SELinux preventing D-Bus starting ConsoleKit etc - Was: F10 - pulseaudio not running

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I wrote:
> I can see that on my functioning desktops that before login, gdm has
> been granted read-write access, via ACLs, to the sound device files in
> /dev/snd/.  After GDM login my user is granted read-write instead.
>
> On my broken desktop there are no ACLs granting extra permissions.  I
> have now restored the original permissions on the /dev/snd/* files and
> added my user read-write access via ACLs.  Still pulseaudio does not
> start.
>
> I also noticed that on my broken desktop, console-kit-daemon is not
> running.  So far I have only found that console-kit-daemon may have
> been started with /etc/rc.d/init.d/ConsoleKit circa Fedora 8.  That
> consoleKit service script been removed in Fedora 10 and I don't yet
> know how console-kit-daemon is meant to be started.
>
> Is console-kit-daemon running even relevant to GDM adding ACLs for the
> console user to access devices?  Probably.  Is this relevant to why
> pulseaudio fails to start?  Don't know as even when standard file
> permissions, rather than ACLs, allowed access to /dev/snd/* pulseaudio
> died on startup.
>
> From my functional home desktop ...
> [mike@rockover ~]$ getfacl -p /dev/snd/controlC0
> # file: /dev/snd/controlC0
> # owner: root
> # group: root
> user::rw-
> user:mike:rw-
> group::rw-
> mask::rw-
> other::---
> (Same results of additional user mike ACL for all devices in /dev/snd/).
> [mike@rockover ~]$ ck-list-sessions
> Session4:
>        unix-user = '500'
>        realname = 'Mike Fleetwood,,,,'
>        seat = 'Seat1'
>        session-type = ''
>        active = TRUE
>        x11-display = ':0'
>        x11-display-device = '/dev/tty1'
>        display-device = ''
>        remote-host-name = ''
>        is-local = TRUE
>        on-since = '2009-04-08T19:06:01.429138Z'
>        login-session-id = '702'
> [mike@rockover ~]$ ps -ef | fgrep console-kit-daemon
> root      2477     1  0 Apr08 ?        00:00:00 /usr/sbin/console-kit-daemon
> mike     23954 19225  0 12:05 pts/0    00:00:00 fgrep console-kit-daemon
>
> From my broken work desktop ...
> [mfleetwo@mfleetwo3 ~]$ su -
> Password:
> [root@mfleetwo3 ~]# chmod o= /dev/snd/*
> [root@mfleetwo3 ~]# setfacl -m u:mfleetwo:rw /dev/snd/*
> [root@mfleetwo3 ~]# ls -l /dev/snd/*
> crw-rw----+ 1 root root 116, 7 2009-04-22 13:13 /dev/snd/controlC0
> crw-rw----+ 1 root root 116, 6 2009-04-22 13:13 /dev/snd/hwC0D0
> crw-rw----+ 1 root root 116, 5 2009-05-06 12:15 /dev/snd/pcmC0D0c
> crw-rw----+ 1 root root 116, 4 2009-05-06 12:15 /dev/snd/pcmC0D0p
> crw-rw----+ 1 root root 116, 3 2009-04-22 13:13 /dev/snd/seq
> crw-rw----+ 1 root root 116, 2 2009-04-22 13:13 /dev/snd/timer
> [root@mfleetwo3 ~]# getfacl -p /dev/snd/controlC0
> # file: /dev/snd/controlC0
> # owner: root
> # group: root
> user::rw-
> user:mfleetwo:rw-
> group::rw-
> mask::rw-
> other::---
> [root@mfleetwo3 ~]# exit
> logout
> [mfleetwo@mfleetwo3 ~]$ pulseaudio --start --log-target=syslog
> I: caps.c: Limited capabilities successfully to CAP_SYS_NICE.
> I: caps.c: Dropping root privileges.
> I: caps.c: Limited capabilities successfully to CAP_SYS_NICE.
> [WARN  9224] polkit-session.c:144:polkit_session_set_uid(): session != NULL
>  Not built with -rdynamic so unable to print a backtrace
> [mfleetwo@mfleetwo3 ~]$ echo $?
> 1
> [mfleetwo@mfleetwo3 ~]$ ps -ef | fgrep pulseaudio
> [mfleetwo@mfleetwo3 ~]$ ck-list-sessions
>
> ** (ck-list-sessions:9244): WARNING **: Failed to get list of seats:
> Cannot launch daemon, file not found or permissions invalid
> [mfleetwo@mfleetwo3 ~]$ ps -ef | fgrep console-kit-daemon

I have identified that my issues are caused by SELinux.  I have
rebooted with enforcing=0 to switch SELinux into permissive mode and
ConsoleKit and Pulseaudio start correctly and audacious plays music.
Even after performing a full relabelling of the SELinux security
context of all files by touching /.autorelabel and rebooting, SELinux
in enforcing is preventing D-Bus starting ConsoleKit and Pulseaudio
starting.  Investigation into SELinux continuing.

E.g. SELinux in enforcing mode:
[root@mfleetwo3 ~]# id -Z
unconfined_u:unconfined_r:unconfined_t:SystemLow-SystemHigh
[root@mfleetwo3 ~]# service messagebus status
env: /etc/init.d/messagebus: Permission denied

and SELinux in permissive mode:
[root@mfleetwo3 ~]# service messagebus status
dbus-daemon (pid 2736 2055) is running...

Thanks,
Mike

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux