Bug 2082887

Summary: selinux-policy > 34.1.25-1.el9 breaks plasma desktop
Product: Red Hat Enterprise Linux 9 Reporter: Gordan Bobic <gordan>
Component: selinux-policyAssignee: Zdenek Pytela <zpytela>
Status: CLOSED DUPLICATE QA Contact: Milos Malik <mmalik>
Severity: high Docs Contact:
Priority: unspecified    
Version: CentOS StreamCC: bstinson, jwboyer, lvrabec, mmalik, ssekidde
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-09 07:04:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Gordan Bobic 2022-05-08 08:18:02 UTC 
Description of problem:
With selinux-policy-34.1.25-1.el9, everything works fine, login works and the desktop shows up.

As soon as selinux-policy is upgraded beyond that version, login screen shows up, but after entering the password, only a black screen shows up forever. No KDE loading animation, just a black screen.

Version-Release number of selected component (if applicable):
34.1.25-1.el9 works
34.1.26-1.el9 is broken.

How reproducible:
Every time. Install later selinux-policy, and it breaks. Downgrade back to 34.1.25-1 and it works again.

Steps to Reproduce:
1. Install plasma-workspace
2. On login screen select Plasma (X11)
3. With selinux-policy 34.1.25 it works, with later versions login never completes.

Actual results:
Black screen, no KDE loading splash screen, no desktop.

Expected results:
Login should complete and lead to a working desktop.
Comment 1 Gordan Bobic 2022-05-08 08:35:32 UTC 
Possibly a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=2058657
Comment 2 Milos Malik 2022-05-08 09:44:15 UTC 
In order to find out what exactly is the cause, we need to see SELinux denials that are triggered in enforcing and permissive mode.

Please collect SELinux denials and attach them to this BZ:

# ausearch -m avc -m user_avc -m selinux_err -i -ts today

Thank you.
Comment 3 Gordan Bobic 2022-05-08 10:06:44 UTC 
I have been able to confirm - this is a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=2058657
Comment 4 Zdenek Pytela 2022-05-09 07:04:23 UTC 

*** This bug has been marked as a duplicate of bug 2058657 ***