Description of problem: No Login dialog in gdm-3.1.90-1.fc16. Oh no! Something has gone wrong A problem has occurred and the system can't recover. Some of the extensions below may have caused this. Please try disabling some of these, and then log out and try again. Version-Release number of selected component (if applicable): 3.1.90-1.fc16 How reproducible: always Steps to Reproduce: 1. update to gdm-3.1.90-1.fc16. 2. reboot 3. Actual results: Expected results: Additional info: gnome-shell-3.1.90.1-2.fc16.x86_64 libgee-0.6.1-3.fc16.x86_64 folks-0.6.1-2.fc16.x86_64
Please attach .xsession-errors.
I can confirm this bug. Downgrading gdm fixes the problem.
(In reply to comment #1) > Please attach .xsession-errors. can't login. Disable SELinux ( add kernel parameter selinux=0 ), this issue doesn't happen. So, find messages in /var/log/messages. ... Sep 2 08:46:35 localhost kernel: [ 28.734056] type=1400 audit(1314920795.239:41): avc: denied { execute } for pid=1502 comm="gnome-shell" path=2F746D702F666669496934656352202864656C6574656429 dev=dm-0 ino=4774 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file Sep 2 08:46:35 localhost kernel: [ 28.741357] type=1400 audit(1314920795.247:42): avc: denied { execute } for pid=1502 comm="gnome-shell" path=2F7661722F746D702F666669376C6A4B3166202864656C6574656429 dev=dm-0 ino=4774 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file ... Is this bug selinux-policy issue? --- selinux-policy-3.10.0-21.fc16.noarch
cc'ing dan walsh for comments
Did pam_selinux get removed from the pam config? gnome-shell should be running under a user context like unconfined_t or staff_t.
Dan: This is gnome-shell running as a GDM greeter session, no actual user is logged on. That's why the xdm_t context.
Dan, recent versions of gdm use gnome-shell as a platform for the greeter.
I would prefer that this be done in /var/run rather then /var/tmp, but not sure we can get gnome-shell to do that. My concern is users are able to screw around in /var/tmp and could cause xdm_t to do something bad. Should be fixed in selinux-policy-3.10.0-25.fc16
(In reply to comment #8) ....... > Should be fixed in selinux-policy-3.10.0-25.fc16 It semms not be fixed in this version. Downgrading gdm works around...
Steve are you seeing additional AVC messages?
Created attachment 522339 [details] messages output I'm not sure, here's the output from messages.
I seems to be fixed now with today's update.
I'm experiencing a similar issue but SELinux is disabled. GDM wont start. Same error message on the screen, after upgrading from F15.
(In reply to comment #13) > I'm experiencing a similar issue but SELinux is disabled. GDM wont start. Same > error message on the screen, after upgrading from F15. Same here, dmesg shows: [ 514.747263] type=1400 audit(1316956326.250:96): avc: denied { setattr } for pid=3934 comm="gnome-session" name="at-spi2" dev=sdc6 ino=261649 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir [ 514.747394] type=1400 audit(1316956326.250:97): avc: denied { write } for pid=3934 comm="gnome-session" name="at-spi2" dev=sdc6 ino=261649 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir [ 514.747422] type=1400 audit(1316956326.250:98): avc: denied { add_name } for pid=3934 comm="gnome-session" name="socket-3934-1892482674" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir [ 514.747475] type=1400 audit(1316956326.250:99): avc: denied { create } for pid=3934 comm="gnome-session" name="socket-3934-1892482674" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=sock_file [ 514.747537] type=1400 audit(1316956326.250:100): avc: denied { setattr } for pid=3934 comm="gnome-session" name="socket-3934-1892482674" dev=sdc6 ino=265318 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=sock_file