Likely relevant in audit.log incl. single systemd instance: type=AVC msg=audit(1486473506.809:320): avc: denied { connectto } for pid=1489 comm="(agetty)" path="/run/systemd/journal/stdout" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=unix_stream_socket permissive=0 type=AVC msg=audit(1486473506.814:321): avc: denied { connectto } for pid=1489 comm="agetty" path=002F6F72672F667265656465736B746F702F706C796D6F75746864 scontext=system_u:system_r:getty_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=unix_stream_socket permissive=0 type=AVC msg=audit(1486473506.814:322): avc: denied { connectto } for pid=1489 comm="agetty" path=002F6F72672F667265656465736B746F702F706C796D6F75746864 scontext=system_u:system_r:getty_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=unix_stream_socket permissive=0 type=SERVICE_START msg=audit(1486473509.525:323): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=getty@tty3 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' type=AVC msg=audit(1486473509.525:324): avc: denied { connectto } for pid=1 comm="systemd" path=002F6F72672F667265656465736B746F702F706C796D6F75746864 scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=unix_stream_socket permissive=0 type=AVC msg=audit(1486473509.554:325): avc: denied { connectto } for pid=1490 comm="(agetty)" path="/run/systemd/journal/stdout" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=unix_stream_socket permissive=0 type=AVC msg=audit(1486473509.564:326): avc: denied { connectto } for pid=1490 comm="agetty" path=002F6F72672F667265656465736B746F702F706C796D6F75746864 scontext=system_u:system_r:getty_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=unix_stream_socket permissive=0 type=AVC msg=audit(1486473509.564:327): avc: denied { connectto } for pid=1490 comm="agetty" path=002F6F72672F667265656465736B746F702F706C796D6F75746864 scontext=system_u:system_r:getty_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=unix_stream_socket permissive=0
Also hitting this after upgrading to selinux-policy-3.13.1-236.fc26.noarch on aarch64 and armhfp.
Serial console login isn't possible. Nominating as a blocker for F26 Alpha - "A system installed without a graphical package set must boot to a state where it is possible to log in through at least one of the default virtual consoles"
This is breaking just about every openQA test, also (they wind up at a login prompt, but on tty6 with the Plymouth color scheme...) +1 blocker.
booting with enforcing=0 does indeed seem to resolve this, so it definitely looks like an SELinux issue.
Discussed during the 2017-02-13 blocker review meeting: [1] The decision was made to classify this bug as an AcceptedBlocker (Beta) as it violates the following Beta blocker criteria: "The installer must be able to complete an installation using the serial console interface." combined with "A system installed without a graphical package set must boot to a working login prompt without any unintended user intervention" [1] https://meetbot.fedoraproject.org/fedora-blocker-review/2017-02-13/f26-blocker-review.2017-02-13-18.01.txt
Confirming this issue went away with -239.fc26 package + reboot.
Yep, looks good to me too, thanks
Yeah, this is confirmed fixed in the 20170213.n.1 and 20170214.n.0 composes.