Bug 975897

What is running as initrc_t?

ps -eZ | grep initrc_t

Your login program is trying to communicate via dbus with a program running with the default init script label.

$ ps -eZ | grep initrc_t
system_u:system_r:initrc_t:s0     461 ?        00:00:00 console-kit-dae

looks like it's the consolekit daemon itself

up'd to selinux-policy-3.12.1-54.fc19

interestingly, I still see a denial,

type=USER_AVC msg=audit(1371742686.578:401): pid=360 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=method_call interface=org.freedesktop.ConsoleKit.Manager member=OpenSessionWithParameters dest=org.freedesktop.ConsoleKit spid=660 tpid=835 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:initrc_t:s0 tclass=dbus  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'

but at least now the linked bug #972881 seems to no longer occur.

Rex,
just to be sure

# ps -eZ |grep initrc

Hmm,
on my F19 system

# ps -eZ |grep initrc
system_u:system_r:initrc_t:s0     955 ?        00:00:00 console-kit-dae


commit a61bb14d57ebe4fb4209562e409cbb5e64ae414c
Author: Miroslav Grepl <mgrepl>
Date:   Thu Jun 20 22:00:12 2013 +0200

    We still need to have consolekit policy

$ ps aZx | grep console
system_u:system_r:initrc_t:s0   21216 ?        Ssl    0:00 /usr/sbin/console-kit-daemon --no-daemon

(with selinux-policy-3.12.1-54.fc19)

nominating blocker, since dependent bug #972881 needs this fix

-54 is already stable. Is there actually something here that is still broken in -54 and needs fixing?

I suspect that it's not fixed 100% per comment #6 and comment #7 , but , for purposes of mate and bug #972881 , it would seem -54 is good enough.

-55.fc19 has consolekit fix.

selinux-policy-3.12.1-57.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-57.fc19

Package selinux-policy-3.12.1-57.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-57.fc19'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-11846/selinux-policy-3.12.1-57.fc19
then log in and leave karma (feedback).

I think ConsoleKit should get actual dependency on this version of selinux-policy.

I've upgraded mate-power-manager from updates-testing for bug 972881, it pulled in ConsoleKit, but it introduced like 2 minutes delay before plymouth died and lightdm started, with systemd waiting for ConsoleKit startup to time out.

Good thing I found this bug. Installing above update helps.

No, we really don't get into that kind of versioned dependency game. We just expect people to update regularly. In the normal course of events this update would have gone out to all users long ago; that's only not the case at present because of the release freeze.

Right, my problem only stemmed from using updates-testing selectively (applying only what I thought I needed). If both updates go to stable at the same time, it won't bite anyone. Thanks again :)

selinux-policy-3.12.1-57.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

979637 and 972881 are still broken for me.

not for me, witout giving more infos what everyone expected from yours :)