Bug 1667171
| Summary: | sddm-helper attempts to create a bizarre folder which gets blocked by SELinux | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | peoinas | ||||
| Component: | sddm | Assignee: | Rex Dieter <rdieter> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 28 | CC: | bartos.petr, jgrulich, kde-sig, matt, me, m, oleg.kochkin, ondrej.dolak, pierluigi.fiorini, rdieter | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | sddm-0.18.0-4.fc29 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2019-04-15 17:43:36 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
I can confirm same behaviour on my two computers. Both runs without selinux so the folders are created on every login. I have multiple accounts on both computers, two oldest profiles (migrated from FC25) are immune, but newly created profile suffers from this behaviour. [root@dsk eva] ls -l drwxr-xr-x. 4 eva eva 4096 20. led 13.07 Desktop drwx------. 4 eva eva 51 26. zář 2013 workspace drwxr-xr-x 3 eva eva 19 24. led 21.50 �A�U drwxr-xr-x 3 eva eva 19 25. led 08.53 '�'$'\b''iU' drwxr-xr-x 3 eva eva 19 26. led 10.31 '��'$'\034''V' drwxr-xr-x 3 eva eva 19 24. led 14.44 ���U I've also try this bug 1665521 but abrt version/existence is unrelated to this. I confim this, selinux disabled: $ ls -1 ''$'\020' ''$'\020''@J�'$'\006''V' In folders always empty file ".cache/xsession-errors" I've observed the same behaviour on two of my machines running Fedora 29. Hi, I have the same problem with fresh installation of Fedora 29 (with disabled selinux). I've have migrated/copied three accounts from another computer (running Fedora 28, upgraded since 16) and this problem affects only two of them. I do not see this problem on another machine with Fedora 29 (also upgraded from previous versions). Hi. This is fixed by this commit: https://github.com/sddm/sddm/commit/047ef56e5cfa757ebfcb03a248edad579564b5f3 The upstream bug is https://github.com/sddm/sddm/issues/1145 There are comments about making a new release soon so it's a question if we should cherry pick a fix or wait until it gets released. I'll see if it backports cleanly. sddm-0.18.0-4.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-96c964d319 sddm-0.18.0-4.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-96c964d319 sddm-0.18.0-4.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report. |
Created attachment 1521309 [details] output of sealert -l a527210d-c177-4faf-9e31-f14941998a95 Every time on boot/login, sddm-helper attempts to create a folder with a long nonsense hexadecimal name (eg. EFBFBDEFBFBD1356) and gets blocked by SELinux. Looking at journalctl suggests this happens when sddm-helper attempts to open xsession-errors: Jan 17 17:22:36 kitakubu audit[1317]: AVC avc: denied { create } for pid=1317 comm="sddm-helper" name=EFBFBDEFBFBD1356 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:user_home_t:s0 tclass=dir permissive=0 Jan 17 17:22:36 kitakubu sddm-helper[1317]: Could not open stderr to "��\u0013V/.cache/xsession-errors" Because the hex string is different each time, I'm worried there could be something nasty like overflowing going on here. The sealert output (see attachment) says this started occurring on 2018-12-23. It started happening spontaneously, presumably after an update. My installation is a relatively recent Fedora 29 system (upgraded from 28), which I made last summer. I'm running KDE with an i3 window manager on top (instead of KWin). I have not attempted to reproduce this on a fresh installation.