[DSE-Dev] Bug#683756: selinux in permissive mode breaks gdm and X
Laurent Bigonville
bigon at debian.org
Tue Aug 14 09:03:20 UTC 2012
tag 683756 + moreinfo
thanks
Le Mon, 13 Aug 2012 22:33:14 -0400,
Ron Murray <rjmx at rjmx.net> a écrit :
> Running gdm3 in debug mode, I get this in the gdm slave log:
>
> -------------------------
> gdm-welcome][4275]: DEBUG(+): GdmSessionWorker: received pam message
> of type 2 with payload 'Would you like to enter a security context?
> [N] ' -------------------------
>
> So it appears that the reason gdm is hanging is that it's been
> asked for a security context, which it has no way of answering. How
> do I give it a securty context?
>
> I'm not sure at this point whether I'm looking at a gdm3 bug or an
> selinux bug. I'm also (naturally) wondering why nobody else has
> reported this.
I'm running selinux in permissive mode and using GDM3 as DM and I've no
problem with it.
Could you look in /etc/pam.d/ and see and see what are call to
pam_selinux module in the gdm3 related services?
Also what is the version of gdm3 package? Since 3.4.1-1 pam
configuration includes call to pam_selinux.so.
> One other thing that may or may not be important: I did an strace
> of a gdm3 startup, and just before that message was sent, there's
> this:
>
> -------------------------
> [pid 7921] open("/etc/selinux/default/logins/Debian-gdm", O_RDONLY)
> = -1 ENOENT (No such file or directory) -------------------------
>
> Note that the /etc/selinux/default/logins/ directory does not
> exist on any of my boxes. Should it?
I'm not sure about this.
Cheers
Laurent Bigonville
More information about the SELinux-devel
mailing list