After update to 41 selinux prevents gdm login

Hi, the system was working fine under 40, and I thankfully still can get in via console. When I use setenforce=0, the GDM login gets through, but it fails with setenforce=1. I think the cause is this AVC denial for gdm-session-worker:

audit[30432]: AVC avc: denied { transition } for pid=30432 comm=“gdm-session-wor” path=“/etc/gdm/PreSession/Default” dev=“sda5” ino=394457 scontext=system_u:system_r:unconfined_service_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process permissive=0
gdm-password][30391]: Gdm: Unable to run script: Failed to execute child process “/etc/gdm/PreSession/Default” (Permission denied)

Two questions:

  1. Is that because of some system-wide policy that should be changed in the distributed selinux rpms?
  2. Since I seem to be the only one experiencing this issue, how do I fix it locally?

Thank you.

I’d check what’s in /etc/gdm/PreSession/Default, then try:

sudo restorecon -F -I -v '/etc/gdm/PreSession/Default'

Weird. I installed setroubleshoot, rebooted the machine, and now it works as expected.