735252 – No Login dialog in 3.1.90-1.fc16

Bug 735252 - No Login dialog in 3.1.90-1.fc16

Summary: No Login dialog in 3.1.90-1.fc16

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	gdm
Sub Component:
Version:	16
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Assignee:	Ray Strode [halfline]
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-09-02 00:58 UTC by sangu
Modified:	2011-10-03 18:56 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-09-12 19:24:13 UTC
Dependent Products:

Attachments	(Terms of Use)
messages output (53.49 KB, application/octet-stream) 2011-09-09 13:57 UTC, Steve	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Description sangu 2011-09-02 00:58:11 UTC

Description of problem:
No Login dialog in gdm-3.1.90-1.fc16.

Oh no!  Something has gone wrong
A problem has occurred and the system can't recover. Some of the extensions below may have caused this.
Please try disabling some of these, and then log out and try again.

Version-Release number of selected component (if applicable):
3.1.90-1.fc16

How reproducible:
always

Steps to Reproduce:
1. update to gdm-3.1.90-1.fc16.
2. reboot
3.
  
Actual results:


Expected results:


Additional info:
gnome-shell-3.1.90.1-2.fc16.x86_64
libgee-0.6.1-3.fc16.x86_64
folks-0.6.1-2.fc16.x86_64

Comment 1 Matthias Clasen 2011-09-02 03:41:05 UTC

Please attach .xsession-errors.

Comment 2 Steve 2011-09-02 08:23:06 UTC

I can confirm this bug. Downgrading gdm fixes the problem.

Comment 3 sangu 2011-09-02 09:00:57 UTC

(In reply to comment #1)
> Please attach .xsession-errors.
can't login.

Disable SELinux ( add kernel parameter selinux=0 ), this issue doesn't happen.

So, find  messages in /var/log/messages.
...
Sep  2 08:46:35 localhost kernel: [   28.734056] type=1400 audit(1314920795.239:41): avc:  denied  { execute } for  pid=1502 comm="gnome-shell" path=2F746D702F666669496934656352202864656C6574656429 dev=dm-0 ino=4774 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
Sep  2 08:46:35 localhost kernel: [   28.741357] type=1400 audit(1314920795.247:42): avc:  denied  { execute } for  pid=1502 comm="gnome-shell" path=2F7661722F746D702F666669376C6A4B3166202864656C6574656429 dev=dm-0 ino=4774 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file
...

Is this bug selinux-policy issue?

---
selinux-policy-3.10.0-21.fc16.noarch

Comment 4 Matthias Clasen 2011-09-02 12:36:08 UTC

cc'ing dan walsh for comments

Comment 5 Daniel Walsh 2011-09-02 13:13:20 UTC

Did pam_selinux get removed from the pam config?  gnome-shell should be running under a user context like unconfined_t or staff_t.

Comment 6 Kalev Lember 2011-09-03 16:57:00 UTC

Dan: This is gnome-shell running as a GDM greeter session, no actual user is logged on. That's why the xdm_t context.

Comment 7 Ray Strode [halfline] 2011-09-06 14:51:57 UTC

Dan, recent versions of gdm use gnome-shell as a platform for the greeter.

Comment 8 Daniel Walsh 2011-09-06 15:31:51 UTC

I would prefer that this be done in /var/run rather then /var/tmp, but not sure we can get gnome-shell to do that.  My concern is users are able to screw around in /var/tmp and could cause xdm_t to do something bad.

Should be fixed in selinux-policy-3.10.0-25.fc16

Comment 9 Steve 2011-09-09 06:15:02 UTC

(In reply to comment #8)
.......
> Should be fixed in selinux-policy-3.10.0-25.fc16

It semms not be fixed in this version. Downgrading gdm works around...

Comment 10 Daniel Walsh 2011-09-09 12:21:52 UTC

Steve are you seeing additional AVC messages?

Comment 11 Steve 2011-09-09 13:57:18 UTC

Created attachment 522339 [details]
messages output

I'm not sure, here's the output from messages.

Comment 12 Steve 2011-09-11 15:53:00 UTC

I seems to be fixed now with today's update.

Comment 13 Matias Kreder 2011-09-24 23:43:56 UTC

I'm experiencing a similar issue but SELinux is disabled. GDM wont start. Same error message on the screen, after upgrading from F15.

Comment 14 Vedran Miletić 2011-09-25 13:18:07 UTC

(In reply to comment #13)
> I'm experiencing a similar issue but SELinux is disabled. GDM wont start. Same
> error message on the screen, after upgrading from F15.

Same here, dmesg shows:
[  514.747263] type=1400 audit(1316956326.250:96): avc:  denied  { setattr } for  pid=3934 comm="gnome-session" name="at-spi2" dev=sdc6 ino=261649 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir
[  514.747394] type=1400 audit(1316956326.250:97): avc:  denied  { write } for  pid=3934 comm="gnome-session" name="at-spi2" dev=sdc6 ino=261649 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir
[  514.747422] type=1400 audit(1316956326.250:98): avc:  denied  { add_name } for  pid=3934 comm="gnome-session" name="socket-3934-1892482674" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir
[  514.747475] type=1400 audit(1316956326.250:99): avc:  denied  { create } for  pid=3934 comm="gnome-session" name="socket-3934-1892482674" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=sock_file
[  514.747537] type=1400 audit(1316956326.250:100): avc:  denied  { setattr } for  pid=3934 comm="gnome-session" name="socket-3934-1892482674" dev=sdc6 ino=265318 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=sock_file

Note You need to log in before you can comment on or make changes to this bug.