Headsup: Xorg is broken in F-22 when used with fips or /etc/system-fips

Hans de Goede hdegoede at redhat.com
Tue Feb 24 17:21:42 UTC 2015


On 02/24/2015 06:02 PM, Tomas Mraz wrote:
> On Út, 2015-02-24 at 10:42 +0100, Hans de Goede wrote:
>> >Hi all,
>> >
>> >Debugging this took me ages, so I thought I would share this with you,
>> >with the new gdm on wayland landed in F-22 recently Xorg gets started
>> >as a regular user.
>> >
>> >This is a good thing as we want to move to Xorg running as a regular user,
>> >but we're not 100% there yet, so currently Xorg is still suid-root, and
>> >needs those root rights to function properly.
>> >
>> >But when fips is enabled either on the kernel commandline or a /etc/system-fips
>> >file exists one of the libraries X is using is dropping the root rights at
>> >early library init and things fail.
>> >
>> >So if X is not working for you all of a sudden, make sure you do not have
>> >fips enabled on the kernel commandline, and remove any /etc/system-fips
>> >file you may have.
> This is unintended side-effect of running the FIPS selftest in the
> libgcrypt constructor, we need to fix that. Please open a new bug
> against libgcrypt so the bug fix is tracked.





More information about the devel mailing list