vncsession-start is running in SELinux vnc_session_t domain because of "SELinuxContext=system_u:system_r:vnc_session_t:s0" option in systemd vncserver@.service unit file. vncsession-start executing binary vncsession with SELinux label/type vnc_session_t. This access was not allowed in vncsession policy.tags/v1.10.90
@@ -32,6 +32,8 @@ files_pid_filetrans(vnc_session_t, vnc_session_var_run_t, file) | |||
auth_write_login_records(vnc_session_t) | |||
can_exec(vnc_session_t, vnc_session_exec_t) | |||
userdom_spec_domtrans_all_users(vnc_session_t) | |||
userdom_signal_all_users(vnc_session_t) | |||