Bug 735252

Summary: No Login dialog in 3.1.90-1.fc16
Product: [Fedora] Fedora Reporter: sangu <sangu.fedora>
Component: gdmAssignee: Ray Strode [halfline] <rstrode>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 16CC: delete, dwalsh, kalevlember, mclasen, rstrode, vedran
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-09-12 19:24:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
messages output none

Description sangu 2011-09-02 00:58:11 UTC 
Description of problem:
No Login dialog in gdm-3.1.90-1.fc16.

Oh no!  Something has gone wrong
A problem has occurred and the system can't recover. Some of the extensions below may have caused this.
Please try disabling some of these, and then log out and try again.

Version-Release number of selected component (if applicable):
3.1.90-1.fc16

How reproducible:
always

Steps to Reproduce:
1. update to gdm-3.1.90-1.fc16.
2. reboot
3.
  
Actual results:


Expected results:


Additional info:
gnome-shell-3.1.90.1-2.fc16.x86_64
libgee-0.6.1-3.fc16.x86_64
folks-0.6.1-2.fc16.x86_64
Comment 1 Matthias Clasen 2011-09-02 03:41:05 UTC 
Please attach .xsession-errors.
Comment 2 Steve 2011-09-02 08:23:06 UTC 
I can confirm this bug. Downgrading gdm fixes the problem.
Comment 3 sangu 2011-09-02 09:00:57 UTC 
(In reply to comment #1)
> Please attach .xsession-errors.
can't login.

Disable SELinux ( add kernel parameter selinux=0 ), this issue doesn't happen.

So, find  messages in /var/log/messages.
...
Sep  2 08:46:35 localhost kernel: [   28.734056] type=1400 audit(1314920795.239:41): avc:  denied  { execute } for  pid=1502 comm="gnome-shell" path=2F746D702F666669496934656352202864656C6574656429 dev=dm-0 ino=4774 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
Sep  2 08:46:35 localhost kernel: [   28.741357] type=1400 audit(1314920795.247:42): avc:  denied  { execute } for  pid=1502 comm="gnome-shell" path=2F7661722F746D702F666669376C6A4B3166202864656C6574656429 dev=dm-0 ino=4774 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
...

Is this bug selinux-policy issue?

---
selinux-policy-3.10.0-21.fc16.noarch
Comment 4 Matthias Clasen 2011-09-02 12:36:08 UTC 
cc'ing dan walsh for comments
Comment 5 Daniel Walsh 2011-09-02 13:13:20 UTC 
Did pam_selinux get removed from the pam config?  gnome-shell should be running under a user context like unconfined_t or staff_t.
Comment 6 Kalev Lember 2011-09-03 16:57:00 UTC 
Dan: This is gnome-shell running as a GDM greeter session, no actual user is logged on. That's why the xdm_t context.
Comment 7 Ray Strode [halfline] 2011-09-06 14:51:57 UTC 
Dan, recent versions of gdm use gnome-shell as a platform for the greeter.
Comment 8 Daniel Walsh 2011-09-06 15:31:51 UTC 
I would prefer that this be done in /var/run rather then /var/tmp, but not sure we can get gnome-shell to do that.  My concern is users are able to screw around in /var/tmp and could cause xdm_t to do something bad.

Should be fixed in selinux-policy-3.10.0-25.fc16
Comment 9 Steve 2011-09-09 06:15:02 UTC 
(In reply to comment #8)
.......
> Should be fixed in selinux-policy-3.10.0-25.fc16

It semms not be fixed in this version. Downgrading gdm works around...
Comment 10 Daniel Walsh 2011-09-09 12:21:52 UTC 
Steve are you seeing additional AVC messages?
Comment 11 Steve 2011-09-09 13:57:18 UTC 
Created attachment 522339 [details]
messages output

I'm not sure, here's the output from messages.
Comment 12 Steve 2011-09-11 15:53:00 UTC 
I seems to be fixed now with today's update.
Comment 13 Matias Kreder 2011-09-24 23:43:56 UTC 
I'm experiencing a similar issue but SELinux is disabled. GDM wont start. Same error message on the screen, after upgrading from F15.
Comment 14 Vedran Miletić 2011-09-25 13:18:07 UTC 
(In reply to comment #13)
> I'm experiencing a similar issue but SELinux is disabled. GDM wont start. Same
> error message on the screen, after upgrading from F15.

Same here, dmesg shows:
[  514.747263] type=1400 audit(1316956326.250:96): avc:  denied  { setattr } for  pid=3934 comm="gnome-session" name="at-spi2" dev=sdc6 ino=261649 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir
[  514.747394] type=1400 audit(1316956326.250:97): avc:  denied  { write } for  pid=3934 comm="gnome-session" name="at-spi2" dev=sdc6 ino=261649 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir
[  514.747422] type=1400 audit(1316956326.250:98): avc:  denied  { add_name } for  pid=3934 comm="gnome-session" name="socket-3934-1892482674" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir
[  514.747475] type=1400 audit(1316956326.250:99): avc:  denied  { create } for  pid=3934 comm="gnome-session" name="socket-3934-1892482674" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=sock_file
[  514.747537] type=1400 audit(1316956326.250:100): avc:  denied  { setattr } for  pid=3934 comm="gnome-session" name="socket-3934-1892482674" dev=sdc6 ino=265318 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=sock_file