Red Hat Bugzilla – Bug 158375
Booting with early-login, login can't do on GDM (denided /etc/X11/xdm/Xession).
Last modified: 2007-11-30 17:11:06 EST
Description of problem: cat /proc/cmdline ro root=LABEL=/ acpi=on video=vesafb:ywrap,mtrr:1600x1200@60 vga=0x346 early-login Booting with early-login, denided /etc/X11/xdm/Xession. And Can't login on GDM in dmesg [...] audit(1116652629.697:0): avc: denied { transition } for path="/etc/X11/xdm/Xsession" dev=hda8 ino=292934 scontext=system_u:system_r:initrc_t tcontext=user_u:system_r:unconfined_t tclass=process $ls -Zal /etc/X11/xdm/Xsession -rwxr-xr-x 1 system_u:object_r:xsession_exec_t root root 3391 4ì 11 20:43 /etc/X11/xdm/Xsession $cat /tmp/xses-sangu.rax3xB /etc/X11/gdm/PreSession/Default: Registering your session with wtmp and utmp /etc/X11/gdm/PreSession/Default: running: /usr/X11R6/bin/sessreg -a -w /var/log/wtmp -u /var/run/utmp -x "/var/gdm/:0.Xservers" -h "" -l ":0" "sangu" session_child_run: Could not exec /etc/X11/xdm Version-Release number of selected component (if applicable): selinux-policy-targeted-1.23.16-5 How reproducible: always Steps to Reproduce: 1. 2. 3. Actual results: Can't login on GDM Expected results: Additional info: kernel-2.6.11-1.1331_FC4 gdm-2.6.0.8-15
login can't do still in selinux-policy-targeted-1.23.17-2. $cat /var/log/audit/audit.log [...] type=AVC msg=audit(1117169338.249:238525): avc: denied { transition } for pid=2619 comm="gdm-binary" name=Xsession dev=hda8 ino=292934 scontext=system_u:system_r:initrc_t tcontext=user_u:system_r:unconfined_t tclass=process type=AVC_PATH msg=audit(1117169338.249:238525): path="/etc/X11/xdm/Xsession" type=PATH msg=audit(1117169338.249:238525): item=0 name="/etc/X11/xdm/Xsession" inode=292934 dev=03:08 mode=0100755 ouid=0 ogid=0 rdev=00:00 [...]
Please see also : bug 155983, comment 1
How do you set this up? Dan
1. add gdm daemon $chkconfig --add gdm-allow-login $chkconfig --add gdm-early-login $chkconfig --add zzz-bootup-complete 2. modify kernel command line option in /boot/grub/menu.list rhgb -> early-login %cat /boot/grub/menu.list [...] title Fedora Core (2.6.11-1.1363_FC4) root (hd0,7) kernel /boot/vmlinuz-2.6.11-1.1363_FC4 ro root=LABEL=/ acpi=on early-login ~~~~~~ initrd /boot/initrd-2.6.11-1.1363_FC4.img [...] 3. reboot ---- initscripts-8.11.1-1 gdm-2.6.0.8-16 See Also : bug 151952 bug 154413
This does not seem to work on my machine with or without SELinux. If you do a chcon -t gdm_exec_t /usr/bin/gdm-binary Does it begin to work?
Only after installing selinux-policy-targeted-1.23.18-2, this bug was fixed. $ls -lZa /usr/bin/gdm-binary -rwxr-xr-x root root system_u:object_r:xdm_exec_t /usr/bin/gdm-binary $ls -lZa /etc/X11/xdm/Xsession -rwxr-xr-x root root system_u:object_r:xsession_exec_t /etc/X11/xdm/Xsession