no more desktop after 20060720 updates

Jim Cornette fct-cornette at insight.rr.com
Sun Jul 23 22:17:41 UTC 2006


Horst H. von Brand wrote:
> Tom London <selinux at gmail.com> wrote:
> 
> [Gnome starts (after a /long/ time, no windows decorations, terminal shows
>  up in left upper corner]
>> Is 'metacity' running?
> 
> Nope.
> 
>> Try starting it from one of your (misplaced) terminal windows:
>> 'metacity&' and see what happens.
> 
> metacity: error while loading shared libraries: libGL.so.1: failed to map
> segment from shared object: Permission denied
> 
> /usr/lib/libGL.so.1.2 is root:root rwxr-xr-x
> 
> No further libGL related stuff in /var/log/messages
> 
> selinux-policy-targeted-2.3.3-9, mesa-libGL-6.5-13.1.fc6

I also have mesa-libGL-6.5-13.1.fc6 installed.

I tried this with SELinux off and with it on. I get the error with 
enforcing but not with permissive.

  metacity: error while loading shared libraries: libGL.so.1: failed to 
map segment from shared object: Permission denied

It works with enforcing off for me.

/var/log/audit/audit.log contains denials. The execmem limitation is the 
problem stated from past discussions. It was stated that a program is 
bad if it needs execmem. That was the last discussion I heard about this 
error.
There were no mesa-libGL package upgrades that I noted since the error 
started.

Jim

type=MAC_STATUS msg=audit(1153692103.842:53): enforcing=0 
old_enforcing=1 auid=0
type=SYSCALL msg=audit(1153692103.842:53): arch=40000003 syscall=4 
success=yes exit=1 a0=3 a1=bfddd7c4 a2=1 a3=bfddd7c4 items=0 ppid=2544 
pid=2621 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
tty=tty1 comm="setenforce" exe="/usr/sbin/setenforce" 
subj=root:system_r:unconfined_t:s0-s0:c0.c255 key=(null)
type=AVC msg=audit(1153692103.858:54): avc:  denied  { dac_override } 
for  pid=1695 comm="python" capability=1 
scontext=system_u:system_r:setroubleshoot_t:s0 
tcontext=system_u:system_r:setroubleshoot_t:s0 tclass=capability
type=SYSCALL msg=audit(1153692103.858:54): arch=40000003 syscall=33 
success=yes exit=0 a0=8c24588 a1=2 a2=1045a64 a3=0 items=1 ppid=1660 
pid=1695 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 
fsgid=0 tty=(none) comm="python" exe="/usr/bin/python" 
subj=system_u:system_r:setroubleshoot_t:s0 key=(null)
type=CWD msg=audit(1153692103.858:54):  cwd="/"
type=PATH msg=audit(1153692103.858:54): item=0 name="/var/lib/rpm" 
inode=195650 dev=03:06 mode=040755 ouid=37 ogid=37 rdev=00:00 
obj=system_u:object_r:rpm_var_lib_t:s0
type=AVC msg=audit(1153692118.295:55): avc:  denied  { execmem } for 
pid=2623 comm="metacity" scontext=user_u:system_r:unconfined_t:s0 
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1153692118.295:55): arch=40000003 syscall=192 
success=yes exit=67481600 a0=405b000 a1=5000 a2=7 a3=812 items=0 
ppid=2598 pid=2623 auid=500 uid=500 gid=501 euid=500 suid=500 fsuid=500 
egid=501 sgid=501 fsgid=501 tty=pts2 comm="metacity" 
exe="/usr/bin/metacity" subj=user_u:system_r:unconfined_t:s0 key=(null)




More information about the fedora-test-list mailing list