Re: NM before login?

From: Eric Brunet lps ens fr
To: Dan Williams <dcbw redhat com>
Cc: networkmanager-list gnome org
Subject: Re: NM before login?
Date: Mon, 18 May 2009 22:36:02 +0200

Dans son message du lundi 18/05/09 à 12:00, Dan Williams a écrit:
> >   kernel: type=1400 audit(1242370619.482:8): avc: denied  { execute } for  pid=2465 comm="dbus-daemon-lau" name="console-kit-daemon" dev=sda2 ino=2327841 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:consolekit_exec_t:s0 tclass=file
> >   kdm: Cannot open ConsoleKit session: Unable to open session: Cannot launch daemon, file not found or permissions invalid
> >   kdm: Client start failed
> >   kdm: Cannot close ConsoleKit session: Unable to close session: no session open
> > 
> > Now I remember why I had disabled selinux in the first place !
> 
> Quite interesting; we should get that fixed.  PK uses ConsoleKit to
> determine what sessions are actually humans sitting at the computer, and
> which are not.  So it's not entirely surprising that if CK isn't
> working, PK won't either...  You might try 'touch /.autorelabel' and
> reboot to see if somehow labeling got screwed up (which can happen if
> you copy files around or 'make install' stuff, and you're not running
> restorecond).

I have a hard time debugging this, as I don't understand how selinux is
working, and I find the error message most difficult to read.

However, as I read it, ConsoleKit is not launched because of selinux.
When SELINUX is disabled (as it is now), I have the impression that CK is
correctly launched (nothing bad in the logs) and everything should work. 

Or do you believe that the failure of CK to launch when selinux is
enabled indicates a problem with CK when selinux is disabled which
prevents nm-connection-editor to work ?

Or do you believe (I shiver at the idea) that the toolchain
CK+PK+nm-connection-editor requires an enabled selinux ?

About your suggestion, when I changed de config file
/etc/sysconfig/selinux to set SELINUX=enforcing and I rebooted, the boot
took several extra minutes in text mode, printing "relabelling the
filesystem', or something equivalent. So I think the "touch
/.autorelabel" is not necessary.

Regards,

	Éric

References:
- NM before login?
  - From: Timothy Murphy
- Re: NM before login?
  - From: Dan Williams
- Re: NM before login?
  - From: Eric . Brunet
- Re: NM before login?
  - From: Dan Williams
- Re: NM before login?
  - From: Eric . Brunet
- Re: NM before login?
  - From: Dan Williams
- Re: NM before login?
  - From: Eric . Brunet
- Re: NM before login?
  - From: Dan Williams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]