549962 – Thunar fails to start in a vnc session

Bug 549962 - Thunar fails to start in a vnc session

Summary: Thunar fails to start in a vnc session

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	12
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-12-23 03:36 UTC by Garrett Mitchener
Modified:	2010-01-20 17:09 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:	452830
Environment:
Last Closed:	2010-01-20 13:25:32 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Garrett Mitchener 2009-12-23 03:36:39 UTC

I'm seeing this in Fedora 12 now.  I'm filing it here because I found this old bug report.

I have this in ~/.vnc/xstartup:

#!/bin/bash
echo "{" "$*" "}"
unset SESSION_MANAGER
/usr/bin/startxfce4

When I start VNC and try to get into it with a VNC viewer, I see the same problem reported below.  Thunar won't start, unless I run 'setenforce permissive'

The package is selinux-policy-3.6.32-56.

I don't see anything useful in /var/log/audit/audit.log though.

Here's the previous bug report:

+++ This bug was initially created as a clone of Bug #452830 +++

Description of problem:
Thunar won't launch from inside a vnc session.

My ~/.vnc/xstartup contains:
#!/bin/sh

# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
if test -z "$DBUS_SESSION_BUS_ADDRESS" ; then
  eval `dbus-launch --sh-syntax --exit-with-session`
fi
exec xfce4-session


On starting the vncserver service, an xfce4 session is started, as expected, but
thunar fails to start, so the desktop is not managed etc. Trying to start thunar
manually fails with the following messages:

$ thunar
process 6102: arguments to dbus_connection_send_with_reply_and_block() were
incorrect, assertion "(error) == NULL || !dbus_error_is_set ((error))" failed in
file dbus-connection.c line 3289.
This is normally a bug in some application using the D-Bus library.
  D-Bus not built with -rdynamic so unable to print a backtrace
Aborted



Version-Release number of selected component (if applicable):
$ rpm -qa | grep xfce
xfce4-mailwatch-plugin-1.0.1-8.fc9.x86_64
libxfcegui4-4.4.2-2.fc9.x86_64
xfce4-appfinder-4.4.2-2.fc9.x86_64
libxfce4util-4.4.2-2.fc9.x86_64
xfce4-session-4.4.2-3.fc9.x86_64
imsettings-xfce-0.99.6-5.fc9.x86_64
xfce-mcs-manager-4.4.2-2.fc9.x86_64
xfce-utils-4.4.2-4.fc9.x86_64
xfce4-mixer-4.4.2-2.fc9.x86_64
libxfce4mcs-4.4.2-2.fc9.x86_64
xfce4-session-engines-4.4.2-3.fc9.x86_64
xfce4-icon-theme-4.4.2-1.fc9.noarch
xfce4-panel-4.4.2-4.fc9.x86_64
xfce-mcs-plugins-4.4.2-4.fc9.x86_64

$ rpm -qa | grep thunar
thunar-volman-0.2.0-2.fc9.x86_64

$ rpm -qa | grep vnc
vnc-libs-4.1.2-30.fc9.x86_64
vnc-4.1.2-30.fc9.x86_64
gtk-vnc-0.3.6-1.fc9.x86_64
gtk-vnc-python-0.3.6-1.fc9.x86_64
vnc-server-4.1.2-30.fc9.x86_64



How reproducible:
Everytime

Steps to Reproduce:
See above.

--- Additional comment from jonathan.underwood on 2008-06-25 08:00:31 EDT ---

Just in case it matters:

$ rpm -qa | grep xfwm
xfwm4-theme-nodoka-0.1-1.fc9.noarch
xfwm4-4.4.2-3.fc9.x86_64


--- Additional comment from jonathan.underwood on 2008-06-25 08:00:59 EDT ---

And, also:

]$ rpm -qa | grep dbus
dbus-python-0.82.4-2.fc9.x86_64
dbus-1.2.1-2.fc9.x86_64
dbus-libs-1.2.1-2.fc9.x86_64
dbus-x11-1.2.1-2.fc9.x86_64
dbus-glib-0.74-8.fc9.x86_64


--- Additional comment from kevin on 2008-06-27 15:45:20 EDT ---

This looks like it might be a selinux policy issue. 

Do you have selinux set to enforcing mode? (check /etc/sysconfig/selinux and/or
getenforce)

If so, can you see if you see any avc denial messages in /var/log/audit/audit.log.

Also, see if 'setenforce 0' causes it to work. 

I see the following avc here: 

type=USER_AVC msg=audit(1214595857.856:724): user pid=2367 uid=81
auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: 
denied  { send_msg } for msgtype=method_return dest=:1.40 spid=2418 tpid=16743
scontext=system_u:system_r:hald_t:s0
tcontext=unconfined_u:unconfined_r:unconfined_notrans_t:s0-s0:c0.c1023
tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'



--- Additional comment from jonathan.underwood on 2008-06-27 19:47:15 EDT ---

Yes indeed, switching SElinux to permissive allows thunar to start, and
everything is as expected. I do see exactly the same avc in audit.log as you.

--- Additional comment from kevin on 2008-06-30 15:41:24 EDT ---

ok. I am adding dwalsh to CC here. 

Dan: Is there anything that needs to change in policy or something I need to
change in Thunar to get this working?



--- Additional comment from dwalsh on 2008-06-30 16:14:33 EDT ---

You can allow this for now.

# audit2allow -M mypol -l -i /var/log/audit/audit.log
# semodule -i mypol.pp

Fixed in selinux-policy-3.3.1-72.fc9.noarch

Comment 1 Daniel Walsh 2009-12-23 12:17:33 UTC

Anything in /var/log/messages?  Anything in dmesg?


audit2allow -a

dmesg | audit2allow

If you have nvidia drivers installed, I would suspect you need allow_execstack boolean turned on.

Comment 2 Garrett Mitchener 2010-01-20 16:52:48 UTC

This seems to be resolved now.  There were a lot of software updates since I posted this bug, and one of them must have fixed it.

Note You need to log in before you can comment on or make changes to this bug.