Bug 1470312 – GDM fails to start when SELinux default user is mapped to the guest_u user

Bug 1470312 - GDM fails to start when SELinux default user is mapped to the guest_u user

Summary:	GDM fails to start when SELinux default user is mapped to the guest_u user

Status:	NEW

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	gdm (Show other bugs)
Sub Component:
Version:	26
Hardware:	x86_64 Linux

Priority	unspecified Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Ray Strode [halfline]
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2017-07-12 13:58 EDT by Richard Berg
Modified:	2017-08-05 20:33 EDT (History)
CC List:	3 users (show)

See Also:
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
logs (7.85 KB, text/plain) 2017-07-12 13:58 EDT, Richard Berg	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Richard Berg 2017-07-12 13:58:39 EDT

Created attachment 1297141 [details]
logs

Description of problem:
GDM fails to start when SELinux default user is mapped to the guest_u user on Fedora 26. The following error message is shown in the console:
  Failed to start User Manager for UID 42 

UID 42 is gdm:
  getent passwd | grep 42
  gdm:x:42:42::/var/lib/gdm:/sbin/nologin


On Fedora 25 GDM starts without any problems when SELinux default user mapped is to guest_u user.


Version-Release number of selected component (if applicable):
gdm-3.24.2-1.fc26.x86_64

Some other component versions:
pam-1.3.0-2.fc26.x86_64
selinux-policy-targeted-3.13.1-259.fc26.noarch
systemd-pam-233-6.fc26.x86_64
systemd-libs-233-6.fc26.x86_64


How reproducible:
Always.


Steps to Reproduce:
1. Install Fedora 26 Workstation with default settings.
2. Change mapping of default SELinux user to guest_u with the following command:
  semanage login -m -s guest_u __default__
3. Reboot the computer


Actual results:
Computer boot stops in text mode. The following error message is show:
  Failed to start User Manager for UID 42 


Expected results:
Computer booting to GNOME login screen.


Additional info:
It looks like gdm is started with guest_r role and this role is picked because SELinux default user is mapped to guest_u. SELinux default user should not be used for services.

See attachment for journalctl and AVCs output.

Comment 1 Taras 2017-07-18 11:43:52 EDT

Got this problem while upgrading from 25 with DNF system-upgrade plugin. Is it possible to fix it via specifying SELinux settings for GDM manually?

Note You need to log in before you can comment on or make changes to this bug.