Confined user show policy issue: When logging into KDE from SDDM, the KDE splash screen starts but idles for around 30 seconds

[py0xc3]

Working with Fedora 38 KDE Spin, x86_64, up to date as of today, only Fedora default repositories (stable), kernel tainted = 0, my user account is confined with sysadm_u (x boolean is enabled).

When Fedora has booted so that I see the SDDM screen where I can log in, I log into KDE with my confined user account: after entering my password, I click on login. Then, the KDE splash screen starts immediately as usual, but it remains for about 30 seconds before the actual KDE desktop is displayed. This issue occurs only if the user account is confined. It works fine (without delay) if I change the user account to unconfined_u.

Root's journalctl log from the very time I logged into KDE from SDDM (I waited several seconds after SDDM has been displayed before logging in to KDE in order to clearly split the relevant log entries from preceding entries):
https://gitlab.com/py0xc31/tmp71/-/raw/main/delayed-KDE-login.log

Given that #1829 does not cause log entries with denials, maybe the above could be the cause for #1829 (I also experience #1829 with sysadm_u but journalctl does not log any denial-related entries).

[PhysicsIsAwesome]

Then, the KDE splash screen starts immediately as usual, but it remains for about 30 seconds before the actual KDE desktop is displayed. This issue occurs only if the user account is confined.

Can confirm long start time with KDE and user_u.

[py0xc3]

I think there is further indication that these initial denials break something of KDE/Plasma that cause "symptoms" at later points:

Beyond the previously mentioned buttons (shutdown, logout, reboot, ...) that do not work in confined accounts but that go not along with dedicated denials, I have a comparable issue with bluetooth (see my today's comment in #1829 for a detailed elaboration).

Both the button issues and the bluetooth issues occur only when the account is confined, they do NOT occur when the account is unconfined, both do not cause SELinux-denials at the moment of occurrence (including the minutes before and after), but both cause comparable user logs from Plasma that seem to indicate Plasma issues.

[zpytela]

Then, the KDE splash screen starts immediately as usual, but it remains for about 30 seconds before the actual KDE desktop is displayed. This issue occurs only if the user account is confined.

Can confirm long start time with KDE and user_u.

@PhysicsIsAwesome Can you share some more details? Which kde version? Physical machine? Other users (staff_u) are not affected? Are there AVC denials?

[py0xc3]

After upgrading to F40 KDE, this issue has been solved, along with #1829 .

@zpytela did you do something in F40? It would be interesting to know if it was you or if Plasma 6 has changed something that made such an impact.