Description of problem: When I attempt to log into a cinnamon session as a user who normally runs as staff_t I get a "could not connect to session bus" popup and then immediately logged out. Logging in via the console, switching to permissive, and running ``systemctl --user status dbus.socket'' reveals that dbus failed to listen on the socket it created under /run/user/$UID. The relevant audit logs are as follows: type=AVC msg=audit(1516313011.186:655257): avc: denied { listen } for pid=7598 comm="systemd" path="/run/user/1000/bus" scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=staff_u:staff_r:staff_dbusd_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=0 type=SYSCALL msg=audit(1516313011.186:655257): arch=c000003e syscall=50 success=no exit=-13 a0=17 a1=80 a2=15 a3=7ffc293fc15c items=0 ppid=1 pid=7598 auid=1000 uid=1000 gid=100 euid=1000 suid=1000 fsuid=1000 egid=100 sgid=100 fsgid=100 tty=(none) ses=16 comm="systemd" exe="/usr/lib/systemd/systemd" subj=staff_u:staff_r:staff_t:s0-s0:c0.c1023 key=(null) Version-Release number of selected component (if applicable): dbus-1.11.20-1.fc27.x86_64 lightdm-1.24.0-1.fc27.x86_64 selinux-policy-3.13.1-283.21.fc27.noarch How reproducible: While enforcing and the user has not previously logged in while permissive Steps to Reproduce: 1. Install F27 Cinnamon and latest updates 2. Add a user with a staff_t login 3. Log in as that user via lightdm Additional info: The following policy seems to fix the issue for me: allow staff_t staff_dbusd_t:unix_stream_socket listen;
selinux-policy-3.13.1-283.24.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-a144eca5a8
selinux-policy-3.13.1-283.24.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-a144eca5a8
selinux-policy-3.13.1-283.24.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.