Re: NM before login?

From: Dan Williams <dcbw redhat com>
To: Eric Brunet lps ens fr
Cc: networkmanager-list gnome org
Subject: Re: NM before login?
Date: Mon, 18 May 2009 12:00:23 -0400

On Fri, 2009-05-15 at 09:12 +0200, Eric Brunet lps ens fr wrote:
> Dans son message du jeudi 14/05/09 à 17:05, Dan Williams a écrit:
> > On Wed, 2009-05-13 at 23:20 +0200, Eric Brunet lps ens fr wrote:
> > > Dans son message du mercredi 13/05/09 à 10:08, Dan Williams a écrit:
> > > > Are you running with SELinux in enforcing mode,
> > > 
> > > /etc/sysconfig/selinux contains the line
> > > 
> > > 	SELINUX=disabled
> > > 
> > > (I can only guess that this conf file is actually read and acted upon at
> > > boot time; I don't know how to ask the kernel what is the actual current
> > > selinux mode. There's probably a file in /sysfs, but I don't know which)
> > > 
> > > > and what is the version of your selinux-policy-targeted package?
> > > 
> > > selinux-policy-targeted-3.5.13-58.fc10.noarch
> > > 
> > > > Second, do you see
> > > > "org.freedesktop.network-manager-settings.system.modify" in the output
> > > > of "polkit-auth --show-obtainable" ?
> > > 
> > > Yes I do.
> > 
> > What's in your /etc/NetworkManager/nm-system-settings.conf file?
> > 
> Two lines:
> 	[main]
> 	plugins=ifcfg-rh
> 
> By the way, I tried to boot with SELINUX=enforcing SELINUXTYPE=targeted,
> just to be extra sure. I could not login as kdm would crash after I type
> my login/password, with X freezing just after. The relevant lines in
> /var/log/messages:
> 
>   kernel: type=1400 audit(1242370619.482:8): avc: denied  { execute } for  pid=2465 comm="dbus-daemon-lau" name="console-kit-daemon" dev=sda2 ino=2327841 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:consolekit_exec_t:s0 tclass=file
>   kdm: Cannot open ConsoleKit session: Unable to open session: Cannot launch daemon, file not found or permissions invalid
>   kdm: Client start failed
>   kdm: Cannot close ConsoleKit session: Unable to close session: no session open
> 
> Now I remember why I had disabled selinux in the first place !

Quite interesting; we should get that fixed.  PK uses ConsoleKit to
determine what sessions are actually humans sitting at the computer, and
which are not.  So it's not entirely surprising that if CK isn't
working, PK won't either...  You might try 'touch /.autorelabel' and
reboot to see if somehow labeling got screwed up (which can happen if
you copy files around or 'make install' stuff, and you're not running
restorecond).

Dan

Follow-Ups:
- Re: NM before login?
  - From: Eric . Brunet

References:
- NM before login?
  - From: Timothy Murphy
- Re: NM before login?
  - From: Dan Williams
- Re: NM before login?
  - From: Eric . Brunet
- Re: NM before login?
  - From: Dan Williams
- Re: NM before login?
  - From: Eric . Brunet
- Re: NM before login?
  - From: Dan Williams
- Re: NM before login?
  - From: Eric . Brunet

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]