For the last two or three days, I am unable to get a functional GDM with SELinux in enforcing mode. The GDM screen shows up, but the mouse cursor stays put in the busy state and refuses to respond and allow me select my user name. Switching SELinux to permissive mode solves the problem.
Is this known? Is a bug there somewhere?
Happy hacking, Debarshi
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debarshi Ray wrote:
For the last two or three days, I am unable to get a functional GDM with SELinux in enforcing mode. The GDM screen shows up, but the mouse cursor stays put in the busy state and refuses to respond and allow me select my user name. Switching SELinux to permissive mode solves the problem.
Is this known? Is a bug there somewhere?
Happy hacking, Debarshi
What avc errors are you seeing?
What avc errors are you seeing?
Booting with SELinux set to permissive, and running 'dmesg | grep SELinux' gave me this:
SELinux: Initializing. SELinux: Starting in permissive mode SELinux: Registering netfilter hooks SELinux: 8192 avtab hash slots, 108235 rules. SELinux: 8192 avtab hash slots, 108235 rules. SELinux: 8 users, 11 roles, 2487 types, 119 bools, 1 sens, 1024 cats SELinux: 73 classes, 108235 rules SELinux: Completing initialization. SELinux: Setting up existing superblocks. SELinux: initialized (dev vda1, type ext3), uses xattr SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs SELinux: initialized (dev usbfs, type usbfs), uses genfs_contexts SELinux: initialized (dev selinuxfs, type selinuxfs), uses genfs_contexts SELinux: initialized (dev mqueue, type mqueue), uses transition SIDs SELinux: initialized (dev hugetlbfs, type hugetlbfs), uses genfs_contexts SELinux: initialized (dev devpts, type devpts), uses transition SIDs SELinux: initialized (dev inotifyfs, type inotifyfs), uses genfs_contexts SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs SELinux: initialized (dev anon_inodefs, type anon_inodefs), uses genfs_contexts SELinux: initialized (dev pipefs, type pipefs), uses task SIDs SELinux: initialized (dev debugfs, type debugfs), uses genfs_contexts SELinux: initialized (dev sockfs, type sockfs), uses task SIDs SELinux: initialized (dev proc, type proc), uses genfs_contexts SELinux: initialized (dev bdev, type bdev), uses genfs_contexts SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts SELinux: Context system_u:object_r:devicekit_var_run_t:s0 is not valid (left unmapped). SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses genfs_contexts SELinux: initialized (dev rpc_pipefs, type rpc_pipefs), uses genfs_contexts SELinux: Context system_u:object_r:polkit_reload_t:s0 is not valid (left unmapped). SELinux: Context system_u:object_r:xdm_log_t:s0 is not valid (left unmapped). SELinux: Context system_u:object_r:devicekit_exec_t:s0 is not valid (left unmapped). SELinux: initialized (dev fuse, type fuse), uses genfs_contexts SELinux: Context system_u:object_r:pulseaudio_exec_t:s0 is not valid (left unmapped).
Cheers, Debarshi
On Wed, 2009-03-11 at 01:11 +0530, Debarshi Ray wrote:
What avc errors are you seeing?
Booting with SELinux set to permissive, and running 'dmesg | grep SELinux' gave me this:
The avc errors I've seen in my logs often don't have the string "SELinux" in them; grepping for "avc" might produce something of note.
-B.
Debarshi Ray wrote:
What avc errors are you seeing?
Booting with SELinux set to permissive, and running 'dmesg | grep SELinux' gave me this:
AVC denied messages are in /var/log/audit (if you have audit daemon running) or /var/log/messages otherwise. Grepping for SELinux wouldn't show it.
Rahul
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debarshi Ray wrote:
Here is my audit.log: http://rishi.fedorapeople.org/audit.log
Cheers, Debarshi
Did you just upgrade to selinux?
Try
yum reinstall selinux-policy-targeted
Looks like you have lots of stuff running with strange context.
There is a bug upgrading from F10 to F11 that is causing stuff to crash. Should be fixed tonight.
Did you just upgrade to selinux?
I had updated directly from a Fedora 10 Preview LiveCD to Rawhide, manually working around the RPM, Python 2.6 and OpenSSL issues.
Try
yum reinstall selinux-policy-targeted
So now my frozen GDM is replace by a blank black screen. :-) However I can now Ctrl+Alt+F2 to a virtual terminal and log into text mode, which was earlier not possible with the frozen GDM. From there on startx provides me with a desktop, but the mouse does not respond and the pointer is the ugly black X one.
There is a bug upgrading from F10 to F11 that is causing stuff to crash. Should be fixed tonight.
Okay, I shall try again tomorrow.
Happy hacking, Debarshi
On 03/10/2009 06:14 PM, Debarshi Ray wrote:
Did you just upgrade to selinux?
I had updated directly from a Fedora 10 Preview LiveCD to Rawhide, manually working around the RPM, Python 2.6 and OpenSSL issues.
Try
yum reinstall selinux-policy-targeted
So now my frozen GDM is replace by a blank black screen. :-) However I can now Ctrl+Alt+F2 to a virtual terminal and log into text mode, which was earlier not possible with the frozen GDM. From there on startx provides me with a desktop, but the mouse does not respond and the pointer is the ugly black X one.
There is a bug upgrading from F10 to F11 that is causing stuff to crash. Should be fixed tonight.
Okay, I shall try again tomorrow.
Happy hacking, Debarshi
The remainder of your problems look like labeling. Probably caused by the failed upgrade.
touch /.autorelabel; reboot
will cause the machine to fix its labeling.
On Wed, 2009-03-11 at 00:46 +0530, Debarshi Ray wrote:
For the last two or three days, I am unable to get a functional GDM with SELinux in enforcing mode. The GDM screen shows up, but the mouse cursor stays put in the busy state and refuses to respond and allow me select my user name. Switching SELinux to permissive mode solves the problem.
Is this known? Is a bug there somewhere?
I have had the same issue on my daily-updated Rawhide system for the last few days. I hadn't tracked it down to SELinux, though, I'd just been working around it and then carrying on (and forgetting about it ten minutes later :>)