Bug 735252
Summary: | No Login dialog in 3.1.90-1.fc16 | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | sangu <sangu.fedora> | ||||
Component: | gdm | Assignee: | Ray Strode [halfline] <rstrode> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | urgent | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 16 | CC: | delete, dwalsh, kalevlember, mclasen, rstrode, vedran | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2011-09-12 19:24:13 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
sangu
2011-09-02 00:58:11 UTC
Please attach .xsession-errors. I can confirm this bug. Downgrading gdm fixes the problem. (In reply to comment #1) > Please attach .xsession-errors. can't login. Disable SELinux ( add kernel parameter selinux=0 ), this issue doesn't happen. So, find messages in /var/log/messages. ... Sep 2 08:46:35 localhost kernel: [ 28.734056] type=1400 audit(1314920795.239:41): avc: denied { execute } for pid=1502 comm="gnome-shell" path=2F746D702F666669496934656352202864656C6574656429 dev=dm-0 ino=4774 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file Sep 2 08:46:35 localhost kernel: [ 28.741357] type=1400 audit(1314920795.247:42): avc: denied { execute } for pid=1502 comm="gnome-shell" path=2F7661722F746D702F666669376C6A4B3166202864656C6574656429 dev=dm-0 ino=4774 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file ... Is this bug selinux-policy issue? --- selinux-policy-3.10.0-21.fc16.noarch cc'ing dan walsh for comments Did pam_selinux get removed from the pam config? gnome-shell should be running under a user context like unconfined_t or staff_t. Dan: This is gnome-shell running as a GDM greeter session, no actual user is logged on. That's why the xdm_t context. Dan, recent versions of gdm use gnome-shell as a platform for the greeter. I would prefer that this be done in /var/run rather then /var/tmp, but not sure we can get gnome-shell to do that. My concern is users are able to screw around in /var/tmp and could cause xdm_t to do something bad. Should be fixed in selinux-policy-3.10.0-25.fc16 (In reply to comment #8) ....... > Should be fixed in selinux-policy-3.10.0-25.fc16 It semms not be fixed in this version. Downgrading gdm works around... Steve are you seeing additional AVC messages? Created attachment 522339 [details]
messages output
I'm not sure, here's the output from messages.
I seems to be fixed now with today's update. I'm experiencing a similar issue but SELinux is disabled. GDM wont start. Same error message on the screen, after upgrading from F15. (In reply to comment #13) > I'm experiencing a similar issue but SELinux is disabled. GDM wont start. Same > error message on the screen, after upgrading from F15. Same here, dmesg shows: [ 514.747263] type=1400 audit(1316956326.250:96): avc: denied { setattr } for pid=3934 comm="gnome-session" name="at-spi2" dev=sdc6 ino=261649 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir [ 514.747394] type=1400 audit(1316956326.250:97): avc: denied { write } for pid=3934 comm="gnome-session" name="at-spi2" dev=sdc6 ino=261649 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir [ 514.747422] type=1400 audit(1316956326.250:98): avc: denied { add_name } for pid=3934 comm="gnome-session" name="socket-3934-1892482674" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir [ 514.747475] type=1400 audit(1316956326.250:99): avc: denied { create } for pid=3934 comm="gnome-session" name="socket-3934-1892482674" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=sock_file [ 514.747537] type=1400 audit(1316956326.250:100): avc: denied { setattr } for pid=3934 comm="gnome-session" name="socket-3934-1892482674" dev=sdc6 ino=265318 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=sock_file |