Hide Forgot
Description of problem: Version-Release number of selected component (if applicable): 1.0.10.2.fc16 How reproducible: uniformly Steps to Reproduce: 1. fresh install of Fedora 16 on 1/11/2012 2. ran yum update 3. ran yum install xguest 4. logged in as guest user. Actual results: xguest 1.0.10.2.fc16 installed on Fedora 16 with no errors. Log on as guest user and the screen flickers bringing up activities menu and launching application. Any time there is a transition between app windows there is flickering and parts of the screen blank. Clicking the "close all tabs" button exiting firefox reproducibly triggers the "Oops there was a problem" logout screen. Expected results: Gnome should perform normally. Additional info: entries in .xsession_errors and /var/log/messages indicate context errors blocking gnome-shell trying to write and execute files in the home directory. Example errors from /var/log/messages: Jan 12 10:36:39 kiosk201-ch setroubleshoot: SELinux is preventing /usr/bin/gnome-shell from execute access on the file /var/lib/xguest/home/xguest/ffihshgUS (deleted). For complete SELinux messages. run sealert -l a664b36c-087e-414f-9782-14ca918773cf Jan 12 10:36:39 kiosk201-ch setroubleshoot: SELinux is preventing /usr/bin/gnome-shell from execute access on the file /var/lib/xguest/home/xguest/fficUX4j3 (deleted). For complete SELinux messages. run sealert -l a664b36c-087e-414f-9782-14ca918773cf Jan 12 10:36:39 kiosk201-ch setroubleshoot: SELinux is preventing /usr/bin/gnome-shell from execute access on the file /tmp/ffip3pRTd (deleted). For complete SELinux messages. run sealert -l 31bea638-3cd3-4743-9c24-716d851c5cf7 Jan 12 10:36:39 kiosk201-ch setroubleshoot: SELinux is preventing /usr/bin/gnome-shell from execute access on the file /var/tmp/ffi0IqMto (deleted). For complete SELinux messages. run sealert -l 31bea638-3cd3-4743-9c24-716d851c5cf7 Jan 12 10:36:39 kiosk201-ch setroubleshoot: SELinux is preventing /usr/bin/gnome-shell from execute access on the file /dev/shm/ffiNy7H3y (deleted). For complete SELinux messages. run sealert -l 9ba8de97-f515-4fdf-88f3-f473dc0ede41 Jan 12 10:36:39 kiosk201-ch setroubleshoot: SELinux is preventing /usr/bin/gnome-shell from execute access on the file /var/lib/xguest/home/xguest/ffiwe2EDJ (deleted). For complete SELinux messages. run sealert -l a664b36c-087e-414f-9782-14ca918773cf Jan 12 10:36:39 kiosk201-ch setroubleshoot: SELinux is preventing /usr/bin/gnome-shell from execute access on the file /dev/shm/ffinseJdU (deleted). For complete SELinux messages. run sealert -l 9ba8de97-f515-4fdf-88f3-f473dc0ede41 Jan 12 10:36:39 kiosk201-ch setroubleshoot: SELinux is preventing /usr/bin/gnome-shell from execute access on the file /tmp/ffintaYnf (deleted). For complete SELinux messages. run sealert -l 31bea638-3cd3-4743-9c24-716d851c5cf7 Example sealert for one of the errors: [kioskadmin@kiosk201-ch log]$ sudo sealert -l a664b36c-087e-414f-9782-14ca918773cf SELinux is preventing /usr/bin/gnome-shell from execute access on the file /var/lib/xguest/home/xguest/ffiubsQ0I (deleted). ***** Plugin catchall_boolean (89.3 confidence) suggests ******************* If you want to allow_xguest_exec_content Then you must tell SELinux about this by enabling the 'allow_xguest_exec_content' boolean. Do setsebool -P allow_xguest_exec_content 1 ***** Plugin catchall (11.6 confidence) suggests *************************** If you believe that gnome-shell should be allowed execute access on the ffiubsQ0I (deleted) file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep gnome-shell /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
You will need to execute $ setsebool -P allow_xguest_exec_content 1 *** This bug has been marked as a duplicate of bug 755494 ***