Bug 170007 - rhgb prompts for context and halts GDM startup
rhgb prompts for context and halts GDM startup
Status: CLOSED NEXTRELEASE
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: selinux-policy-targeted (Show other bugs)
4.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
: Regression
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-10-06 09:35 EDT by Yue Shi Lai
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-10-07 16:53:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Yue Shi Lai 2005-10-06 09:35:41 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.7.12) Gecko/20050921 Red Hat/1.0.7-1.4.1 Firefox/1.0.7

Description of problem:
After updating to Update 2, the rhgb startup always prompts:

YYour default context is user_u:system_r:unconfined_t
Do you want to choose a different one? [n]

and the user is forced to pressing the return key, or GDM will never start, and the console switches to VT 1. This happens regardless if GDM autologin is activated or not.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-2.110

How reproducible:
Always

Steps to Reproduce:
1. Update from Red Hat Enterprise Linux 4 Update 1 to Update 2
2. Reboot
3.
  

Actual Results:  Context prompt appears, if the user does not press return, GDM simply does not start.

Expected Results:  Context prompt does not appear, and GDM starts without user interaction.

Additional info:
Comment 1 Yue Shi Lai 2005-10-06 09:57:14 EDT
This problem appears to be caused because /etc/rc.d/rc.local is not run with
unconfiled_t context.
Comment 2 Daniel Walsh 2005-10-06 10:58:54 EDT
What context does it run with?

  A work around would be to remove "multiple" from the /etc/pam.d/su pam_selinux
line.
Comment 3 Yue Shi Lai 2005-10-06 11:56:41 EDT
It is running, I guess by init's default, in initrc_t. But the "offending" line
lin /etc/rc.d/rc.local is indeed a su (to runs the SynCE's dccm service as
normal user)
Comment 4 Daniel Walsh 2005-10-06 12:54:25 EDT
Please use runuser instead of su.

Dan

Note You need to log in before you can comment on or make changes to this bug.