Description of problem: When working with gnome-initial-setup in F35, I noticed that even though I kept "Location Services" and "Automatic Problem Reporting" enabled in gnome-initial-setup, they were then disabled in the actual OS. This only happens when selinux is enforcing, though. When permissive, the settings are correctly applied to the OS. This might be related to bug 1997310, it might be even the same bug. I don't know, but I'm filing this separately, so that this particular problem is trackable. Version-Release number of selected component (if applicable): selinux-policy-34.16-1.fc35.noarch gnome-initial-setup-41~beta-3.fc35.x86_64 Fedora-Workstation-Live-x86_64-35-20210912.n.0.iso How reproducible: always Steps to Reproduce: 1. install Workstation Live 2. in initial setup, keep Location Services and Automatic Problem Reporting enabled 3. in the installed system, check them in gnome-control-center and find them disabled 4. repeat 1-3 again, but this time add "enforcing=0" before booting into gnome-initial-setup, and see the problem resolved
Created attachment 1822825 [details] journal I'm adding a journal, but I assume that most of the denials reported in bug 1997310 will be also relevant here.
Proposing as a Final blocker: "If an initial setup utility is run or intended to be run after the first boot of the installed system, then it must start successfully and each page or panel of the initial setup utility should withstand a basic functionality test. " https://fedoraproject.org/wiki/Fedora_35_Final_Release_Criteria#First_boot_experience
Some problems have already been resolved, I've added references to similar bugzillas. Sep 13 13:15:38 fedora audit[824]: AVC avc: denied { create } for pid=824 comm="ModemManager" scontext=system_u:system_r:modemmanager_t:s0 tcontext=system_u:system_r:modemmanager_t:s0 tclass=qipcrtr_socket permissive=0 resolved in selinux-policy-34.19-2 Sep 13 13:16:32 localhost-live audit[1369]: AVC avc: denied { read } for pid=1369 comm="gdb" name="user" dev="tmpfs" ino=1329 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:xdm_var_run_t:s0 tclass=file permissive=0 abrt failures should not cause any problem; if it was a result of missing permissions for at-spi, it will be addressed by the next build Sep 13 13:17:40 localhost-live audit[1015]: AVC avc: denied { sigkill } for pid=1015 comm="dbus-daemon" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:unconfined_service_t:s0-s0:c0.c1023 tclass=process permissive=0 yet to be troubleshooted Sep 13 13:18:51 localhost-live audit[1654]: AVC avc: denied { execute } for pid=1654 comm="dbus-daemon" name="gnome-keyring-daemon" dev="vda2" ino=3315 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:gkeyringd_exec_t:s0 tclass=file permissive=0 solution on the way Sep 13 13:16:31 localhost-live ibus-daemon[1282]: Error creating proxy: Error calling StartServiceByName for org.gtk.vfs.Daemon: Timeout was reached (g-io-error-quark, 24) there are other errors like this which do not have a matching AVC denial
(In reply to Zdenek Pytela from comment #3) > Sep 13 13:16:31 localhost-live ibus-daemon[1282]: Error creating proxy: > Error calling StartServiceByName for org.gtk.vfs.Daemon: Timeout was reached > (g-io-error-quark, 24) > there are other errors like this which do not have a matching AVC denial We need to figure out what's going on with all these D-Bus timeouts. I think we should block release of F35 beta until we know what's going on with these. We're up to something like four or five related bugs now....
Current state is that with updated selinux-policy, the system seems to install and setup without a glitch, I'd like to have somebody to confirm though. I believe this bz can be closed as a dup of bz#1997310, refer there for the latest information.
I tested now the last build (Fedora-Workstation-Live-x86_64-35-20210918.n.0) and found that this bug is FIXED there. All settings at initial setup still enabled after reboot.
*** This bug has been marked as a duplicate of bug 1997310 ***