed to map segment from shared object
The summary of this error message is that gdm's gnome-shell runs in the
```system_u:system_r:xdm_t``` context but libinput is installed with the
context ```unconfined_u:object_r:user_home_t```.
To avoid this issue, restore the SELinux context for any system files.
$> sudo restorecon /usr/lib*/*
This issue is tracked in
@subsection building_dependencies Build dependencies
libinput has a few build-time dependencies that must be installed prior to
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment