Description of problem: SELinux is preventing sddm from 'write' accesses on the file /etc/sddm.conf. ***** Plugin catchall_labels (83.8 confidence) suggests ******************* If you want to allow sddm to have write access on the sddm.conf file Then you need to change the label on /etc/sddm.conf Do # semanage fcontext -a -t FILE_TYPE '/etc/sddm.conf' where FILE_TYPE is one of the following: abrt_var_cache_t, afs_cache_t, anon_inodefs_t, auth_cache_t, auth_home_t, cache_home_t, cgroup_t, config_home_t, data_home_t, dbus_home_t, etc_runtime_t, faillog_t, fonts_cache_t, gconf_home_t, gkeyringd_gnome_home_t, gkeyringd_tmp_t, gnome_home_t, gstreamer_home_t, icc_data_home_t, initrc_tmp_t, initrc_var_run_t, krb5_host_rcache_t, lastlog_t, locale_t, mozilla_plugin_tmp_t, mozilla_plugin_tmpfs_t, pam_var_console_t, pam_var_run_t, puppet_tmp_t, security_t, sysfs_t, systemd_passwd_var_run_t, user_cron_spool_t, user_fonts_t, user_tmp_t, var_auth_t, wtmp_t, xauth_home_t, xdm_home_t, xdm_lock_t, xdm_log_t, xdm_rw_etc_t, xdm_spool_t, xdm_tmpfs_t, xdm_var_lib_t, xdm_var_run_t, xkb_var_lib_t, xserver_log_t, xserver_tmpfs_t. Then execute: restorecon -v '/etc/sddm.conf' ***** Plugin catchall (17.1 confidence) suggests ************************** If you believe that sddm should be allowed write access on the sddm.conf file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep sddm /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:etc_t:s0 Target Objects /etc/sddm.conf [ file ] Source sddm Source Path sddm Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages sddm-0.2.0-0.31.20140627gitf49c2c79.fc21.x86_64 Policy RPM selinux-policy-3.13.1-67.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.16.0-0.rc6.git2.1.fc21.x86_64 #1 SMP Fri Jul 25 14:16:23 UTC 2014 x86_64 x86_64 Alert Count 3 First Seen 2014-07-29 14:49:15 BRT Last Seen 2014-07-30 14:29:30 BRT Local ID 887712bf-2745-43cd-8b56-2e275bb0b416 Raw Audit Messages type=AVC msg=audit(1406741370.511:410): avc: denied { write } for pid=833 comm="sddm" name="sddm.conf" dev="dm-0" ino=22414744 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file permissive=0 Hash: sddm,xdm_t,etc_t,file,write Version-Release number of selected component: selinux-policy-3.13.1-67.fc21.noarch Additional info: reporter: libreport-2.2.3 hashmarkername: setroubleshoot kernel: 3.16.0-0.rc6.git2.1.fc21.x86_64 type: libreport Potential duplicate: bug 1114192
The same bug with the config file which we have for F20. #1114192
sddm-0.9.0-1.20141007git6a28c29b.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/sddm-0.9.0-1.20141007git6a28c29b.fc21
sddm-0.9.0-1.20141007git6a28c29b.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/sddm-0.9.0-1.20141007git6a28c29b.fc20
sddm-0.9.0-1.20141007git6a28c29b.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/sddm-0.9.0-1.20141007git6a28c29b.fc19
Package sddm-0.9.0-1.20141007git6a28c29b.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing sddm-0.9.0-1.20141007git6a28c29b.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-12308/sddm-0.9.0-1.20141007git6a28c29b.fc20 then log in and leave karma (feedback).
sddm-0.9.0-2.20141007git6a28c29b.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
sddm-0.9.0-2.20141007git6a28c29b.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.