Hey folks,
I installed the VNC server package from the Fedora repo on my F10
server, and then edited my .vnc/xstartup file to allow a normal desktop
environment.
Now, each time the server boots, Nautilus bombs out with the following
error:
"Nautilus cannot be used now, due to an unexpected error from Bonobo
when attempting to locate the factory. Killing bonobo-activation-server
and restarting Nautilus may help fix the problem".
In conjunction with this dialog box, I get the following SELinux error.
--- Begin SELinux Error ---
Summary:
SELinux is preventing ck-get-x11-serv (consolekit_t) "connectto"
unconfined_notrans_t.
Detailed Description:
SELinux denied access requested by ck-get-x11-serv. It is not expected
that this
access is required by ck-get-x11-serv and this access may signal an
intrusion
attempt. It is also possible that the specific version or configuration
of the
application is causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
disable
SELinux protection altogether. Disabling SELinux protection is not
recommended.
Please file a bug report
(
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context
system_u:system_r:consolekit_t:s0-s0:c0.c1023
Target Context system_u:system_r:unconfined_notrans_t:s0
Target Objects 002F746D702F2E5831312D756E69782F5831 [
unix_stream_socket ]
Source ck-get-x11-serv
Source Path /usr/libexec/ck-get-x11-server-pid
Port <Unknown>
Host boris
Source RPM Packages ConsoleKit-x11-0.3.0-2.fc10
Target RPM Packages
Policy RPM selinux-policy-3.5.13-26.fc10
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name boris
Platform Linux boris 2.6.27.5-117.fc10.i686 #1 SMP
Tue Nov
18 12:19:59 EST 2008 i686 athlon
Alert Count 2
First Seen Sat 06 Dec 2008 04:40:19 PM EST
Last Seen Sun 07 Dec 2008 05:04:49 PM EST
Local ID a654e04f-23ae-4f1e-8c47-9583cd2b5c27
Line Numbers
Raw Audit Messages
node=boris type=AVC msg=audit(1228687489.309:9): avc: denied
{ connectto } for pid=2291 comm="ck-get-x11-serv"
path=002F746D702F2E5831312D756E69782F5831
scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023
tcontext=system_u:system_r:unconfined_notrans_t:s0
tclass=unix_stream_socket
node=boris type=SYSCALL msg=audit(1228687489.309:9): arch=40000003
syscall=102 success=no exit=-13 a0=3 a1=bfc677c0 a2=61a160 a3=11 items=0
ppid=2290 pid=2291 auid=4294967295 uid=500 gid=504 euid=500 suid=500
fsuid=500 egid=504 sgid=504 fsgid=504 tty=(none) ses=4294967295
comm="ck-get-x11-serv" exe="/usr/libexec/ck-get-x11-server-pid"
subj=system_u:system_r:consolekit_t:s0-s0:c0.c1023 key=(null)
--- End SELinux Error ---
The workaround for now is to SSH to the server, kill -9 the bonobo
process, and then restart the vncserver service. But I would like to
remove all of those steps if at all possible.
Thoughts?
- Adam