[ 810.789118] audit: type=1400 audit(1508258954.730:1673): avc: denied { map } for pid=3473 comm="firefox" path="/usr/share/mime/mime.cache" dev="dm-0" ino=6295861 scontext=staff_u:staff_r:mozilla_t tcontext=staff_u:object_r:usr_t tclass=file permissive=0 I also see similar thing in policy I work on for claws-mail, seems like some gtk stuff, should probably has it's own label and interface? If it gets it's own label it would probably be good idea to also add label for /home/$USER/.local/share/mime/mime.cache .