Description of problem: The following gets logged more often now for a few days. After the last system update and reboot, the message was already logged 75 times: Oct 22 00:56:54 horus gsd-color[10449]: failed to set screen _ICC_PROFILE: Failed to open file “/var/lib/gdm/.local/share/icc/edid-4daa39eed4132dd27967977091f97abe.icc”: Permission denied Version-Release number of selected component (if applicable): $ rpm -qf `locate gsd-color` gnome-settings-daemon-3.28.1-1.fc28.x86_64 How reproducible: Always Steps to Reproduce: 1. Login to a Gnome desktop 2. Open syslog 3. See the message get logged over and over again. Actual results: There are no visible ill effects, as far as I can tell. Expected results: gsd-color shouldn't log to syslog so often. Additional info: There are two "gsd-color" processes, but the log message is always generated from the user-spawned one: # ps -fp `pgrep gsd-color` UID PID PPID C STIME TTY STAT TIME CMD gdm 2774 1721 0 00:42 tty1 Sl+ 0:00 /usr/libexec/gsd-color christi+ 10449 10059 0 00:43 tty2 Sl+ 0:01 /usr/libexec/gsd-color In this case the one with PID 10449. And indeed, the user is not able to open the mentioned .icc file: # ls -Zld /var{,/lib{,/gdm/{,.local/{,share{,/icc{,/edid-4daa39eed4132dd27967977091f97abe.icc}}}}}} drwxr-xr-x. 23 root root system_u:object_r:var_t:s0 4096 May 10 15:04 /var drwxr-xr-x. 70 root root system_u:object_r:var_lib_t:s0 4096 Aug 25 01:12 /var/lib drwxrwx--T. 7 gdm gdm system_u:object_r:xdm_var_lib_t:s0 96 Oct 22 00:42 /var/lib/gdm/ drwx------. 3 gdm gdm system_u:object_r:xdm_var_lib_t:s0 19 Dec 18 2017 /var/lib/gdm/.local/ drwx------. 7 gdm gdm system_u:object_r:xdm_var_lib_t:s0 92 Feb 22 2018 /var/lib/gdm/.local/share drwxr-xr-x. 2 gdm gdm system_u:object_r:xdm_var_lib_t:s0 104 Dec 20 2017 /var/lib/gdm/.local/share/icc -rw-r--r--. 1 gdm gdm system_u:object_r:xdm_var_lib_t:s0 1492 Dec 20 2017 /var/lib/gdm/.local/share/icc/edid-4daa39eed4132dd27967977091f97abe.icc This has been reported upstream and to other distributions too, although I only noticed this message a few days ago in my logs: * Warning: "failed to set screen _ICC_PROFILE" https://bugzilla.gnome.org/show_bug.cgi?id=749338 * FS#54207 - [gnome-settings-daemon] failed to set screen _ICC_PROFILE https://bugs.archlinux.org/task/54207 * gsd-color[1032]: failed to set screen _ICC_PROFILE https://bugs.launchpad.net/ubuntu/+source/gnome-settings-daemon/+bug/1747891
Also, just upon login to the Gnome desktop I always receive an SELinux alert (but only one) - but this has been the case for quite a while now and never bothered me: Oct 22 00:43:51 horus audit[3102]: AVC avc: denied { map } for pid=3102 comm="colord" path="/home/christian/.local/share/icc/edid-4daa39eed4132dd27967977091f97abe.icc" dev="ecryptfs" ino=539871982 scontext=system_u:system_r:colord_t:s0 tcontext=system_u:object_r:ecryptfs_t:s0 tclass=file permissive=0 The SE troubleshooter alaways advises to run: /sbin/restorecon -v /home/christian/.local/share/icc/edid-4daa39eed4132dd27967977091f97abe.icc Sometimes I do this and then have: $ ls -lZ /home/christian/.local/share/icc/edid-4daa39eed4132dd27967977091f97abe.icc -rw-------. 1 christian christian system_u:object_r:ecryptfs_t:s0 1492 Dec 20 2017 /home/christian/.local/share/icc/edid-4daa39eed4132dd27967977091f97abe.icc But again, the SE alert has showed up after login for quite some time; the gsd-color syslog spam is new however.
Most likely as a consequence of bug 1645822, this is still happening with F29: Nov 12 02:31:52 horus gsd-color[9020]: failed to set screen _ICC_PROFILE: Failed to open file “/var/lib/gdm/.local/share/icc/edid-af4fc25ff2a9390469d836f6cda3b4d9.icc”: Permission denied $ ls -lZ /var/lib/gdm/.local/share/icc/edid-af4fc25ff2a9390469d836f6cda3b4d9.icc -rw-r--r--. 1 gdm gdm system_u:object_r:xdm_var_lib_t:s0 1428 Dec 18 2017 /var/lib/gdm/.local/share/icc/edid-af4fc25ff2a9390469d836f6cda3b4d9.icc horus# $ rpm -q selinux-policy selinux-policy-3.14.2-42.fc29.noarch
This message is a reminder that Fedora 29 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora 29 on 2019-11-26. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '29'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 29 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
This kept happening until September 30 with selinux-policy 3.14.3-46.fc30 but hasn't happen ever since: Sep 30 14:23:13 journal[4613]: failed to set screen _ICC_PROFILE: Failed to open file “/home/christian/.local/share/icc/edid-4daa39eed4132dd27967977091f97abe.icc”: Permission denied # ls -lZa /var/lib/gdm/.local/share/icc/ total 8 drwxr-xr-x. 2 gdm gdm system_u:object_r:xdm_var_lib_t:s0 104 Dec 20 2017 . drwx------. 8 gdm gdm system_u:object_r:xdm_var_lib_t:s0 104 Nov 16 2018 .. -rw-r--r--. 1 gdm gdm system_u:object_r:xdm_var_lib_t:s0 1492 Dec 20 2017 edid-4daa39eed4132dd27967977091f97abe.icc -rw-r--r--. 1 gdm gdm system_u:object_r:xdm_var_lib_t:s0 1428 Dec 18 2017 edid-af4fc25ff2a9390469d836f6cda3b4d9.icc
CLOSED - WORKSFORME is BS! Now, whether or not this has been fixed/addressed in F30/31 is maybe more of the question. I am seeing this error specifically because there are actually 2 gsd-color daemons running. One for the system login screen (GDM) (and in this example, is on tty1) and one for my currently logged in gnome session (in this example, on tty3). The login screen gsd-color daemon is owned by user 42 (gdm), while my logged in gsd-color daemon is owned by my own userid 1000 (on tty3). Also note that my personal .local directory, by default, has 0700 permissions. The gdm user (nor any other user on my system) is allowed access to anything under my .local directory. squirrel:~% ls -ld /home/dhansen/.local drwx------. 3 dhansen dhansen 4096 Jun 12 2018 /home/dhansen/.local/ The REAL BUG is why the gsd-color daemon owned by gdm is trying to access my logged in user configuration and not the system-wide gdm-owned configuration under /var/lib/gdm/.local/share/icc directory!?!? Hopefully this particular issue has been fixed under F30/31 (or I'll be back to re-open it). squirrel:~% ps alx | grep gsd-color 0 42 13059 12956 20 0 720192 26120 - Sl+ tty1 0:00 /usr/libexec/gsd-color 0 1000 24237 23994 20 0 859588 26608 x64_sy Sl+ tty3 0:00 /usr/libexec/gsd-color Nov 14 11:00:42 squirrel.dltk-hansen.org gsd-color[13059]: failed to set screen _ICC_PROFILE: Failed to open file “/home/dhansen/.local/share/icc/edid-f183444319fcc8cb6d787cf8dbc82d88.icc”: Permission denied Notice that the log entry is from 'gsd-color[13059]' which is the daemon owned by userid 42 (gdm) which should NOT be trying to open my local user config directory and is rightfully getting permission denied!