| Summary: | Colord crashes gnome-settings-daemon due to selinux denial | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | John (J5) Palmieri <johnp> |
| Component: | colord | Assignee: | Richard Hughes <hughsient> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 16 | CC: | hughsient, jkeck, rhughes |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-11-29 20:52:55 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
I think you just need to relabel your home directory. How did you get F16, did you "yum upgrade" from F15 or use anaconda? I did a preupgrade with anaconda doing the install but things did go wrong and I had to unmunge my system manually. relabeling now. I'll let you know if it helps. |
Description of problem: When the shell starts up gnome-settings-daemon starts colord and has it read the profile data in my directory if one is set up. If selinux is turned on it denies the read request which gnome-settings-daemon handles by crashing. This brings up the Fail Whale "something bad happened and it shouldn't have" logout screen. Here is the denial: Nov 9 19:50:31 dhcp-100-2-224 kernel: [ 1372.880559] type=1400 audit(1320886231.411:22): avc: denied { getattr } for pid=1841 comm="colord" path=2F686F6D652F6A6F686E702F2E636F6C6F722F6963632F47434D202D204C454E4F564F202D203239313243544F2028323031302D30372D3237292E696363 dev=dm-2 ino=6685955 scontext=system_u:system_r:colord_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file Two issues here: 1) SELinux rules need to be fixed 2) gnome-settings-daemon shouldn't crash if colord can't load a file - the desktop still works fine and so this should not be a fatal error Version-Release number of selected component (if applicable): colord in fedora 16 How reproducible: Any time selinux is in enforcing mode, I have a colord profile active for my hardware and I log into GNOME Steps to Reproduce: 1. make sure selinux is on and enforcing 2. configure a custom colord profile for your monitor 3.logout and log back in Actual results: Fail Whale telling me I need to log out and not letting me do anything else Expected results: I get logged in and colord adjusts my display per the profile (btw this works fine if selinux is not enforcing)