Red Hat Bugzilla – Bug 1267207
GDM Fails to start when selinux is enforcing
Last modified: 2015-10-05 02:32:00 EDT
Created attachment 1078284 [details]
Journal log after systemctl restart gdm
Description of problem:
I installed a clean F23 beta machine, then used dnf system upgrade to
try and move up to Rawhide.
When I rebooted the system, I got the 'Oh no! Something has gone wrong'
screen, which repeats if I try and relaunch GDM.
Setting 'setenforce 0', or setting selinux to permissive in the config
allows everything to work normally.
I have tried relabelling the filesystem.
Version-Release number of selected component (if applicable):
Rawhide as of 2015-09-28, precise version numbers to follow if required.
Steps to Reproduce:
Install F23 Beta from ISO. Perform dnf system-upgrade to Rawhide and reboot.
GDM Fails to start with an "Oops, something went wrong." screen.
GDM to start normally.
Setting setenforce 0 from a tty allows GDM to start. Attached is a journal with all AVCs shown (I disabled dontaudit with semodule -DB).
Could you attach also /var/log/audit/audit.log file?
It relates with security classes changes. We should have a fix in libselinux and we should require a new libselinux in the policy.
could you try to execute
# dnf update libselinux
to see if it fixes your issue.
*** Bug 1265913 has been marked as a duplicate of this bug. ***
And also run
# systemctl daemon-reexec
I can't see any difference with latest libselinux.
$ rpm -q libselinux
No difference for me either.
I might add that the title is misleading, this occurred for me during a routine update of a rawhide install from a rawhide boot.iso. Both of my two active installs have this issue.
libselinux-2.4-4 and daemon-reexec have had no effect.
Yes, I installed originally from one of the early F23 pre-Alpha images, so this is unlikely to depend on how the installation happened. Changing title.
Also removing needinfo since it's pretty clear the problem is not fixed.
Created attachment 1079323 [details]
Well, an audit.log was asked for in the needinfo. Given that the original reporter has said nothing more, I will provide my own.
Created attachment 1079324 [details]
Just noticed that one of the two needinfos I just cancelled was associated with Comment 1 (request for /var/log/audit/audit.log ). Attaching mine.
Ok I added additiona fixes to rawhide.
which fixes this issue for me.
$ rpm -q selinux-policy
The above version works for me.
Thank you for testing.