Hi, I am running Fedora 12 with the latest kernel update and all the latest updates from the release sites as of 28 Dec 2009. I run my server system in inittab level 3, meaning no X running. However from time to time I need to start a graphical user interface which I do using the Tiger VNC server. When I start this up I get the following errors in the syslog: Dec 28 17:22:33 maserver2 setroubleshoot: [avc.ERROR] Plugin Exception catchall #012Traceback (most recent call last):#012 File "/usr/lib64/python2.6/site-packages/setroubleshoot/analyze.py", line 152, in analyze_avc#012 report_receiver.report_problem(report)#012 File "/usr/lib64/python2.6/site-packages/setroubleshoot/server.py", line 203, in report_problem#012 syslog.syslog(summary + _(" For complete SELinux messages. run sealert -l %s" % siginfo.local_id ))#012TypeError: [priority,] message string Dec 28 17:22:42 maserver2 setroubleshoot: [xml.ERROR] SEFaultSignature.tpath value=#000/tmp/.X11-unix/X16#012Traceback (most recent call last):#012 File "/usr/lib64/python2.6/site-packages/setroubleshoot/xml_serialize.py", line 361, in get_xml_nodes#012 child = typecast(doc, value)#012 File "/usr/lib64/python2.6/site-packages/setroubleshoot/xml_serialize.py", line 92, in string_to_xmlnode#012 return libxml2.newText(str(value))#012 File "/usr/lib64/python2.6/site-packages/libxml2.py", line 1614, in newText#012 ret = libxml2mod.xmlNewText(content)#012TypeError: xmlNewText() argument 1 must be string without null bytes or None, not str Dec 28 17:22:42 maserver2 setroubleshoot: [xml.ERROR] SEFaultSolution.summary value=SELinux is preventing /usr/libexec/ck-get-x11-server-pid "connectto" access on #000/tmp/.X11-unix/X16.#012Traceback (most recent call last):#012 File "/usr/lib64/python2.6/site-packages/setroubleshoot/xml_serialize.py", line 361, in get_xml_nodes#012 child = typecast(doc, value)#012 File "/usr/lib64/python2.6/site-packages/setroubleshoot/xml_serialize.py", line 95, in string_to_cdata_xmlnode#012 return doc.newCDataBlock(value, len(value))#012 File "/usr/lib64/python2.6/site-packages/libxml2.py", line 4213, in newCDataBlock#012 ret = libxml2mod.xmlNewCDataBlock(self._o, content, len)#012TypeError: xmlNewCDataBlock() argument 2 must be string without null bytes or None, not str Dec 28 17:22:42 maserver2 setroubleshoot: [xml.ERROR] SEFaultSignatureInfo.tpath value=#000/tmp/.X11-unix/X16#012Traceback (most recent call last):#012 File "/usr/lib64/python2.6/site-packages/setroubleshoot/xml_serialize.py", line 361, in get_xml_nodes#012 child = typecast(doc, value)#012 File "/usr/lib64/python2.6/site-packages/setroubleshoot/xml_serialize.py", line 92, in string_to_xmlnode#012 return libxml2.newText(str(value))#012 File "/usr/lib64/python2.6/site-packages/libxml2.py", line 1614, in newText#012 ret = libxml2mod.xmlNewText(content)#012TypeError: xmlNewText() argument 1 must be string without null bytes or None, not str Dec 28 17:22:53 maserver2 ck-xinit-session: error connecting to console-kit The VNC server does start up, but much more slowly than previously, and I get some eratic behaviours of various apps, which I did not have in Fedora 10. I do not know if this is specific to the fact I am starting X up under VNC or if this is a general X problem on my system. Something does seem wrong with setroubleshoot though.
Could you try the setroubleshoot that is in updates testing. yum update setroubleshoot* --enablerepo=updates-testing You should also update to the latest selinux-policy in testing yum update selinux-policy* --enablerepo=updates-testing SELinux might be causing some problems. Run audit2allow -la And attach the output. Please reopen if this does not solve your problem.
The problem still persists. Here is the output of audit2allow -la #============= consolekit_t ============== allow consolekit_t unconfined_notrans_t:dbus send_msg; allow consolekit_t unconfined_notrans_t:unix_stream_socket connectto; NOTEWORTHY - in order to get audit2allow to work I had to install setools and setools-libs-python. There must be some sort of RPM dependency missing there. However that does not seem to be the reason I am having trouble. I am hesitant to just allow the 2 above settings without further info though.
I found bug 506326 which is in fact a duplicate of this one. I was able to resolve my problem by changing the execution context type of vncserver to unconfined_exec_t. *** This bug has been marked as a duplicate of bug 506326 ***