selinux question(s) (/home really = /n/home..)

Matt Nicholson sjoeboo at sjoeboo.com
Tue Nov 4 19:22:16 UTC 2008 

output from /var/log/messages as I try to login as guest user: (xguest):

Nov  4 14:13:15 dhcp-0016533596-c5-74 gconfd (gdm-2932): Exiting
Nov  4 14:13:15 dhcp-0016533596-c5-74 kernel: Not cloning cgroup for unused
subsystem ns
Nov  4 14:13:16 dhcp-0016533596-c5-74 gconfd (xguest-3121): starting
(version 2.22.0), pid 3121 user 'xguest'
Nov  4 14:13:16 dhcp-0016533596-c5-74 gconfd (xguest-3121): Resolved address
"xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only configuration
source at position 0
Nov  4 14:13:16 dhcp-0016533596-c5-74 gconfd (xguest-3121): Resolved address
"xml:readwrite:/home/xguest/.gconf" to a writable configuration source at
position 1
Nov  4 14:13:16 dhcp-0016533596-c5-74 gconfd (xguest-3121): Resolved address
"xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration
source at position 2
Nov  4 14:13:16 dhcp-0016533596-c5-74 kernel: type=1400
audit(1225825996.389:5): avc:  denied  { read write } for  pid=3148
comm="dbus-daemon" path="socket:[37602]" dev=sockfs ino=37602
scontext=xguest_u:xguest_r:xguest_dbusd_t:s0
tcontext=xguest_u:xguest_r:xguest_t:s0 tclass=unix_stream_socket
Nov  4 14:13:16 dhcp-0016533596-c5-74 ssh-agent[3166]: error: setrlimit
RLIMIT_CORE: Permission denied
Nov  4 14:13:16 dhcp-0016533596-c5-74 acpid: client connected from 3229[0:0]
Nov  4 14:13:17 dhcp-0016533596-c5-74 kernel: mtrr: base(0xd0000000) is not
aligned on a size(0x3e80000) boundary
Nov  4 14:13:18 dhcp-0016533596-c5-74 gconfd (gdm-3258): starting (version
2.22.0), pid 3258 user 'gdm'
Nov  4 14:13:18 dhcp-0016533596-c5-74 gconfd (gdm-3258): Resolved address
"xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only configuration
source at position 0
Nov  4 14:13:18 dhcp-0016533596-c5-74 gconfd (gdm-3258): Resolved address
"xml:readonly:/etc/gconf/gconf.xml.system" to a read-only configuration
source at position 1
Nov  4 14:13:18 dhcp-0016533596-c5-74 gconfd (gdm-3258): Resolved address
"xml:readonly:/var/lib/gdm/.gconf.mandatory" to a read-only configuration
source at position 2
Nov  4 14:13:18 dhcp-0016533596-c5-74 gconfd (gdm-3258): Resolved address
"xml:readwrite:/var/lib/gdm/.gconf" to a writable configuration source at
position 3
Nov  4 14:13:18 dhcp-0016533596-c5-74 gconfd (gdm-3258): Resolved address
"xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration
source at position 4
Nov  4 14:13:19 dhcp-0016533596-c5-74 gconfd (gdm-3258): Error setting value
for `/apps/gnome-screensaver/power_management_delay': Can't overwrite
existing read-only value: Value for
`/apps/gnome-screensaver/power_management_delay' set in a read-only source
at the front of your configuration path
Nov  4 14:13:19 dhcp-0016533596-c5-74 gconfd (gdm-3258): Error setting value
for `/apps/gnome-screensaver/power_management_delay': Can't overwrite
existing read-only value: Value for
`/apps/gnome-screensaver/power_management_delay' set in a read-only source
at the front of your configuration path
Nov  4 14:13:19 dhcp-0016533596-c5-74 pulseaudio[3307]: polkit.c: Cannot set
UID on session object.
Nov  4 14:13:19 dhcp-0016533596-c5-74 pulseaudio[3307]: main.c: Called SUID
root and real-time/high-priority scheduling was requested in the
configuration. However, we lack the necessary priviliges:
Nov  4 14:13:19 dhcp-0016533596-c5-74 pulseaudio[3307]: main.c: We are not
in group 'pulse-rt' and PolicyKit refuse to grant us priviliges. Dropping
SUID again.
Nov  4 14:13:19 dhcp-0016533596-c5-74 pulseaudio[3307]: main.c: For enabling
real-time scheduling please acquire the appropriate PolicyKit priviliges, or
become a member of 'pulse-rt', or increase the RLIMIT_NICE/RLIMIT_RTPRIO
resource limits for this user.
Nov  4 14:13:19 dhcp-0016533596-c5-74 pulseaudio[3307]: main.c:
setrlimit(RLIMIT_NICE, (31, 31)) failed: Operation not permitted
Nov  4 14:13:19 dhcp-0016533596-c5-74 pulseaudio[3307]: main.c:
setrlimit(RLIMIT_RTPRIO, (9, 9)) failed: Operation not permitted
Nov  4 14:13:19 dhcp-0016533596-c5-74 pulseaudio[3307]: alsa-util.c: Device
front:0 doesn't support 44100 Hz, changed to 44099 Hz.

Obviously, the things that stick out in there are the :

Nov  4 14:13:16 dhcp-0016533596-c5-74 kernel: type=1400
audit(1225825996.389:5): avc:  denied  { read write } for  pid=3148
comm="dbus-daemon" path="socket:[37602]" dev=sockfs ino=37602
scontext=xguest_u:xguest_r:xguest_dbusd_t:s0
tcontext=xguest_u:xguest_r:xguest_t:s0 tclass=unix_stream_socket
Nov  4 14:13:16 dhcp-0016533596-c5-74 ssh-agent[3166]: error: setrlimit
RLIMIT_CORE: Permission denied

and:

Nov  4 14:13:15 dhcp-0016533596-c5-74 kernel: Not cloning cgroup for unused
subsystem ns

more specifically, the sealert says:

SELinux is preventing dbus-daemon (xguest_dbusd_t) "read write" to socket
(xguest_t).



On Tue, Nov 4, 2008 at 2:03 PM, Matt Nicholson <sjoeboo at sjoeboo.com> wrote:

> yes, all upto date. a new build from my kickstart is finishing updating
> right now (had to add oddjob/turn it on by default). Once its done I'll send
> what info I can.
>
> Before i was getting an selinux alert/error, but i generated and loaded a
> local policy, which took care of the selinux alert, but still didn't fix
> xguest (it just bouces back out to GDM).
>
> More coming soon. Thanks for all the help!
>
>
>
> On Tue, Nov 4, 2008 at 1:54 PM, Daniel J Walsh <dwalsh at redhat.com> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Matt Nicholson wrote:
>> > Right, that did it (after i started the oddjobd service, that is).
>> >
>> > Now, the original reason i turned selinux back on was to use
>> > xguest....saddly, this isn't working still...
>> >
>> Why not?  Are you fully up2date?
>>
>> xguest should be working on F9 and F10 right now.
>>
>> <SNIP>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.9 (GNU/Linux)
>> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>>
>> iEYEARECAAYFAkkQmlkACgkQrlYvE4MpobNXvwCeK5prZkPCBNDq3cYprnuwkJOZ
>> JaQAnRpM41iDhoQ0AWeTmmqYAqrpLLLI
>> =rAZp
>> -----END PGP SIGNATURE-----
>>
>> --
>> fedora-list mailing list
>> fedora-list at redhat.com
>> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>> Guidelines:
>> http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20081104/03e175a1/attachment-0001.htm>

More information about the fedora-list mailing list