I am trying to use systemd-homed on my system, for it’s LUKS capabilities, (and it’s more suited for atomic systems…)

THIS IS NOT SELINUX; CONFIRMED; SOME OTHER ISSUE

But it has SELinux issues preventing it from setting the home directory to /home/${USER}…
But I can cd into it just fine, no issues. I can even create/modify/delete files normally as if it was actually my homedir.

As soon as I login via SDDM into KDE, or exec /usr/libexec/plasma-dbus-run-session-if-needed /usr/bin/startplasma-wayland, the wrongly set/unset home directory causes almost every program to crash as state files are not writable.

sudo audit2allow -b:

#============= bootupd_t ==============
allow bootupd_t fs_t:filesystem remount;
allow bootupd_t install_exec_t:file { execute execute_no_trans open read };

#!!!! This avc can be allowed using the boolean 'domain_can_mmap_files'
allow bootupd_t install_exec_t:file map;

#!!!! This avc can be allowed using the boolean 'daemons_dump_core'
allow bootupd_t root_t:dir write;
allow bootupd_t var_run_t:file getattr;

So no SElinux there…

AND applying the GitHub - richiedaze/homed-selinux: systemd-homed SELinux Policy rules doesn’t have any affect too, for some reason (I guess composefs; But there’s absolutely no error).
(Applied as per Building a new home with systemd-homed on fedora)

But I still suspect SELinux because almost everything else is correctly configured, chown -R is done (on the correct user, I’ve confirmed that too via ls -l).
The daemon is running, everything else is correctly in place.

As far as I know such random issues are caused mostly by SElinux…

Some logs: (journalctl --no-hostname -t audit --grep=home | sed 's/myactualusername/${USER}/g') (pvu is my backup non-homed user…)

May 12 21:57:08 audit[12988]: USER_END pid=12988 uid=1000 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_systemd_home,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'
May 12 21:57:08 audit[12988]: USER_START pid=12988 uid=1000 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_systemd_home,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'
May 12 21:57:08 audit[13007]: USER_START pid=13007 uid=0 auid=0 ses=14 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_namespace,pam_systemd_home,pam_umask,pam_keyinit,pam_limits,pam_systemd_home,pam_systemd,pam_unix acct="root" exe="/usr/lib/systemd/systemd-executor" hostname=? addr=? terminal=? res=success'
May 12 21:57:08 audit[12988]: USER_CMD pid=12988 uid=1000 auid=1000 ses=13 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/var/home/pvu" cmd=617564697432616C6C6F77202D62 exe="/usr/bin/sudo" terminal=pts/1 res=success'
May 12 21:56:17 audit[11059]: USER_START pid=11059 uid=0 auid=1000 ses=12 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_namespace,pam_keyinit,pam_limits,pam_systemd_home,pam_systemd,pam_unix,pam_kwallet5,pam_umask,pam_lastlog acct="pvu" exe="/usr/libexec/sddm-helper" hostname=inspiron3511pvu addr=? terminal=/dev/tty4 res=success'
May 12 21:56:17 audit[11066]: USER_START pid=11066 uid=0 auid=1000 ses=13 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_namespace,pam_systemd_home,pam_umask,pam_keyinit,pam_limits,pam_systemd_home,pam_systemd,pam_unix acct="pvu" exe="/usr/lib/systemd/systemd-executor" hostname=? addr=? terminal=? res=success'
May 12 21:56:12 audit[10915]: USER_START pid=10915 uid=0 auid=971 ses=11 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_namespace,pam_systemd_home,pam_umask,pam_keyinit,pam_limits,pam_systemd_home,pam_systemd,pam_unix acct="sddm" exe="/usr/lib/systemd/systemd-executor" hostname=? addr=? terminal=? res=success'
May 12 21:55:34 audit[9708]: DM_CTRL module=crypt op=dtr ppid=1289 pid=9708 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-homewor" exe="/usr/lib/systemd/systemd-homework" subj=system_u:system_r:systemd_homework_t:s0 dev=252:1 error_msg='success' res=1
May 12 21:55:34 audit[9708]: DM_CTRL module=crypt op=ctr ppid=1289 pid=9708 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-homewor" exe="/usr/lib/systemd/systemd-homework" subj=system_u:system_r:systemd_homework_t:s0 dev=252:1 error_msg='success' res=1
May 12 21:55:33 audit[9689]: DM_CTRL module=crypt op=dtr ppid=1289 pid=9689 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-homewor" exe="/usr/lib/systemd/systemd-homework" subj=system_u:system_r:systemd_homework_t:s0 dev=252:1 error_msg='success' res=1
May 12 21:55:33 audit[9689]: DM_CTRL module=crypt op=ctr ppid=1289 pid=9689 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-homewor" exe="/usr/lib/systemd/systemd-homework" subj=system_u:system_r:systemd_homework_t:s0 dev=252:1 error_msg='success' res=1
May 12 21:55:25 audit[9537]: USER_START pid=9537 uid=0 auid=971 ses=9 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_namespace,pam_systemd_home,pam_umask,pam_keyinit,pam_limits,pam_systemd_home,pam_systemd,pam_unix acct="sddm" exe="/usr/lib/systemd/systemd-executor" hostname=? addr=? terminal=? res=success'
May 12 21:55:07 audit[3642]: USER_END pid=3642 uid=0 auid=1000 ses=5 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_namespace,pam_keyinit,pam_limits,pam_systemd_home,pam_systemd,pam_unix,pam_kwallet5,pam_umask,pam_lastlog acct="pvu" exe="/usr/libexec/sddm-helper" hostname=inspiron3511pvu addr=? terminal=/dev/tty3 res=success'
May 12 21:54:50 audit[9166]: USER_END pid=9166 uid=1000 auid=1000 ses=6 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_systemd_home,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/2 res=success'
May 12 21:54:49 audit[9166]: USER_START pid=9166 uid=1000 auid=1000 ses=6 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_systemd_home,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/2 res=success'
May 12 21:54:49 audit[9173]: USER_START pid=9173 uid=0 auid=0 ses=8 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_namespace,pam_systemd_home,pam_umask,pam_keyinit,pam_limits,pam_systemd_home,pam_systemd,pam_unix acct="root" exe="/usr/lib/systemd/systemd-executor" hostname=? addr=? terminal=? res=success'
May 12 21:54:49 audit[9166]: USER_CMD pid=9166 uid=1000 auid=1000 ses=6 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/var/home/pvu" cmd=617564697432616C6C6F77202D62202D4D20626F6F747570645F73656C696E75785F66696C6573 exe="/usr/bin/sudo" terminal=pts/2 res=success'
May 12 21:54:24 audit[9109]: USER_END pid=9109 uid=1000 auid=1000 ses=6 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_systemd_home,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/2 res=success'
May 12 21:54:24 audit[9109]: USER_START pid=9109 uid=1000 auid=1000 ses=6 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_systemd_home,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/2 res=success'
May 12 21:54:24 audit[9123]: USER_START pid=9123 uid=0 auid=0 ses=7 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_namespace,pam_systemd_home,pam_umask,pam_keyinit,pam_limits,pam_systemd_home,pam_systemd,pam_unix acct="root" exe="/usr/lib/systemd/systemd-executor" hostname=? addr=? terminal=? res=success'
May 12 21:54:24 audit[9109]: USER_CMD pid=9109 uid=1000 auid=1000 ses=6 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/var/home/pvu" cmd=617564697432616C6C6F77202D62 exe="/usr/bin/sudo" terminal=pts/2 res=success'
May 12 21:45:10 audit[3642]: USER_START pid=3642 uid=0 auid=1000 ses=5 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_namespace,pam_keyinit,pam_limits,pam_systemd_home,pam_systemd,pam_unix,pam_kwallet5,pam_umask,pam_lastlog acct="pvu" exe="/usr/libexec/sddm-helper" hostname=inspiron3511pvu addr=? terminal=/dev/tty3 res=success'
May 12 21:45:10 audit[3648]: USER_START pid=3648 uid=0 auid=1000 ses=6 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_namespace,pam_systemd_home,pam_umask,pam_keyinit,pam_limits,pam_systemd_home,pam_systemd,pam_unix acct="pvu" exe="/usr/lib/systemd/systemd-executor" hostname=? addr=? terminal=? res=success'
May 12 21:45:05 audit[3462]: USER_START pid=3462 uid=0 auid=971 ses=4 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_namespace,pam_systemd_home,pam_umask,pam_keyinit,pam_limits,pam_systemd_home,pam_systemd,pam_unix acct="sddm" exe="/usr/lib/systemd/systemd-executor" hostname=? addr=? terminal=? res=success'
May 12 21:44:39 audit[2068]: DM_CTRL module=crypt op=dtr ppid=1289 pid=2068 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-homewor" exe="/usr/lib/systemd/systemd-homework" subj=system_u:system_r:systemd_homework_t:s0 dev=252:1 error_msg='success' res=1
May 12 21:44:39 audit[2068]: DM_CTRL module=crypt op=ctr ppid=1289 pid=2068 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-homewor" exe="/usr/lib/systemd/systemd-homework" subj=system_u:system_r:systemd_homework_t:s0 dev=252:1 error_msg='success' res=1
May 12 21:44:38 audit[2048]: DM_CTRL module=crypt op=dtr ppid=1289 pid=2048 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-homewor" exe="/usr/lib/systemd/systemd-homework" subj=system_u:system_r:systemd_homework_t:s0 dev=252:1 error_msg='success' res=1
May 12 21:44:38 audit[2048]: DM_CTRL module=crypt op=ctr ppid=1289 pid=2048 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-homewor" exe="/usr/lib/systemd/systemd-homework" subj=system_u:system_r:systemd_homework_t:s0 dev=252:1 error_msg='success' res=1
May 12 21:40:49 audit[1519]: USER_START pid=1519 uid=0 auid=971 ses=1 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_namespace,pam_systemd_home,pam_umask,pam_keyinit,pam_limits,pam_systemd_home,pam_systemd,pam_unix acct="sddm" exe="/usr/lib/systemd/systemd-executor" hostname=? addr=? terminal=? res=success'
May 12 21:40:48 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-homed-activate comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
May 12 21:40:48 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-homed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

What is left to do:

• Apply the selinux rules via rpm-ostree usroverlay
• SELINUX=permissive into /etc/selinux/config
• In the shell, exec env HOME=/home/${USER} "$0" "$@" to exec into the shell with the env set, then start plasma. (See edit as to why this isn’t possible)

EDIT: In a TTY if I login now there are more issues: It asks for Password: 3-4 times and then it freshly asks for login again.

UPDATES:

• su - $HOMED_USER, tty, ask for password 2 times and then exit… SDDM just logs in and jumps right back to the greeter…
• Found [RFC] Support systemd-homed by maage · Pull Request #939 · fedora-selinux/selinux-policy · GitHub where the homectl with ${HOMED_USER} -- restorecon command : IT FIXES THE ABOVE ISSUE; I can login via su - (and sddm)

What was the command you entered to create the user?

I created my home this way:
homectl create myactualusername -c 'Pramod V U' -G wheel -u 1010

Yes, to align with that forum link’s homectl create, I have run this too:
homectl update myactualusername --luks-extra-mount-options=defcontext=system_u:object_r:user_home_dir_t

I had a similar problems with SDDM and homed. My hypothesis at that time was either a record of a successful login or configuation file was created on the OS or on the home directory was needed to be able to login.

I also figured out that by adding the --password-change-now=true flag, does not work on SDDM..

To test my theory, I logged in from the terminal:

su - yournewuser

In theory, all the dir/files should now be created and I should be able to login with SDDM. Now all I neede to do was exit the shell and try to log back in with SDDM.

Conclusion: I was able to login systemd-homed user successfully from the SDDM.

Screenshot From 2025-05-13 18-16-411920×999 43.8 KB

Yes, there is something of that sort…

There are just too many incompatibilities with sddm… with newer features and specifications…

Not the conclusion for me unfortunately.

After doing all the SElinux relabeling, I had issues with logging in (See the UPDATES at the bottom of the maon post here…) And it got fixed when I relabeled the homedir itself

SOLVED:
Don’t do anything except:
homectl with ${HOMED_USER} -- restorecon -vFR /home/${HOMED_USER}

From this RFC: [RFC] Support systemd-homed by maage · Pull Request #939 · fedora-selinux/selinux-policy · GitHub

Hopefully systemd-home(d|work) does that on it’s own during user creation… Where do I complain/suggest?