Resolved: You've also got to move /tmp/.gdm-xauth`id -u -n`.* to the polyinstantiated directory. On Mon, Apr 7, 2008 at 9:18 AM, Xavier Toth <txtoth@xxxxxxxxx> wrote: > When I configure namespace.conf to polyinstantiate /tmp I cannot login > through gdm. Looking at /var/log/secure it appears that pam_namespace > thinks everything is ok: > > Apr 7 08:50:37 comms gdm-session-worker[2471]: pam_unix(gdm:session): > session closed for user tedx > Apr 7 08:50:54 comms gdm-session-worker[2687]: > pam_namespace(gdm:session): open_session - start > Apr 7 08:50:54 comms gdm-session-worker[2687]: > pam_namespace(gdm:session): Parsing config file > /etc/security/namespace.conf > Apr 7 08:50:54 comms gdm-session-worker[2687]: > pam_namespace(gdm:session): Expanded polydir: '/tmp' > Apr 7 08:50:54 comms gdm-session-worker[2687]: > pam_namespace(gdm:session): Expanded ruser polydir: '/tmp' > Apr 7 08:50:54 comms gdm-session-worker[2687]: > pam_namespace(gdm:session): Expanded instance prefix: '/tmp.inst/' > Apr 7 08:50:54 comms gdm-session-worker[2687]: > pam_namespace(gdm:session): Configured poly dirs: > Apr 7 08:50:54 comms gdm-session-worker[2687]: > pam_namespace(gdm:session): dir='/tmp' iprefix='/tmp.inst/' meth=3 > Apr 7 08:50:54 comms gdm-session-worker[2687]: > pam_namespace(gdm:session): override user 0 > Apr 7 08:50:54 comms gdm-session-worker[2687]: > pam_namespace(gdm:session): override user 3 > Apr 7 08:50:54 comms gdm-session-worker[2687]: > pam_namespace(gdm:session): Set up namespace for pid 2687 > Apr 7 08:50:54 comms gdm-session-worker[2687]: > pam_namespace(gdm:session): Checking for ns override in dir /tmp for > uid 0 > Apr 7 08:50:54 comms gdm-session-worker[2687]: > pam_namespace(gdm:session): Checking for ns override in dir /tmp for > uid 0 > Apr 7 08:50:54 comms gdm-session-worker[2687]: > pam_namespace(gdm:session): Overriding poly for user 0 for dir /tmp > Apr 7 08:50:54 comms gdm-session-worker[2687]: > pam_namespace(gdm:session): namespace setup ok for pid 2687 > > but in /var/log/messages I see things that make me think either gdm or > gconfd are having a problem which is killing the session: > > Apr 7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSessionDirect: > Emitting 'accredited' signal > Apr 7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSimpleSlave: accredited > Apr 7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSimpleSlave: > trying to migrate session > Apr 7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSlave: getting > proxy for seat: /org/freedesktop/ConsoleKit/Seat1 > Apr 7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSlave: > checking if seat can activate sessions > Apr 7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSlave: unable > to determine session to activate > Apr 7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSimpleSlave: migrated: 0 > Apr 7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: > GdmWelcomeSession: Stopping welcome_session > Apr 7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmCommon: > sending signal 15 to process -3271 > Apr 7 08:58:15 comms gdm-simple-greeter[3271]: DEBUG: > GdmSignalHandler: handling signal 15 > Apr 7 08:58:15 comms gdm-simple-greeter[3271]: DEBUG: > GdmSignalHandler: Found 1 callbacks > Apr 7 08:58:15 comms gdm-simple-greeter[3271]: DEBUG: > GdmSignalHandler: running 15 handler: 0x8052420 > Apr 7 08:58:15 comms gdm-simple-greeter[3271]: DEBUG: Got callback > for signal 15 > Apr 7 08:58:15 comms gdm-simple-greeter[3271]: DEBUG: Caught signal > 15, shutting down normally. > Apr 7 08:58:15 comms gdm-simple-greeter[3271]: DEBUG: > GdmSignalHandler: Caught termination signal - exiting main loop > Apr 7 08:58:15 comms gconfd (gdm-3280): Exiting > Apr 7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: > GdmWelcomeSession: Waiting on process 3271 > Apr 7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmCommon: > process (pid:3271) done (status:1) > Apr 7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: > GdmWelcomeSession: Wait on child process failed > Apr 7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: > GdmWelcomeSession: WelcomeSession died > Apr 7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: > GdmWelcomeSession: De-registering session from ConsoleKit > Apr 7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: > GdmWelcomeSession: Stopping D-Bus daemon > Apr 7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmCommon: > sending signal 15 to process -3269 > Apr 7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GreeterServer: > Stopping greeter server... > Apr 7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSlave: > Requesting user authorization > Apr 7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSlave: Got > user authorization: /tmp/.gdm-xauth-root.YMLB9T > Apr 7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSessionDirect: > looking for session file 'gnome.desktop' > Apr 7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GreeterServer: > obj_path=/org/freedesktop/DBus/Local > interface=org.freedesktop.DBus.Local method=Disconnected > Apr 7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GreeterServer: Disconnected > Apr 7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: > greeter_server_unregister_handler > > I'm using the following init script in my namespace.conf configuration > of /tmp to move the X unix domain socket: > > #!/bin/sh > if [ \"$1\" == \"/tmp\" ]; then > if [ ! -f /.tmp/.X11-unix ]; then > mkdir -p /.tmp/.X11-unix > /dev/null 2>&1 > fi > mount | grep X11-unix > /dev/null 2>&1 > if [ $? -ne 0 ]; then > mount --bind /tmp/.X11-unix /.tmp/.X11-unix > /dev/null 2>&1 > fi > cp -fp -- /tmp/.X0-lock \"$2/.X0-lock\" > /dev/null 2>&1 > mkdir -- \"$2/.X11-unix\" > /dev/null 2>&1 > ln -fs -- /.tmp/.X11-unix/X0 \"$2/.X11-unix/X0\" > /dev/null 2>&1 > fi > > Maybe there a similar things I need to do for gconfd? > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
