Allow login_userdomain delete session dbusd tmp socket files

[zpytela]

The commit addresses the following AVC denial: type=PROCTITLE msg=audit(01/24/2024 21:14:21.706:7485) : proctitle=(systemd) type=PATH msg=audit(01/24/2024 21:14:21.706:7485) : item=1 name=/run/user/1002/bus inode=35 dev=00:36 mode=socket,666 ouid=user12424 ogid=user12424 rdev=00:00 obj=staff_u:object_r:session_dbusd_tmp_t:s0 nametype=DELETE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=PATH msg=audit(01/24/2024 21:14:21.706:7485) : item=0 name=/run/user/1002/ inode=1 dev=00:36 mode=dir,700 ouid=user12424 ogid=user12424 rdev=00:00 obj=staff_u:object_r:user_tmp_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=SYSCALL msg=audit(01/24/2024 21:14:21.706:7485) : arch=x86_64 syscall=unlink success=no exit=EACCES(Permission denied) a0=0x55f03a905302 a1=0x55f03a937ea0 a2=0x55f56590dc97 a3=0x55f03a937eb0 items=2 ppid=1 pid=144007 auid=user12424 uid=user12424 gid=user12424 euid=user12424 suid=user12424 fsuid=user12424 egid=user12424 sgid=user12424 fsgid=user12424 tty=(none) ses=37 comm=systemd exe=/usr/lib/systemd/systemd subj=staff_u:staff_r:staff_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(01/24/2024 21:14:21.706:7485) : avc: denied { unlink } for pid=144007 comm=systemd name=bus dev="tmpfs" ino=35 scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:session_dbusd_tmp_t:s0 tclass=sock_file permissive=0

[packit-as-a-service[bot]]

Cockpit tests failed for commit fdf3a0d96baea8244e894215c8997110d47b18f4. @martinpitt, @jelly, @mvollmer please check.

[martinpitt]

That rawhide failure shows two problems. First, lots of

AVC avc: denied { ioctl } for pid=120917 comm="sudo" path="socket:[295705]" dev="sockfs" ino=295705 ioctlcmd=0x5401 scontext=sysadm_u:sysadm_r:sysadm_sudo_t:s0-s0:c0.c1023 tcontext=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=0

(which doesn't seem to actually break anything, though)

and second, sssd.service fails to start repeatedly with "Unsupported provider 'files' is used in SSSD config.". Both feel like recent regressions in rawhide, but neither seems related to this PR.

Doing a retry to compare if it's stable or a flake.

[martinpitt]

Meh, it's a stable failure, probably fallout from yesterday's sssd upgrade. I'll put it onto the "to investigate and yell about" crap pile. Please ignore for now.

[zpytela]

Thanks Martin for the findings, unlike sssd, the sudo issue may require our attention.

[martinpitt]

I reported the sssd issue at https://bugzilla.redhat.com/show_bug.cgi?id=2260445 . I added a "naughty" for our tests now, so that it should go green again (and we'll handle the sssd issue on our side with less pressure). Retrying.