[DSE-Dev] Bug#683756: selinux in permissive mode breaks gdm and X

Ron Murray rjmx at rjmx.net
Tue Aug 14 02:33:14 UTC 2012 

Package: selinux-policy-default
Version: 2:2.20110726-9
Followup-For: Bug #683756

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Running gdm3 in debug mode, I get this in the gdm slave log:

 -------------------------
gdm-welcome][4275]: DEBUG(+): GdmSessionWorker: received pam message of type 2 with payload 'Would you like to enter a security context? [N]  '
 -------------------------

   So it appears that the reason gdm is hanging is that it's been asked
for a security context, which it has no way of answering. How do I
give it a securty context?

   I'm not sure at this point whether I'm looking at a gdm3 bug or an
selinux bug. I'm also (naturally) wondering why nobody else has
reported this.

   One other thing that may or may not be important: I did an strace
of a gdm3 startup, and just before that message was sent, there's
this:

 -------------------------
[pid  7921] open("/etc/selinux/default/logins/Debian-gdm", O_RDONLY) = -1 ENOENT (No such file or directory)
 -------------------------

   Note that the /etc/selinux/default/logins/ directory does not
exist on any of my boxes. Should it?


- -- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.5.1-khufu-0 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages selinux-policy-default depends on:
ii  libpam-modules   1.1.3-7.1
ii  libselinux1      2.1.9-5
ii  libsepol1        2.1.4-3
ii  policycoreutils  2.1.10-9
ii  python           2.7.3~rc2-1

Versions of packages selinux-policy-default recommends:
ii  checkpolicy  2.1.8-2
ii  setools      3.3.7-3

Versions of packages selinux-policy-default suggests:
ii  logcheck        1.3.15
pn  syslog-summary  <none>

- -- Configuration Files:
/etc/selinux/default/modules/active/file_contexts.local [Errno 13] Permission denied: u'/etc/selinux/default/modules/active/file_contexts.local'

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQKbjcAAoJEDHYrtWvbQ1K3yQP/jToa2CaXwcwluinljbPBdHf
ysVKUt5hP1FSKkn5Rr+0QO0rYRXvNFqVPuYVxft6jZBuq1rYe/7MEv4eSTer1k3A
EXm2LiKYA/aKePdJM00205YG8Kr/bmULJhdlx3yIEQiqX3c7zLxX0MJ5ZpAJQn8T
/K4Ba2s25WDWmOZHGAehy5JmhF6j5pAOEYnRdITBpymRK6qB9letN8be9V+5kT4L
ePNGjPl5o9+2IJePbtD1WPQfM3K6x1SPc0BFgm3NBs/uxIDeCRsRJjNECTc9y8XI
PL2vWahjN/DCX2kll95otbbLlBFhvnUgMXQox8XX64gb4H7K7WyYl6kdqY/c4SC7
s/1odhaHiLhqb0MnKspxYH3Yx4ggdyM0P5Lc3w9o4mKC31pu6axuqdF2wyZjFLZ7
aOxisMVu87jL7IN5KKsqKZ52gbCE1sZtlNMplyPmz70VKFkhSv416RcKOUFVKMGp
awA3CZKvh4lE4icHP2l+yRkAXmMsk16MlkNLURwZ4OcICQ8G3HnX5DeUaJnVze5Y
CP7/63+YCDvsv6Bm4gqzsJ2i5G8GV8IFYyDqN++TcD71Oh5glAVeN9Pr6GZO2T0g
wB60jeuK45baRece2ouiXfRJTxnPbTlFppMEPQ8S/V58QZXhX0RAyknJRnFOob7x
FGEynIJ6GVWEaI3Az5xd
=OZZT
-----END PGP SIGNATURE-----

More information about the SELinux-devel mailing list