Per these audit.log denials: type=USER_AVC msg=audit(1371651676.513:840): pid=349 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.ConsoleKit.Manager member=OpenSessionWithParameters dest=org.freedesktop.ConsoleKit spid=6334 tpid=461 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:initrc_t:s0 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' type=USER_AVC msg=audit(1371651677.569:842): pid=349 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.ConsoleKit.Manager member=CanRestart dest=:1.10 spid=6336 tpid=461 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:initrc_t:s0 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' type=USER_AVC msg=audit(1371651677.583:843): pid=349 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.ConsoleKit.Manager member=CanStop dest=:1.10 spid=6336 tpid=461 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:initrc_t:s0 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' The OpenSessionWithParameters call is the most important one here, essentially blocks session registration, so any CK aware/using application fails to recognize active sessions.
What is running as initrc_t? ps -eZ | grep initrc_t Your login program is trying to communicate via dbus with a program running with the default init script label.
$ ps -eZ | grep initrc_t system_u:system_r:initrc_t:s0 461 ? 00:00:00 console-kit-dae looks like it's the consolekit daemon itself
up'd to selinux-policy-3.12.1-54.fc19 interestingly, I still see a denial, type=USER_AVC msg=audit(1371742686.578:401): pid=360 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.ConsoleKit.Manager member=OpenSessionWithParameters dest=org.freedesktop.ConsoleKit spid=660 tpid=835 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:initrc_t:s0 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' but at least now the linked bug #972881 seems to no longer occur.
Rex, just to be sure # ps -eZ |grep initrc
Hmm, on my F19 system # ps -eZ |grep initrc system_u:system_r:initrc_t:s0 955 ? 00:00:00 console-kit-dae commit a61bb14d57ebe4fb4209562e409cbb5e64ae414c Author: Miroslav Grepl <mgrepl> Date: Thu Jun 20 22:00:12 2013 +0200 We still need to have consolekit policy
$ ps aZx | grep console system_u:system_r:initrc_t:s0 21216 ? Ssl 0:00 /usr/sbin/console-kit-daemon --no-daemon (with selinux-policy-3.12.1-54.fc19)
nominating blocker, since dependent bug #972881 needs this fix
-54 is already stable. Is there actually something here that is still broken in -54 and needs fixing?
I suspect that it's not fixed 100% per comment #6 and comment #7 , but , for purposes of mate and bug #972881 , it would seem -54 is good enough.
-55.fc19 has consolekit fix.
selinux-policy-3.12.1-57.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-57.fc19
Package selinux-policy-3.12.1-57.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-57.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-11846/selinux-policy-3.12.1-57.fc19 then log in and leave karma (feedback).
I think ConsoleKit should get actual dependency on this version of selinux-policy. I've upgraded mate-power-manager from updates-testing for bug 972881, it pulled in ConsoleKit, but it introduced like 2 minutes delay before plymouth died and lightdm started, with systemd waiting for ConsoleKit startup to time out. Good thing I found this bug. Installing above update helps.
No, we really don't get into that kind of versioned dependency game. We just expect people to update regularly. In the normal course of events this update would have gone out to all users long ago; that's only not the case at present because of the release freeze.
Right, my problem only stemmed from using updates-testing selectively (applying only what I thought I needed). If both updates go to stable at the same time, it won't bite anyone. Thanks again :)
selinux-policy-3.12.1-57.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
979637 and 972881 are still broken for me.
not for me, witout giving more infos what everyone expected from yours :)