On 03/31/2009 06:33 PM, Ben Gamari wrote:
Hey everyone,
Ever since yesterday's big update, I've been unable to login to my
account through gdm. After entering my user name and password, the PAM
conversation continues with gdm asking me, "Would you like to enter a
security context?" On entering "N" the login fails and the gdm greeter
denies login with "Unable to open session" while pausing for some time,
often requiring Ctrl-Alt-Backspace to reclaim control of the computer.
After entering "N", the following messages appear in /var/log/secure,
Mar 31 17:50:13 mercury pam: gdm[5157]: pam_selinux(gdm:session): Unable to get valid context for ben
Mar 31 17:50:13 mercury pam: gdm[5157]: pam_unix(gdm:session): session opened for user ben by (uid=0)
After entering my password, the following message appears in
/var/log/audit/audit.log,
type=LOGIN msg=audit(1238536335.839:224): login pid=5330 uid=0 old auid=500 new auid=500 old ses=1 new ses=15
Followed by the following messages after entering "N" to entering a
context,
type=USER_START msg=audit(1238536339.236:225): user pid=5330 uid=0 auid=500 ses=15 subj=unconfined_u:unconfined_
r:unconfined_ t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="ben"
exe="/usr/libexec/gdm-session-worker" (hostname=?, addr=?, terminal=:0
res=failed)'
type=USER_LOGIN msg=audit(1238536339.236:226): user pid=5330 uid=0 auid=500 ses=15 subj=unconfined_u:unconfined_r:unconfined_ t:s0-s0:c0.c1023 msg='uid=500: exe="/usr/libexec/gdm-session-worker" (hostname=?, addr=?, terminal=/dev/tty7 res=failed)'
type=CRED_DISP msg=audit(1238536339.237:227): user pid=5330 uid=0 auid=500 ses=15 subj=unconfined_u:unconfined_r:unconfined_t :s0-s0:c0.c1023 msg='op=PAM:setcred acct="ben" exe="/usr/libexec/gdm-session-worker" (hostname=?, addr=?, terminal=:0 res=success)'
Anyone have any idea what might cause such a failure? I would be more
than happy to provide any information neccessary to identify the
root-cause of the problem. Thanks,
- Ben
Do you have gdm running as unconfined_t?
ps -eZ | grep gdm
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list