Description of problem: This GNOME 49 Beta update is blocked by SELinux, GDM doesn't start: https://bodhi.fedoraproject.org/updates/FEDORA-2025-2dde5b6cbc According to users, it works in permissive mode. The SELinux error is: Aug 18 16:49:46 fedora audit[3213]: AVC avc: denied { connectto } for pid=3213 comm="systemd-userwor" path="/run/systemd/userdb/org.gnome.DisplayManager" scontext=system_u:system_r:systemd_userdbd_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=1 Aug 18 16:49:46 fedora audit[3308]: AVC avc: denied { connectto } for pid=3308 comm="(systemd)" path="/run/systemd/userdb/org.gnome.DisplayManager" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=1 Aug 18 16:49:46 fedora audit[3302]: AVC avc: denied { connectto } for pid=3302 comm="systemd-userwor" path="/run/systemd/userdb/org.gnome.DisplayManager" scontext=system_u:system_r:systemd_userdbd_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=1 Version-Release number of selected component (if applicable): selinux-policy-42.5-1.fc43 How reproducible: always Steps to Reproduce: 1. install F43 Workstation from https://download.fedoraproject.org/pub/fedora/linux/development/43/Workstation/x86_64/iso/ 2. install the Bodhi update: $ bodhi updates download --updateid FEDORA-2025-2dde5b6cbc $ sudo dnf update *.rpm 3. reboot, gdm doesn't start
GNOME 49 is an important part of Fedora 43, so if this could be handled with priority, that would be amazing. Thank you very much.
Proposed as a Blocker for 43-beta by Fedora user naheemsays using the blocker tracking app because: The gnome stack is important to have up to date and not having this fixed will prevent GDM/mutter/Gnome-shell being their latest versions at the time of beta release.
-4 (+1 / -5) in https://pagure.io/fedora-qa/blocker-review/issue/1889 , marking rejected blocker. Proposing as an FE, as there's some discussion of an FE there.
Discussed at the 2025-09-01 (blocker / freeze exception) review meeting: Accepted in principle to update to 49 Beta/49 RC if the SELinux "logjam" can be resolved or worked around, and the update is available for testing within the next 4–5 days; beyond that, it would be risky to land a major update without delaying the release or to remain on 49 Alpha. https://meetbot-raw.fedoraproject.org//blocker-review_matrix_fedoraproject-org/2025-09-01/f43-blocker-review.2025-09-01-16.00.txt
In practice, this is *transitively* a beta blocker due to bug #2390900 and bug #2392391, which are beta blockers that are themselves blocked on this.
I mean, not necessarily. The way this is supposed to work is that blockers should be fixed with the minimal possible targeted fix. I'm testing a targeted backport for 2390900 ATM.
The last version seems to be fine, so moving further.
FEDORA-2025-7e109c4976 (adwaita-icon-theme-49~rc-1.fc43, at-spi2-core-2.57.2-1.fc43, and 78 more) has been submitted as an update to Fedora 43. https://bodhi.fedoraproject.org/updates/FEDORA-2025-7e109c4976
FEDORA-2025-7e109c4976 has been pushed to the Fedora 43 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-7e109c4976` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-7e109c4976 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
I have not seen any problems with GDM and the above update applied.
FEDORA-2025-7e109c4976 (adwaita-icon-theme-49~rc-1.fc43, at-spi2-core-2.57.2-1.fc43, and 89 more) has been pushed to the Fedora 43 stable repository. If problem still persists, please make note of it in this bug report.