Bug 452830 - Thunar fails to start in a vnc session
Thunar fails to start in a vnc session
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: Thunar (Show other bugs)
9
All Linux
low Severity low
: ---
: ---
Assigned To: Kevin Fenzi
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-06-25 07:59 EDT by Jonathan Underwood
Modified: 2008-06-30 16:14 EDT (History)
3 users (show)

See Also:
Fixed In Version: 72
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 549962 (view as bug list)
Environment:
Last Closed: 2008-06-30 16:14:33 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jonathan Underwood 2008-06-25 07:59:21 EDT
Description of problem:
Thunar won't launch from inside a vnc session.

My ~/.vnc/xstartup contains:
#!/bin/sh

# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
if test -z "$DBUS_SESSION_BUS_ADDRESS" ; then
  eval `dbus-launch --sh-syntax --exit-with-session`
fi
exec xfce4-session


On starting the vncserver service, an xfce4 session is started, as expected, but
thunar fails to start, so the desktop is not managed etc. Trying to start thunar
manually fails with the following messages:

$ thunar
process 6102: arguments to dbus_connection_send_with_reply_and_block() were
incorrect, assertion "(error) == NULL || !dbus_error_is_set ((error))" failed in
file dbus-connection.c line 3289.
This is normally a bug in some application using the D-Bus library.
  D-Bus not built with -rdynamic so unable to print a backtrace
Aborted



Version-Release number of selected component (if applicable):
$ rpm -qa | grep xfce
xfce4-mailwatch-plugin-1.0.1-8.fc9.x86_64
libxfcegui4-4.4.2-2.fc9.x86_64
xfce4-appfinder-4.4.2-2.fc9.x86_64
libxfce4util-4.4.2-2.fc9.x86_64
xfce4-session-4.4.2-3.fc9.x86_64
imsettings-xfce-0.99.6-5.fc9.x86_64
xfce-mcs-manager-4.4.2-2.fc9.x86_64
xfce-utils-4.4.2-4.fc9.x86_64
xfce4-mixer-4.4.2-2.fc9.x86_64
libxfce4mcs-4.4.2-2.fc9.x86_64
xfce4-session-engines-4.4.2-3.fc9.x86_64
xfce4-icon-theme-4.4.2-1.fc9.noarch
xfce4-panel-4.4.2-4.fc9.x86_64
xfce-mcs-plugins-4.4.2-4.fc9.x86_64

$ rpm -qa | grep thunar
thunar-volman-0.2.0-2.fc9.x86_64

$ rpm -qa | grep vnc
vnc-libs-4.1.2-30.fc9.x86_64
vnc-4.1.2-30.fc9.x86_64
gtk-vnc-0.3.6-1.fc9.x86_64
gtk-vnc-python-0.3.6-1.fc9.x86_64
vnc-server-4.1.2-30.fc9.x86_64



How reproducible:
Everytime

Steps to Reproduce:
See above.
Comment 1 Jonathan Underwood 2008-06-25 08:00:31 EDT
Just in case it matters:

$ rpm -qa | grep xfwm
xfwm4-theme-nodoka-0.1-1.fc9.noarch
xfwm4-4.4.2-3.fc9.x86_64
Comment 2 Jonathan Underwood 2008-06-25 08:00:59 EDT
And, also:

]$ rpm -qa | grep dbus
dbus-python-0.82.4-2.fc9.x86_64
dbus-1.2.1-2.fc9.x86_64
dbus-libs-1.2.1-2.fc9.x86_64
dbus-x11-1.2.1-2.fc9.x86_64
dbus-glib-0.74-8.fc9.x86_64
Comment 3 Kevin Fenzi 2008-06-27 15:45:20 EDT
This looks like it might be a selinux policy issue. 

Do you have selinux set to enforcing mode? (check /etc/sysconfig/selinux and/or
getenforce)

If so, can you see if you see any avc denial messages in /var/log/audit/audit.log.

Also, see if 'setenforce 0' causes it to work. 

I see the following avc here: 

type=USER_AVC msg=audit(1214595857.856:724): user pid=2367 uid=81
auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: 
denied  { send_msg } for msgtype=method_return dest=:1.40 spid=2418 tpid=16743
scontext=system_u:system_r:hald_t:s0
tcontext=unconfined_u:unconfined_r:unconfined_notrans_t:s0-s0:c0.c1023
tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'

Comment 4 Jonathan Underwood 2008-06-27 19:47:15 EDT
Yes indeed, switching SElinux to permissive allows thunar to start, and
everything is as expected. I do see exactly the same avc in audit.log as you.
Comment 5 Kevin Fenzi 2008-06-30 15:41:24 EDT
ok. I am adding dwalsh to CC here. 

Dan: Is there anything that needs to change in policy or something I need to
change in Thunar to get this working?

Comment 6 Daniel Walsh 2008-06-30 16:14:33 EDT
You can allow this for now.

# audit2allow -M mypol -l -i /var/log/audit/audit.log
# semodule -i mypol.pp

Fixed in selinux-policy-3.3.1-72.fc9.noarch

Note You need to log in before you can comment on or make changes to this bug.