551102 – setroubleshoot when starting VNC session

Bug 551102 - setroubleshoot when starting VNC session

Summary: setroubleshoot when starting VNC session

Keywords:
Status:	CLOSED DUPLICATE of bug 506326
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	setroubleshoot
Sub Component:
Version:	12
Hardware:	x86_64
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-12-28 22:40 UTC by Michael Moerman
Modified:	2010-01-01 23:40 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-01-01 23:40:41 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Michael Moerman 2009-12-28 22:40:28 UTC

Hi,

I am running Fedora 12 with the latest kernel update and all the latest updates from the release sites as of 28 Dec 2009.
I run my server system in inittab level 3, meaning no X running. However from time to time I need to start a graphical user interface which I do using the Tiger VNC server.
When I start this up I get the following errors in the syslog:

Dec 28 17:22:33 maserver2 setroubleshoot: [avc.ERROR] Plugin Exception catchall #012Traceback (most recent call last):#012  File "/usr/lib64/python2.6/site-packages/setroubleshoot/analyze.py", line 152, in analyze_avc#012    report_receiver.report_problem(report)#012  File "/usr/lib64/python2.6/site-packages/setroubleshoot/server.py", line 203, in report_problem#012    syslog.syslog(summary + _(" For complete SELinux messages. run sealert -l %s" % siginfo.local_id ))#012TypeError: [priority,] message string
Dec 28 17:22:42 maserver2 setroubleshoot: [xml.ERROR] SEFaultSignature.tpath value=#000/tmp/.X11-unix/X16#012Traceback (most recent call last):#012  File "/usr/lib64/python2.6/site-packages/setroubleshoot/xml_serialize.py", line 361, in get_xml_nodes#012    child = typecast(doc, value)#012  File "/usr/lib64/python2.6/site-packages/setroubleshoot/xml_serialize.py", line 92, in string_to_xmlnode#012    return libxml2.newText(str(value))#012  File "/usr/lib64/python2.6/site-packages/libxml2.py", line 1614, in newText#012    ret = libxml2mod.xmlNewText(content)#012TypeError: xmlNewText() argument 1 must be string without null bytes or None, not str
Dec 28 17:22:42 maserver2 setroubleshoot: [xml.ERROR] SEFaultSolution.summary value=SELinux is preventing /usr/libexec/ck-get-x11-server-pid "connectto" access on #000/tmp/.X11-unix/X16.#012Traceback (most recent call last):#012  File "/usr/lib64/python2.6/site-packages/setroubleshoot/xml_serialize.py", line 361, in get_xml_nodes#012    child = typecast(doc, value)#012  File "/usr/lib64/python2.6/site-packages/setroubleshoot/xml_serialize.py", line 95, in string_to_cdata_xmlnode#012    return doc.newCDataBlock(value, len(value))#012  File "/usr/lib64/python2.6/site-packages/libxml2.py", line 4213, in newCDataBlock#012    ret = libxml2mod.xmlNewCDataBlock(self._o, content, len)#012TypeError: xmlNewCDataBlock() argument 2 must be string without null bytes or None, not str
Dec 28 17:22:42 maserver2 setroubleshoot: [xml.ERROR] SEFaultSignatureInfo.tpath value=#000/tmp/.X11-unix/X16#012Traceback (most recent call last):#012  File "/usr/lib64/python2.6/site-packages/setroubleshoot/xml_serialize.py", line 361, in get_xml_nodes#012    child = typecast(doc, value)#012  File "/usr/lib64/python2.6/site-packages/setroubleshoot/xml_serialize.py", line 92, in string_to_xmlnode#012    return libxml2.newText(str(value))#012  File "/usr/lib64/python2.6/site-packages/libxml2.py", line 1614, in newText#012    ret = libxml2mod.xmlNewText(content)#012TypeError: xmlNewText() argument 1 must be string without null bytes or None, not str
Dec 28 17:22:53 maserver2 ck-xinit-session: error connecting to console-kit



The VNC server does start up, but much more slowly than previously, and I get some eratic behaviours of various apps, which I did not have in Fedora 10.
I do not know if this is specific to the fact I am starting X up under VNC or if this is a general X problem on my system. 
Something does seem wrong with setroubleshoot though.

Comment 1 Daniel Walsh 2009-12-29 21:54:28 UTC

Could you try the setroubleshoot that is in updates testing.

yum update setroubleshoot* --enablerepo=updates-testing

You should also update to the latest selinux-policy in testing


yum update selinux-policy* --enablerepo=updates-testing

SELinux might be causing some problems.

Run audit2allow -la  And attach the output.

Please reopen if this does not solve your problem.

Comment 2 Michael Moerman 2009-12-30 00:50:39 UTC

The problem still persists.

Here is the output of audit2allow -la

#============= consolekit_t ==============
allow consolekit_t unconfined_notrans_t:dbus send_msg;
allow consolekit_t unconfined_notrans_t:unix_stream_socket connectto;


NOTEWORTHY - in order to get audit2allow to work I had to install setools and setools-libs-python. There must be some sort of RPM dependency missing there.
However that does not seem to be the reason I am having trouble.

I am hesitant to just allow the 2 above settings without further info though.

Comment 3 Michael Moerman 2010-01-01 23:40:41 UTC

I found bug 506326 which is in fact a duplicate of this one. 
I was able to resolve my problem by changing the execution context type of vncserver to unconfined_exec_t.

*** This bug has been marked as a duplicate of bug 506326 ***

Note You need to log in before you can comment on or make changes to this bug.