Description of problem:

The Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) for RHEL8 requires all regular users (that is, according to the STIG, users without administrative privileges) to be set to the user_u default context

Implementing this change prevents users with the user_u context from logging into a GUI session.

Version-Release number of selected component (if applicable):

RHEL8.7
4.18.0-425.3.1.el8.x86_64

How reproducible:

Works with every STIG hardened RHEL8 Hyper-V VM I run.

Steps to Reproduce:
1. Map all applicable admins to the staff_u role: semanage login -a -s staff_u <username>
2. Set the default SELinux context to user_u: semanage login -m -s user_u -r s0 _default_
3. Perform a SELinux relabel
4. Reboot
5. Try to login through the GUI with regular user account

Actual results:

User is returned to the login screen

Expected results:

User should be able to log in and see the GNOME desktop environment

Additional info:

There appears to be several permissions issues concerning /var/lib/gdm. Furthermore, it appears Xorg cannot write to /var/log. See attached log file for details.