Bug 197910

Summary: metacity does not load
Product: [Fedora] Fedora Reporter: clifford snow <jcs>
Component: metacityAssignee: Søren Sandmann Pedersen <sandmann>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6CC: drepper, dwalsh, kem, llim, thethirddoorontheleft, tmayberr
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-09-06 20:13:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
metacity strace none

Description clifford snow 2006-07-07 05:55:37 UTC 
Description of problem:
metacity does not load.  error message indicates a selinux problem.


Version-Release number of selected component (if applicable):
libselinux 1.30.15-5
selinux-policy 2.3.1-1
metacity 2.15.5-6

How reproducible:
Always

Steps to Reproduce:
1. update FC6 test 1 to July 6 updates
2. reboot
3. check for running metacity process or look in log for error messages
  
Actual results:
metacity does not load causing window display problems

Expected results:
Typical gnome windows

Additional info:
The following is written to /var/log/messages:
Localhost kernel: audit(1152216505.513:285): avc: denied {execmem } for
pid=2408 com="metacity" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
Comment 1 Daniel Walsh 2006-07-10 15:03:39 UTC 
Why does metacity need execmem privs?

This is a potential security problem, and we are trying to eliminate this
wherever possible.

http://people.redhat.com/~drepper/selinux-mem.html
Comment 2 Daniel Walsh 2006-07-11 14:10:54 UTC 
*** Bug 198068 has been marked as a duplicate of this bug. ***
Comment 3 Tim Mayberry 2006-07-13 01:45:56 UTC 
*** Bug 198710 has been marked as a duplicate of this bug. ***
Comment 4 Tim Mayberry 2006-07-13 02:19:32 UTC 
*** Bug 198268 has been marked as a duplicate of this bug. ***
Comment 5 Tim Mayberry 2006-07-13 06:09:38 UTC 
Created attachment 132345 [details]
metacity strace
Comment 6 Daniel Walsh 2006-07-17 19:11:18 UTC 
Do we have an update on this being fixed?  Or should I change the executable to
allow execmem for the time being?  Currently people are setting allow_execmem to
get this to work.