Bug 158375
Summary: | Booting with early-login, login can't do on GDM (denided /etc/X11/xdm/Xession). | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | sangu <sangu.fedora> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | rcoker |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-targeted-1.23.18-2 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-06-09 16:08:19 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
sangu
2005-05-21 05:26:36 UTC
login can't do still in selinux-policy-targeted-1.23.17-2. $cat /var/log/audit/audit.log [...] type=AVC msg=audit(1117169338.249:238525): avc: denied { transition } for pid=2619 comm="gdm-binary" name=Xsession dev=hda8 ino=292934 scontext=system_u:system_r:initrc_t tcontext=user_u:system_r:unconfined_t tclass=process type=AVC_PATH msg=audit(1117169338.249:238525): path="/etc/X11/xdm/Xsession" type=PATH msg=audit(1117169338.249:238525): item=0 name="/etc/X11/xdm/Xsession" inode=292934 dev=03:08 mode=0100755 ouid=0 ogid=0 rdev=00:00 [...] Please see also : bug 155983, comment 1 How do you set this up? Dan 1. add gdm daemon $chkconfig --add gdm-allow-login $chkconfig --add gdm-early-login $chkconfig --add zzz-bootup-complete 2. modify kernel command line option in /boot/grub/menu.list rhgb -> early-login %cat /boot/grub/menu.list [...] title Fedora Core (2.6.11-1.1363_FC4) root (hd0,7) kernel /boot/vmlinuz-2.6.11-1.1363_FC4 ro root=LABEL=/ acpi=on early-login ~~~~~~ initrd /boot/initrd-2.6.11-1.1363_FC4.img [...] 3. reboot ---- initscripts-8.11.1-1 gdm-2.6.0.8-16 See Also : bug 151952 bug 154413 This does not seem to work on my machine with or without SELinux. If you do a chcon -t gdm_exec_t /usr/bin/gdm-binary Does it begin to work? Only after installing selinux-policy-targeted-1.23.18-2, this bug was fixed. $ls -lZa /usr/bin/gdm-binary -rwxr-xr-x root root system_u:object_r:xdm_exec_t /usr/bin/gdm-binary $ls -lZa /etc/X11/xdm/Xsession -rwxr-xr-x root root system_u:object_r:xsession_exec_t /etc/X11/xdm/Xsession |