Bug 709481

Summary: xdm executes gnome keyring daemon
Product: [Fedora] Fedora Reporter: Dominick Grift <dominick.grift>
Component: gdmAssignee: jmccann
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: cschalle, dominick.grift, dwalsh, jmccann, mgrepl, rstrode
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-05-31 20:03:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
raw log none

Description Dominick Grift 2011-05-31 19:35:25 UTC 
Created attachment 502076 [details]
raw log

Description of problem:
In some scenarios gdm seems to run gnome-keyring-daemon

Version-Release number of selected component (if applicable):
selinux-policy-3.9.16-24.fc16.noarch

How reproducible:
Not sure but setting UID_MIN and GID_MIN in /etc/login.defs to 2000 may (or may not) trigger it. This event occurred when Fedora set it to 1000 a few days ago.

Additional info:

allow xdm_dbusd_t gkeyringd_exec_t:file { read execute open execute_no_trans };
allow xdm_dbusd_t random_device_t:chr_file read;
allow xdm_dbusd_t self:process { getcap setcap };
allow xdm_dbusd_t session_dbusd_tmp_t:sock_file create;
allow xdm_dbusd_t system_dbusd_t:unix_stream_socket connectto;
allow xdm_dbusd_t system_dbusd_var_run_t:sock_file write;
#!!!! The source type 'xdm_dbusd_t' can write to a 'dir' of the following types:
# user_home_t, session_dbusd_tmp_t

allow xdm_dbusd_t xdm_var_lib_t:dir { write create add_name };

see raw logs enclosed
Comment 1 Daniel Walsh 2011-05-31 20:03:13 UTC 

*** This bug has been marked as a duplicate of bug 708510 ***