Bug 2175711
Summary: | gnome-initial-setup hangs when I try to add a Google account | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Kamil Páral <kparal> | ||||
Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> | ||||
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 38 | CC: | aday, awilliam, dwalsh, gnome-sig, klember, lvrabec, mcatanza, mmalik, omosnacek, pkoncity, robatino, tiagomatos, vmojzis, zpytela | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2023-03-06 17:22:45 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 2083911, 2083912 | ||||||
Attachments: |
|
Description
Kamil Páral
2023-03-06 12:09:55 UTC
Proposing a blocker: https://fedoraproject.org/wiki/Fedora_38_Final_Release_Criteria#First_boot_experience Created attachment 1948327 [details]
system journal
This should be the system journal during the boot with the frozen initial setup.
Additionally - clicking the policy link on the privacy page has no effect. (I'm testing with the same nightly image as Kamil.) I see avc denials in the log: Mar 06 13:05:45 localhost-live audit[1796]: AVC avc: denied { create } for pid=1796 comm="bwrap" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=user_namespace permissive=0 Mar 06 13:05:45 localhost-live gnome-initial-setup.desktop[1796]: bwrap: Creating new namespace failed: Permission denied That to me suggests that selinux is blocking bubblewrap which makes webkit sandboxing not work and breaks gnome-online-accounts. Can you try please if changing selinux to permissive mode makes it work? I agree with Kalev's assessment. Ideally WebKit should crash the main process rather than just hanging if bwrap fails, but regardless it's not a supportable situation. Reassigning to selinux-policy. Isn't this a dupe of https://bugzilla.redhat.com/show_bug.cgi?id=2159230 ? Yeah, pretty sure it is. *** This bug has been marked as a duplicate of bug 2159230 *** |