SELinux is preventing gdm (xdm_t) "execute" to <Unknown> (rpm_exec_t). et ALL

Tom London selinux at gmail.com
Thu Nov 29 14:38:38 UTC 2007 

On Nov 28, 2007 5:26 PM, Antonio Olivares <olivares14031 at yahoo.com> wrote:
>
> --- Jim Cornette <fct-cornette at insight.rr.com> wrote:
>
>
> > Antonio Olivares wrote:
> >
> > >> I've been booting into runlevel 3 mostly except
> > for
> > >> test. Runlevel 3
> > >> doesn't have all of the SELinux errors. Most are
> > >> only showing up in
> > >> runlevel 3.
> > >>
> > >> --
> > >> fedora-test-list mailing list
> > >> fedora-test-list at redhat.com
> > >> To unsubscribe:
> > >>
> > >
> >
> https://www.redhat.com/mailman/listinfo/fedora-test-list
> > >
> > > I get them on level 3 because level 5 does not
> > work.
> > > Still Init Respawn error message.  New Selinux
> > policy
> > > packages still give the error in title.  See here:
> > > ..
> > > Raw Audit Messages
> > >
> > > avc: denied { execute } for comm=gdm dev=dm-0
> > name=rpm
> > > pid=13279
> > > scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> > > tclass=file
> > > tcontext=system_u:object_r:rpm_exec_t:s0
> > >
> > > Regards,
> > >
> > > Antonio
> >
> > Are you actually logging in as root and changing to
> > runlevel 3 with
> > telinit? Or alternately you could unhide the grub
> > menu with a keypress
> > followed by pressing a
> > for append and a space followed by entering a 3
> > followed by enter to boot.
> > Services started in 5 may not be started in 3 and
> > could lead to the error.
> >
> > --
> > War is an equal opportunity destroyer.
> >
> > --
> > fedora-test-list mailing list
> > fedora-test-list at redhat.com
> > To unsubscribe:
> >
> https://www.redhat.com/mailman/listinfo/fedora-test-list
> >
>
> I chose append and added a 3 at the end of rhgb quiet
> and this still shows up.  I normally select to login
> automatically in level 5 and since there we get the
> INIT: respawning error, this does not work.  I have to
> press a key and login manually and then type startx to
> get X window.  I guess, we will have to wait till this
> error(s) get fixed.
>
> Sorry to bring this issue/complain about it.
> Eventually it will have to get fixed or more people
> see it and it will get more attention.  Thanks for
> helping and sharing your experiences and adding
> valuable comments to the bug report.
>
> Regards,
>
> Antonio
>
Antonio,

To provide 'temporary relief' until the problem is fixed, here is how
I worked around this on my Intel 945 (i.e. thinkpad x60) system.

1. download from
http://koji.fedoraproject.org/koji/buildinfo?buildID=22456 the
appropriate gdm package for your system (i386, x86_64).
2. as root run 'rpm -Uvh --oldpackage gdm-2.20.1-5.fc8.i386.rpm' (or x86_64).

You should be able to come up in runlevel 5. Compiz doesn't work, and
you may need to repeat the 'rpm -Uvh .....' if a 'yum update' installs
a newer gdm that breaks again....

tom
-- 
Tom London

More information about the test mailing list