Re: Heads up: selinux-policy-3.14.1-25.fc28 breaks GDM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I can't confirm that. Maybe because I relabel my system after every selinux policy update.
--
Heiko Adams

Am 24. Mai 2018 04:13:25 MESZ schrieb Jerry James <loganjerry@xxxxxxxxx>:
I installed the latest batch of updates for F28 tonight.  Since that included a new kernel (4.16.10-300.fc28), I rebooted.  The system came up with the GDM panic screen [1].  I rebooted into the previous kernel thinking that something might be wrong with the new one.  Same result.  I rebooted again and added enforcing=0 to the kernel boot line.  That worked.  I did a full SELinux relabel immediately afterwards.  Nothing relevant changed labels.

The SELinux Alert Browser says there are no alerts.  Journalctl shows this:

systemd[1071]: selinux: avc:  denied  { status } for auid=n/a uid=42 gid=42 cmdline="/usr/libexec/gdm-x-session gnome-session --autostart /usr/share/gdm/greeter/autostart" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=system permissive=0

followed a short time later by this:

audit[1405]: AVC avc:  denied  { map } for  pid=1405 comm="gnome-session-c" path="/dev/nvidiactl" dev="devtmpfs" ino=20616 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_misc_device_t:s0 tclass=chr_file permissive=0

And there are several more minor variations on that last one in the logs.  Just thought everybody should know ASAP.

Footnotes:
[1] Which is totally useless, by the way.  It says "Oh no!  Something went wrong!"  (Great.  *WHAT* went wrong?) and informs me that I must logout.  I wasn't logged in.  There's a nice logout button there, but it can't be pressed.  There is no mouse pointer.  No keyboard shortcut that I can think of causes the button to change appearance.  Even if I did manage to press it, what exactly would that do?  I'm already not logged in!
--
Jerry James
http://www.jamezone.org/
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/KLYFIL7QYNSDDQVOVZXQ2IZVO3WLJKQK/
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux