Description of problem: When starting vncserver from the systemd unit file, the service fails due to selinux denials. Version-Release number of selected component (if applicable): tigervnc-server-1.8.0-5.fc27.x86_64 How reproducible: 100% Steps to Reproduce: 1. install tigervnc-server 2. Follow the steps in /usr/lib/systemd/system/vncserver@.service 3. systemctl enable vncserver@:1.service 4. systemctl start vncserver@:1.service Actual results: journalctl -xe contains: -- The start-up result is done. Feb 26 14:53:06 amd-dinar-04.lab.bos.redhat.com systemd[1]: Starting Remote desktop service (VNC)... -- Subject: Unit vncserver@:1.service has begun start-up -- Defined-By: systemd -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit vncserver@:1.service has begun starting up. Feb 26 14:53:06 amd-dinar-04.lab.bos.redhat.com audit[1903]: CRED_ACQ pid=1903 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=PAM: Feb 26 14:53:06 amd-dinar-04.lab.bos.redhat.com systemd[1]: Started Session c3 of user jsmith. -- Subject: Unit session-c3.scope has finished start-up -- Defined-By: systemd -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit session-c3.scope has finished starting up. -- -- The start-up result is done. Feb 26 14:53:06 amd-dinar-04.lab.bos.redhat.com runuser[1903]: pam_unix(runuser-l:session): session opened for user jsmith by (uid=0) Feb 26 14:53:06 amd-dinar-04.lab.bos.redhat.com audit[1903]: USER_START pid=1903 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=PA Feb 26 14:53:06 amd-dinar-04.lab.bos.redhat.com runuser[1903]: A VNC server is already running as :1 Feb 26 14:53:06 amd-dinar-04.lab.bos.redhat.com runuser[1903]: pam_unix(runuser-l:session): session closed for user jsmith Feb 26 14:53:06 amd-dinar-04.lab.bos.redhat.com audit[1903]: USER_END pid=1903 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=PAM: Feb 26 14:53:06 amd-dinar-04.lab.bos.redhat.com audit[1903]: CRED_DISP pid=1903 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=PAM Feb 26 14:53:06 amd-dinar-04.lab.bos.redhat.com systemd[1]: vncserver@:1.service: Control process exited, code=exited status=98 Feb 26 14:53:06 amd-dinar-04.lab.bos.redhat.com systemd[1]: Failed to start Remote desktop service (VNC). -- Subject: Unit vncserver@:1.service has failed -- Defined-By: systemd -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit vncserver@:1.service has failed. -- -- The result is failed. Feb 26 14:53:06 amd-dinar-04.lab.bos.redhat.com audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=vncserver@:1 comm Feb 26 14:53:06 amd-dinar-04.lab.bos.redhat.com audit[1]: AVC avc: denied { unlink } for pid=1 comm="systemd" name="amd-dinar-04.lab.bos.redhat.com:1.pid" dev="dm-2" ino=16 Feb 26 14:53:06 amd-dinar-04.lab.bos.redhat.com systemd[1]: vncserver@:1.service: Unit entered failed state. Feb 26 14:53:06 amd-dinar-04.lab.bos.redhat.com systemd[1]: vncserver@:1.service: Failed with result 'exit-code'. Expected results: No errors, and the service should have started Additional info: Workaround is to disable selinux :( P.
*** This bug has been marked as a duplicate of bug 1401458 ***