agetty performs an ioctl(TIOCSTI) operation. If a hardened-sources kernel with CONFIG_GRKERNSEC_HARDEN_TTY=y is used, this requires the SYS_ADMIN capability. Our SELinux policy denies it this capability, thereby causing the first character of the username to be chomped. Two ways to fix this: 1) Add "allow getty_t self:capability sys_admin" to getty.te. pebenito doesn't want this, so we'd wrap it in a distro_gentoo block. 2) Edit the sys-apps/util-linux ebuild to compile agetty with -UAGETTY_RELOAD if USE=selinux. What do you think?
Personally, I'd prefer (2), but I'm a bit uncomfortable with making USE=selinux disable random program features.
Upstream merged solution (1) after all.
in ~arch
r4 is stable