[DSE-Dev] Bug#739163: selinux-policy-default: preventing LightDM login

[Tomasz Bialas]

Package: selinux-policy-default
Version: 2:2.20140206-1
Severity: important

Dear Maintainer,

When running SELinux in enforcing mode, LightDM fails to login, the screen
flashes and comes back to the login screen.
No specific AVC denial messages are present in the log.
Switching to Permissive mode allows LightDM to function properly.
The issue is solved by changing the context of the LightDM executable to
xdm_exec_t
with the command "chcon -t xdm_exec_t /usr/sbin/lightdm".

Thank you for investigating this issue.


-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (250, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.12-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages selinux-policy-default depends on:
ii  libpam-modules   1.1.3-9
ii  libselinux1      2.2.2-1
ii  libsepol1        2.2-1
ii  policycoreutils  2.2.5-1
ii  python           2.7.5-5
ii  selinux-utils    2.2.2-1

Versions of packages selinux-policy-default recommends:
ii  checkpolicy  2.2-1
ii  setools      3.3.8-3

Versions of packages selinux-policy-default suggests:
pn  logcheck        <none>
pn  syslog-summary  <none>

-- Configuration Files:
/etc/selinux/default/modules/active/file_contexts.local [Errno 13]
Permission denied:
u'/etc/selinux/default/modules/active/file_contexts.local'

-- no debconf information
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20140216/68719352/attachment.html>