[DSE-Dev] Bug#683756: Bug#683756: selinux in permissive mode breaks gdm and X
debian at mikapflueger.de
debian at mikapflueger.de
Wed Sep 5 09:11:07 UTC 2012
Hi Ron,
Am 05.09.2012 02:32, schrieb Ron Murray:
>
> I did some work on the remaining machine today. First I enabled
> debugging on the gdm3 daemon, set up an strace, and started gdm. As
> before, gdm3 respawned multiple times in short order before I stopped
> it.
>
> Only serious thing I could find was this, in one of the Xorg logs:
Are you absolutely sure the context for gdm3 is correct at the machine
where it doesn't work? You wrote that you relabeled and rebooted and
that would restore the (wrong) context. Unfortunately (I'm not sure if
this is a bug - it is intended but I don't like it) reenabling selinux
after having it disabled triggers an autorelabel. This is what happened
for me: I had selinux disabled, changed the context for gdm3, rebooted
with selinux=1 security=selinux, the system did a relabeling on the
boot, and I got a broken gdm3 right again. You then have to log into a
VT (e.g. ctrl+alt+f1) and correct the label from the command line. Then
you can reboot once again (which now will hopefully _not_ relabel) and
after that it worked for me.
An alternative would be to add the correct label to the local
configuration but given that a fixed package should be just around the
corner, a temporary workaround seems okay.
This workaround is necessary for systems running unstable until the fix
for this bug hits unstable and will be necessary for systems running
testing until the fixed package migrates.
Cheers,
Mika
More information about the SELinux-devel
mailing list