Description of problem:
Fresh installation of i386 Workstation from netinst results in 5 selinux denials on first login.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Boot workstation netinst
2. Use all defaults, don't create a user
4. Go through g-i-s
5. log in with user from step 4
6. See notifications for avc denials
no avc denials
Also proposing as a Final Blocker per the following criterion: There must be no SELinux denial notifications or crash notifications on boot of or during installation from a release-blocking live image, or at first login after a default install of a release-blocking desktop.
The denials are for:
All for "read" under "Attempted Access."
Do you have these AVCs?
Personally, I think this domains trying to read /etc/localtime.
Could you confirm this?
FWIW I didn't see this on an x86_64 Workstation network install today which got selinux-policy -122.
Discussed at today's blocker review meeting .
It was decided to delay the decision - adamw couldn't reproduce this today and the report is short on detail, let's give roshi a chance to provide more info
Here are the selinux logs.
Lukas, looks like you're correct.
I've only seen this on i386 and only when g-i-s is used to create the user. If you create the user in anaconda there are no denials. -122 was installed.
Sorry it took me so long to respond :(
*** This bug has been marked as a duplicate of bug 1190377 ***