Created attachment 1199396 [details] journalctl output during freeze Description of problem: Installed and fully updated KDE system freezes on login and while typing to menu or launching application. Starts happening after selinux update. Version-Release number of selected component (if applicable): libselinux-2.5-11.fc25.x86_64 libselinux-python3-2.5-11.fc25.x86_64 libselinux-utils-2.5-11.fc25.x86_64 rpm-plugin-selinux-4.13.0-0.rc1.46.fc25.x86_64 selinux-policy-3.13.1-208.fc25.noarch selinux-policy-targeted-3.13.1-208.fc25.noarch How reproducible: always Steps to Reproduce: 1.run dnf upgrade on kde system 2.reboot 3.try to login, type to menu, launch application Actual results: system will freeze Expected results: system should run normally without freezing Additional info:
Created attachment 1199399 [details] packages on my pc
If i boot with enforcing=0 there are no problems with this.
It takes more than 5 minutes to login or launch application. I propose this as beta blocker because it violates alpha criterion: "A system installed with a release-blocking desktop must boot to a log in screen where it is possible to log in to a working desktop using a user account created during installation or a 'first boot' utility."
if selinux is causing this, there should be an AVC that you can report?
There are these avc in log: Sep 09 07:17:50 localhost.localdomain audit[2901]: AVC avc: denied { read } for pid=2901 comm="udisksd" name="sr0" dev="devtmpfs" ino=8290 scontext=system_u:system_r:udisks2_t:s0 tcontext=system_u:object_r:removable_device_t:s0 tclass=blk_file permissive=0 Sep 09 07:17:50 localhost.localdomain audit[2901]: AVC avc: denied { wake_alarm } for pid=2901 comm="udisksd" capability=35 scontext=system_u:system_r:udisks2_t:s0 tcontext=system_u:system_r:udisks2_t:s0 tclass=capability2 permissive=0 Sep 09 07:17:50 localhost.localdomain audit[2901]: AVC avc: denied { read } for pid=2901 comm="udisksd" name="sr0" dev="devtmpfs" ino=8290 scontext=system_u:system_r:udisks2_t:s0 tcontext=system_u:object_r:removable_device_t:s0 tclass=blk_file permissive=0 I wanted to report them through selinux troubleshooter, but it is not installed in default KDE and it doesn't want to start if I install it manually.
Fix: https://github.com/fedora-selinux/selinux-policy/commit/f03db1257b911bc97dddb88b488a9b0df2b40848
selinux-policy-3.13.1-214.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-5f88bebc7c
selinux-policy-3.13.1-214.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-5f88bebc7c
Pavel can you test using 'sudo dnf upgrade https://kojipkgs.fedoraproject.org//packages/selinux-policy/3.13.1/214.fc25/noarch/selinux-policy-3.13.1-214.fc25.noarch.rpm https://kojipkgs.fedoraproject.org//packages/selinux-policy/3.13.1/214.fc25/noarch/selinux-policy-targeted-3.13.1-214.fc25.noarch.rpm' and see if you still have the same problem? Before next blocker review is ideal.
selinux-policy-3.13.1-214.fc25 seems to fix this issue.
Discussed at 2016-09-19 blocker review meeting: [1]. This bug was accepted as Beta blocker: this is an effective violation of all desktop-related Alpha and Beta criteria (as it takes ~5 minutes to do anything at all) [1] https://meetbot-raw.fedoraproject.org/fedora-blocker-review/2016-09-19/
selinux-policy-3.13.1-214.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.