Re: selinux question(s) (/home really = /n/home..)

output from /var/log/messages as I try to login as guest user: (xguest):

Nov  4 14:13:15 dhcp-0016533596-c5-74 gconfd (gdm-2932): Exiting
Nov  4 14:13:15 dhcp-0016533596-c5-74 kernel: Not cloning cgroup for unused subsystem ns
Nov  4 14:13:16 dhcp-0016533596-c5-74 gconfd (xguest-3121): starting (version 2.22.0), pid 3121 user 'xguest'
Nov  4 14:13:16 dhcp-0016533596-c5-74 gconfd (xguest-3121): Resolved address "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only configuration source at position 0
Nov  4 14:13:16 dhcp-0016533596-c5-74 gconfd (xguest-3121): Resolved address "xml:readwrite:/home/xguest/.gconf" to a writable configuration source at position 1
Nov  4 14:13:16 dhcp-0016533596-c5-74 gconfd (xguest-3121): Resolved address "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source at position 2
Nov  4 14:13:16 dhcp-0016533596-c5-74 kernel: type=1400 audit(1225825996.389:5): avc:  denied  { read write } for  pid=3148 comm="dbus-daemon" path="socket:[37602]" dev=sockfs ino=37602 scontext=xguest_u:xguest_r:xguest_dbusd_t:s0 tcontext=xguest_u:xguest_r:xguest_t:s0 tclass=unix_stream_socket
Nov  4 14:13:16 dhcp-0016533596-c5-74 ssh-agent[3166]: error: setrlimit RLIMIT_CORE: Permission denied
Nov  4 14:13:16 dhcp-0016533596-c5-74 acpid: client connected from 3229[0:0]
Nov  4 14:13:17 dhcp-0016533596-c5-74 kernel: mtrr: base(0xd0000000) is not aligned on a size(0x3e80000) boundary
Nov  4 14:13:18 dhcp-0016533596-c5-74 gconfd (gdm-3258): starting (version 2.22.0), pid 3258 user 'gdm'
Nov  4 14:13:18 dhcp-0016533596-c5-74 gconfd (gdm-3258): Resolved address "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only configuration source at position 0
Nov  4 14:13:18 dhcp-0016533596-c5-74 gconfd (gdm-3258): Resolved address "xml:readonly:/etc/gconf/gconf.xml.system" to a read-only configuration source at position 1
Nov  4 14:13:18 dhcp-0016533596-c5-74 gconfd (gdm-3258): Resolved address "xml:readonly:/var/lib/gdm/.gconf.mandatory" to a read-only configuration source at position 2
Nov  4 14:13:18 dhcp-0016533596-c5-74 gconfd (gdm-3258): Resolved address "xml:readwrite:/var/lib/gdm/.gconf" to a writable configuration source at position 3
Nov  4 14:13:18 dhcp-0016533596-c5-74 gconfd (gdm-3258): Resolved address "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source at position 4
Nov  4 14:13:19 dhcp-0016533596-c5-74 gconfd (gdm-3258): Error setting value for `/apps/gnome-screensaver/power_management_delay': Can't overwrite existing read-only value: Value for `/apps/gnome-screensaver/power_management_delay' set in a read-only source at the front of your configuration path
Nov  4 14:13:19 dhcp-0016533596-c5-74 gconfd (gdm-3258): Error setting value for `/apps/gnome-screensaver/power_management_delay': Can't overwrite existing read-only value: Value for `/apps/gnome-screensaver/power_management_delay' set in a read-only source at the front of your configuration path
Nov  4 14:13:19 dhcp-0016533596-c5-74 pulseaudio[3307]: polkit.c: Cannot set UID on session object.
Nov  4 14:13:19 dhcp-0016533596-c5-74 pulseaudio[3307]: main.c: Called SUID root and real-time/high-priority scheduling was requested in the configuration. However, we lack the necessary priviliges:
Nov  4 14:13:19 dhcp-0016533596-c5-74 pulseaudio[3307]: main.c: We are not in group 'pulse-rt' and PolicyKit refuse to grant us priviliges. Dropping SUID again.
Nov  4 14:13:19 dhcp-0016533596-c5-74 pulseaudio[3307]: main.c: For enabling real-time scheduling please acquire the appropriate PolicyKit priviliges, or become a member of 'pulse-rt', or increase the RLIMIT_NICE/RLIMIT_RTPRIO resource limits for this user.
Nov  4 14:13:19 dhcp-0016533596-c5-74 pulseaudio[3307]: main.c: setrlimit(RLIMIT_NICE, (31, 31)) failed: Operation not permitted
Nov  4 14:13:19 dhcp-0016533596-c5-74 pulseaudio[3307]: main.c: setrlimit(RLIMIT_RTPRIO, (9, 9)) failed: Operation not permitted
Nov  4 14:13:19 dhcp-0016533596-c5-74 pulseaudio[3307]: alsa-util.c: Device front:0 doesn't support 44100 Hz, changed to 44099 Hz.

Obviously, the things that stick out in there are the :

Nov  4 14:13:16 dhcp-0016533596-c5-74 kernel: type=1400 audit(1225825996.389:5): avc:  denied  { read write } for  pid=3148 comm="dbus-daemon" path="socket:[37602]" dev=sockfs ino=37602 scontext=xguest_u:xguest_r:xguest_dbusd_t:s0 tcontext=xguest_u:xguest_r:xguest_t:s0 tclass=unix_stream_socket
Nov  4 14:13:16 dhcp-0016533596-c5-74 ssh-agent[3166]: error: setrlimit RLIMIT_CORE: Permission denied

and:

Nov  4 14:13:15 dhcp-0016533596-c5-74 kernel: Not cloning cgroup for unused subsystem ns

more specifically, the sealert says:

SELinux is preventing dbus-daemon (xguest_dbusd_t) "read write" to socket (xguest_t).

On Tue, Nov 4, 2008 at 2:03 PM, Matt Nicholson <sjoeboo@xxxxxxxxxxx> wrote:

yes, all upto date. a new build from my kickstart is finishing updating right now (had to add oddjob/turn it on by default). Once its done I'll send what info I can.

Before i was getting an selinux alert/error, but i generated and loaded a local policy, which took care of the selinux alert, but still didn't fix xguest (it just bouces back out to GDM).

More coming soon. Thanks for all the help!

On Tue, Nov 4, 2008 at 1:54 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Matt Nicholson wrote:

> Right, that did it (after i started the oddjobd service, that is).
>
> Now, the original reason i turned selinux back on was to use
> xguest....saddly, this isn't working still...
>

Why not?  Are you fully up2date?

xguest should be working on F9 and F10 right now.

<SNIP>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkkQmlkACgkQrlYvE4MpobNXvwCeK5prZkPCBNDq3cYprnuwkJOZ
JaQAnRpM41iDhoQ0AWeTmmqYAqrpLLLI
=rAZp

-----END PGP SIGNATURE-----

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines