Bug 550013 - freenx-server script creates /tmp/.X11-unix without a valid SELinux context
Summary: freenx-server script creates /tmp/.X11-unix without a valid SELinux context
Keywords:
Status: CLOSED DUPLICATE of bug 499183
Alias: None
Product: Fedora
Classification: Fedora
Component: freenx-server
Version: 12
Hardware: i686
OS: Linux
low
high
Target Milestone: ---
Assignee: Adam Tkac
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 561028 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-12-23 09:38 UTC by meiner
Modified: 2013-04-30 23:44 UTC (History)
16 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-03-01 10:48:35 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
logfiles (172.84 KB, application/zip)
2009-12-23 09:38 UTC, meiner
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 550887 0 low CLOSED F12 KDE fails to list USB devices in Places, Device Notifier, etc 2021-02-22 00:41:40 UTC

Description meiner 2009-12-23 09:38:22 UTC
Created attachment 380000 [details]
logfiles

Description of problem:

I'm trying to mount any USB device using dolphin or KDE-Devicemanager and also CDs and DVDs.
I allways fails with the following error message:

Dec 19 16:21:24 tpr61 dbus: Rejected send message, 1 matched rules; type="method_call", sender=":1.34" (uid=500 pid=14020 comm="kded4) interface="org.freedesktop.Hal.Device.Volume" member="Mount" error name="(unset)" requested_reply=0 destination="org.freedesktop.Hal" (uid=0 pid=12014 comm="hald))

a new (fresh) user has the same problem


Fedora 12; KDE 4.3.3 / QT 4.5.3; all current updates installed
uname -a
Linux tpr61 2.6.31.6-166.fc12.i686.PAE #1 SMP Wed Dec 9 11:00:30 EST 2009 i686 i686 i386 GNU/Linux

# getenforce
Enforcing

IBM Thinkpad R61


How reproducible:
$ devkit-disks --mount /dev/sdg1
Mounted /org/freedesktop/DeviceKit/Disks/devices/sdg1 at /media/VERBATIM
$ UDI=`hal-find-by-property --key block.device --string /dev/sdg1`

$ hal-find-by-property --key block.device --string /dev/sdg1
/org/freedesktop/Hal/devices/volume_uuid_1310_1267

$ solid-hardware details $UDI
udi = '/org/freedesktop/Hal/devices/volume_uuid_1310_1267'
parent = '/org/freedesktop/Hal/devices/storage_serial_TOSHIBA_MK5055GSX_6830000ea13c_0_0' (string)
vendor = '' (string)
product = 'VERBATIM' (string)
Block.major = 8 (0x8) (int)
Block.minor = 97 (0x61) (int)
Block.device = '/dev/sdg1' (string)
StorageAccess.accessible = true (bool)
StorageAccess.filePath = '/media/VERBATIM' (string)
StorageVolume.ignored = false (bool)
StorageVolume.usage = 'FileSystem' (0x2) (enum)
StorageVolume.fsType = 'vfat' (string)
StorageVolume.label = 'VERBATIM' (string)
StorageVolume.uuid = '1310-1267' (string)
StorageVolume.size = 500105217024 (0x7470980400) (qulonglong)

$ solid-hardware mount $UDI
Fehler: org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 1 matched rules; type="method_call", sender=":1.250" (uid=500 pid=31221 comm="solid-hardware) interface="org.freedesktop.Hal.Device.Volume" member="Mount" error name="(unset)" requested_reply=0 destination="org.freedesktop.Hal" (uid=0 pid=11939 comm="hald))

rpm -q --whatprovides `which solid-hardware`
kdebase-runtime-4.3.3-5.fc12.i686
# rpm -V kdebase-runtime-4.3.3-5.fc12.i686
#

Actual results:

You see, it works at the command line but not using the GUI.
I atteached my ~/.xsession-errors

Comment 1 Kevin Kofler 2009-12-23 12:41:25 UTC
How are you logging in?

Please paste the output of: ck-list-sessions

Comment 2 meiner 2009-12-23 12:50:03 UTC
/usr/bin/ck-list-sessions
Session1:
        unix-user = '500'
        realname = '(null)'
        seat = 'Seat1'
        session-type = ''
        active = TRUE
        x11-display = ':0'
        x11-display-device = '/dev/tty1'
        display-device = ''
        remote-host-name = ''
        is-local = TRUE
        on-since = '2009-12-23T09:10:22.943846Z'
        login-session-id = ''

Comment 3 meiner 2009-12-23 12:51:48 UTC
$ ps ax | grep dm
  355 ?        S<     0:00 [kdmflush]
  384 ?        S<     0:00 [kdmflush]
  386 ?        S<     0:00 [kdmflush]
  388 ?        S<     0:00 [kdmflush]
  390 ?        S<     0:00 [kdmflush]
  392 ?        S<     0:00 [kdmflush]
 6838 pts/2    S+     0:00 grep dm
12130 ?        Ss     0:00 rpc.idmapd
12433 ?        Ss     0:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
12435 ?        Ss     0:00 sendmail: accepting connections
12665 ?        Ss     0:00 kdm -nodaemon

Comment 4 Kevin Kofler 2009-12-23 13:04:18 UTC
Looks like a regular KDM session which seems to be correctly registered in ConsoleKit, but why is unix-user in the ck-list-sessions output just a UID and not an alphanumeric username? Doesn't your user account have a name?

Comment 5 meiner 2009-12-23 13:19:56 UTC
$ id andre
uid=500(andre) gid=500(andre) Gruppen=500(andre),10(wheel),11(cdrom)

$ grep andre /etc/passwd
andre:x:500:500::/home/andre:/bin/bash

$ getent passwd andre
andre:x:500:500::/home/andre:/bin/bash

Comment 6 Ryan Rix 2009-12-27 05:51:55 UTC
I can verify this on a Thinkpad x200 tablet. Feel free to harass me for details in IRC, Kevin, Than.

[rrix@TheSwan ~]$ rpm -qi kdebase-runtime
Name        : kdebase-runtime              Relocations: (not relocatable)
Version     : 4.3.4                             Vendor: Fedora Project
Release     : 2.fc12                        Build Date: Thu 03 Dec 2009 10:30:11 AM MST
Install Date: Fri 18 Dec 2009 06:03:48 PM MST      Build Host: x86-7.fedora.phx.redhat.com
Group       : User Interface/Desktops       Source RPM: kdebase-runtime-4.3.4-2.fc12.src.rpm
Size        : 13659926                         License: LGPLv2+
Signature   : DSA/SHA1, Wed 09 Dec 2009 08:10:02 AM MST, Key ID efe4780cff6382fa
Packager    : Fedora Project
URL         : http://www.kde.org/
Summary     : K Desktop Environment - Runtime
Description :
Core runtime for the K Desktop Environment 4.


running hal-device reports the disk at:
7: udi = '/org/freedesktop/Hal/devices/usb_device_1307_165_000000000004D2_if0_scsi_host_0_scsi_device_lun0'
  linux.hotplug_type = 2  (0x2)  (int)
  linux.subsystem = 'scsi'  (string)
  info.subsystem = 'scsi'  (string)
  info.product = 'SCSI Device'  (string)
  linux.sysfs_path = '/sys/devices/pci0000:00/0000:00:1d.7/usb2/2-2/2-2:1.0/host8/target8:0:0/8:0:0:0'  (string)
  info.parent = '/org/freedesktop/Hal/devices/usb_device_1307_165_000000000004D2_if0_scsi_host_0'  (string)
  info.linux.driver = 'sd'  (string)
  info.udi = '/org/freedesktop/Hal/devices/usb_device_1307_165_000000000004D2_if0_scsi_host_0_scsi_device_lun0'  (string)
  scsi.host = 8  (0x8)  (int)
  scsi.bus = 0  (0x0)  (int)
  scsi.target = 0  (0x0)  (int)
  scsi.lun = 0  (0x0)  (int)
  scsi.model = 'USB2FlashStorage'  (string)
  scsi.vendor = 'Ut165'  (string)
  scsi.type = 'disk'  (string)

and another at 
7: udi = '/org/freedesktop/Hal/devices/usb_device_1307_165_000000000004D2_if0_scsi_host_0_scsi_device_lun0'
  linux.hotplug_type = 2  (0x2)  (int)
  linux.subsystem = 'scsi'  (string)
  info.subsystem = 'scsi'  (string)
  info.product = 'SCSI Device'  (string)
  linux.sysfs_path = '/sys/devices/pci0000:00/0000:00:1d.7/usb2/2-2/2-2:1.0/host8/target8:0:0/8:0:0:0'  (string)
  info.parent = '/org/freedesktop/Hal/devices/usb_device_1307_165_000000000004D2_if0_scsi_host_0'  (string)
  info.linux.driver = 'sd'  (string)
  info.udi = '/org/freedesktop/Hal/devices/usb_device_1307_165_000000000004D2_if0_scsi_host_0_scsi_device_lun0'  (string)
  scsi.host = 8  (0x8)  (int)
  scsi.bus = 0  (0x0)  (int)
  scsi.target = 0  (0x0)  (int)
  scsi.lun = 0  (0x0)  (int)
  scsi.model = 'USB2FlashStorage'  (string)
  scsi.vendor = 'Ut165'  (string)
  scsi.type = 'disk'  (string)

But any KDE disk mount (places, device notifier, etc) does not list it.

Comment 7 Ryan Rix 2009-12-27 06:11:35 UTC
I guess that I may be having a seperate issue... Places doesn't list my devices at all; the OP looks like they appear, but fail to mount.

Comment 8 meiner 2009-12-27 11:03:42 UTC
"the OP looks like they appear, but fail to mount.  "

You guess right!

Comment 9 Steven M. Parrish 2010-01-12 11:55:35 UTC
Triaged

Comment 10 Tomáš Trnka 2010-01-13 20:25:48 UTC
I'm experiencing the same error as the OP and that is caused by missing /var/run/console/<username> file for DBus at_console policy rules. See bug #499183 for more info.

Comment 11 Kevin Kofler 2010-01-13 20:42:54 UTC
Uh, is D-Bus really still using /var/run/console to verify at_console? If so, that can't work, that stuff was used by pam_console which no longer exists. D-Bus needs to query ConsoleKit.

Comment 12 Tomáš Trnka 2010-01-13 21:24:14 UTC
Well, pam_console.so is 
1) present on my system (i.e. in F12 RPMS) and 
2) enabled (session optional pam_console.so). 
And 3) this bug appeared few weeks ago (I hadn't been using this machine over Christmas and things broke for ma about an week ago, after installing the huge batch of updates accumulated over the holidays - I've found no PAM or related update in it)

Comment 13 Tomáš Trnka 2010-01-14 13:07:02 UTC
Problem solved, wrong label on /tmp/.X11-unix led to pam_console failing. See bug #499183

Comment 14 meiner 2010-02-02 11:21:14 UTC
Nope, problem still exists. Even the todays selinux-policy update followed by a manual relabeling didn't fix it.


# rpm -qa | grep selinux
libselinux-python-2.0.87-1.fc12.i686
selinux-policy-targeted-3.6.32-78.fc12.noarch
libselinux-2.0.87-1.fc12.i686
selinux-policy-3.6.32-78.fc12.noarch
libselinux-utils-2.0.87-1.fc12.i686
[root@tpr61 ~]#

Comment 15 Tomáš Trnka 2010-02-02 13:55:21 UTC
(In reply to comment #14)
> Nope, problem still exists. Even the todays selinux-policy update followed by a
> manual relabeling didn't fix it.

This isn't a SELinux bug, so it can't be fixed by selinux-policy. It's a freenx-server bug and unless you've read bug #499183 and applied the patch there (or disabled the freenx-server service), you'll be experiencing it until the freenx-server package is fixed.

If you do not have freenx-server installed, then the cause of your problem lies somewhere else...

Comment 16 Kevin Kofler 2010-02-02 14:03:36 UTC
So do you have freenx-server installed?

Comment 17 meiner 2010-02-02 14:06:33 UTC
I don't use freeNX - I feel, someone seized my bug and now it's hard to distinct between both of them.

This bug is still unfixed!

Comment 18 meiner 2010-02-02 14:39:30 UTC
bug temporarily fixed.

I installed freenx-server and all dependencies and started it.
I conducted  chcon -t xserver_tmp_t /tmp/.X11-unix
as advised in the other bugreport. 

init 3; init 5

and mounting works. Surprisingly setroubleshoot also appeared. (It also did not work for some time)

# ls -laZ  /tmp/.X11-unix
drwxrwxrwt. root root system_u:object_r:xserver_tmp_t:s0 .
drwxrwxrwt. root root system_u:object_r:tmp_t:s0       ..
srwxrwxrwx. root root system_u:object_r:xserver_tmp_t:s0 X0


# ls -laZd  /tmp/.X11-unix
drwxrwxrwt. root root system_u:object_r:xserver_tmp_t:s0 /tmp/.X11-unix

Comment 19 Tomáš Trnka 2010-02-02 14:58:45 UTC
(In reply to comment #18)
> bug temporarily fixed.
> 
> I installed freenx-server and all dependencies and started it.

You can probably get rid of freenx-server since all it does for you is create /tmp/.X11-unix. Adding 
restorecon -r /tmp/.X11-unix
into rc.local should have the same effect.

> and mounting works. Surprisingly setroubleshoot also appeared. (It also did not
> work for some time)

Then it seems the cause of your problem is very similar. Something is creating /tmp/.X11-unix with a wrong context. You can try removing your workaround again and running ls -laZ  /tmp/.X11-unix to see what the context is. If it's initrc_t, try to grep X11-unix somewhere in /etc/init.d, it may show the culprit.

Comment 20 meiner 2010-02-02 15:13:26 UTC
# grep X11-unix *
freenx-server:# description: Creates /tmp/.X11-unix/ if required and cleans up dead \
freenx-server:  if [ ! -d "/tmp/.X11-unix" ]; then
freenx-server:    mkdir -m1777 /tmp/.X11-unix/
freenx-server:    X11_owner=`/bin/ls -ald /tmp/.X11-unix | /bin/gawk {'print $3'}`
freenx-server:      /bin/chown root /tmp/.X11-unix
vncserver:    if [ ! -d /tmp/.X11-unix ]
vncserver:        mkdir -m 1777 /tmp/.X11-unix || :
vncserver:        restorecon /tmp/.X11-unix 2>/dev/null || :

Comment 21 Daniel Walsh 2010-02-02 16:12:53 UTC
*** Bug 561028 has been marked as a duplicate of this bug. ***

Comment 22 Kevin Kofler 2010-02-02 16:25:23 UTC
So it looks like vncserver was the offender in your case.

Comment 23 Kevin Kofler 2010-02-02 16:30:19 UTC
But then again, hey, it's already running restorecon?!

Comment 24 Jan Görig 2010-03-01 10:48:35 UTC
TigerVNC init script looks good, restorecon is called. Closing.

Comment 25 Kevin Kofler 2010-03-01 11:19:27 UTC
Yeah, it's hard to tell what the offender was in this case, but it doesn't seem to be TigerVNC, sorry. Let's just keep this closed unless somebody figures out what package it should be assigned to.

Comment 26 meiner 2010-03-01 11:46:35 UTC
the freenx initscript lacks of the restorecon to set the right selinux context of /tmp/.X11-unix as s.o. figured out. And thus causing problems for other programs using that file too. Btw. who changed the subject in this wrong manner. 

The subject used to be: [Bug 550013] F12 KDE won't mount any USB device using KDE mechanisms while console works

Comment 27 Kevin Kofler 2010-03-01 11:52:30 UTC
Except you sweared you weren't using freenx-server when it initially happened (see comment #17).

There's already a bug filed for freenx-server.

*** This bug has been marked as a duplicate of bug 499183 ***


Note You need to log in before you can comment on or make changes to this bug.