Bug 158375
| Summary: | Booting with early-login, login can't do on GDM (denided /etc/X11/xdm/Xession). | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | sangu <sangu.fedora> |
| Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED RAWHIDE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | rcoker |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | selinux-policy-targeted-1.23.18-2 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2005-06-09 16:08:19 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
login can't do still in selinux-policy-targeted-1.23.17-2.
$cat /var/log/audit/audit.log
[...]
type=AVC msg=audit(1117169338.249:238525): avc: denied { transition } for
pid=2619 comm="gdm-binary" name=Xsession dev=hda8 ino=292934
scontext=system_u:system_r:initrc_t tcontext=user_u:system_r:unconfined_t
tclass=process
type=AVC_PATH msg=audit(1117169338.249:238525): path="/etc/X11/xdm/Xsession"
type=PATH msg=audit(1117169338.249:238525): item=0 name="/etc/X11/xdm/Xsession"
inode=292934 dev=03:08 mode=0100755 ouid=0 ogid=0 rdev=00:00
[...]
Please see also : bug 155983, comment 1 How do you set this up? Dan 1. add gdm daemon
$chkconfig --add gdm-allow-login
$chkconfig --add gdm-early-login
$chkconfig --add zzz-bootup-complete
2. modify kernel command line option in /boot/grub/menu.list
rhgb -> early-login
%cat /boot/grub/menu.list
[...]
title Fedora Core (2.6.11-1.1363_FC4)
root (hd0,7)
kernel /boot/vmlinuz-2.6.11-1.1363_FC4 ro root=LABEL=/ acpi=on early-login
~~~~~~
initrd /boot/initrd-2.6.11-1.1363_FC4.img
[...]
3. reboot
----
initscripts-8.11.1-1 gdm-2.6.0.8-16
See Also : bug 151952 bug 154413
This does not seem to work on my machine with or without SELinux. If you do a chcon -t gdm_exec_t /usr/bin/gdm-binary Does it begin to work? Only after installing selinux-policy-targeted-1.23.18-2, this bug was fixed. $ls -lZa /usr/bin/gdm-binary -rwxr-xr-x root root system_u:object_r:xdm_exec_t /usr/bin/gdm-binary $ls -lZa /etc/X11/xdm/Xsession -rwxr-xr-x root root system_u:object_r:xsession_exec_t /etc/X11/xdm/Xsession |
Description of problem: cat /proc/cmdline ro root=LABEL=/ acpi=on video=vesafb:ywrap,mtrr:1600x1200@60 vga=0x346 early-login Booting with early-login, denided /etc/X11/xdm/Xession. And Can't login on GDM in dmesg [...] audit(1116652629.697:0): avc: denied { transition } for path="/etc/X11/xdm/Xsession" dev=hda8 ino=292934 scontext=system_u:system_r:initrc_t tcontext=user_u:system_r:unconfined_t tclass=process $ls -Zal /etc/X11/xdm/Xsession -rwxr-xr-x 1 system_u:object_r:xsession_exec_t root root 3391 4ì 11 20:43 /etc/X11/xdm/Xsession $cat /tmp/xses-sangu.rax3xB /etc/X11/gdm/PreSession/Default: Registering your session with wtmp and utmp /etc/X11/gdm/PreSession/Default: running: /usr/X11R6/bin/sessreg -a -w /var/log/wtmp -u /var/run/utmp -x "/var/gdm/:0.Xservers" -h "" -l ":0" "sangu" session_child_run: Could not exec /etc/X11/xdm Version-Release number of selected component (if applicable): selinux-policy-targeted-1.23.16-5 How reproducible: always Steps to Reproduce: 1. 2. 3. Actual results: Can't login on GDM Expected results: Additional info: kernel-2.6.11-1.1331_FC4 gdm-2.6.0.8-15