gdm login problem when polyinstantiating /tmp

All of lore.kernel.org
 help / color / mirror / Atom feed

* gdm login problem when polyinstantiating /tmp
@ 2008-04-07 14:18 Xavier Toth
  2008-04-08 15:19 ` Xavier Toth
  0 siblings, 1 reply; 3+ messages in thread
From: Xavier Toth @ 2008-04-07 14:18 UTC (permalink / raw)
  To: SE Linux

When I configure namespace.conf to polyinstantiate /tmp I cannot login
through gdm. Looking at /var/log/secure it appears that pam_namespace
thinks everything is ok:

Apr  7 08:50:37 comms gdm-session-worker[2471]: pam_unix(gdm:session):
session closed for user tedx
Apr  7 08:50:54 comms gdm-session-worker[2687]:
pam_namespace(gdm:session): open_session - start
Apr  7 08:50:54 comms gdm-session-worker[2687]:
pam_namespace(gdm:session): Parsing config file
/etc/security/namespace.conf
Apr  7 08:50:54 comms gdm-session-worker[2687]:
pam_namespace(gdm:session): Expanded polydir: '/tmp'
Apr  7 08:50:54 comms gdm-session-worker[2687]:
pam_namespace(gdm:session): Expanded ruser polydir: '/tmp'
Apr  7 08:50:54 comms gdm-session-worker[2687]:
pam_namespace(gdm:session): Expanded instance prefix: '/tmp.inst/'
Apr  7 08:50:54 comms gdm-session-worker[2687]:
pam_namespace(gdm:session): Configured poly dirs:
Apr  7 08:50:54 comms gdm-session-worker[2687]:
pam_namespace(gdm:session): dir='/tmp' iprefix='/tmp.inst/' meth=3
Apr  7 08:50:54 comms gdm-session-worker[2687]:
pam_namespace(gdm:session): override user 0
Apr  7 08:50:54 comms gdm-session-worker[2687]:
pam_namespace(gdm:session): override user 3
Apr  7 08:50:54 comms gdm-session-worker[2687]:
pam_namespace(gdm:session): Set up namespace for pid 2687
Apr  7 08:50:54 comms gdm-session-worker[2687]:
pam_namespace(gdm:session): Checking for ns override in dir /tmp for
uid 0
Apr  7 08:50:54 comms gdm-session-worker[2687]:
pam_namespace(gdm:session): Checking for ns override in dir /tmp for
uid 0
Apr  7 08:50:54 comms gdm-session-worker[2687]:
pam_namespace(gdm:session): Overriding poly for user 0 for dir /tmp
Apr  7 08:50:54 comms gdm-session-worker[2687]:
pam_namespace(gdm:session): namespace setup ok for pid 2687

but in /var/log/messages I see things that make me think either gdm or
gconfd are having a problem which is killing the session:

Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSessionDirect:
Emitting 'accredited' signal
Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSimpleSlave: accredited
Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSimpleSlave:
trying to migrate session
Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSlave: getting
proxy for seat: /org/freedesktop/ConsoleKit/Seat1
Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSlave:
checking if seat can activate sessions
Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSlave: unable
to determine session to activate
Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSimpleSlave: migrated: 0
Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG:
GdmWelcomeSession: Stopping welcome_session
Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmCommon:
sending signal 15 to process -3271
Apr  7 08:58:15 comms gdm-simple-greeter[3271]: DEBUG:
GdmSignalHandler: handling signal 15
Apr  7 08:58:15 comms gdm-simple-greeter[3271]: DEBUG:
GdmSignalHandler: Found 1 callbacks
Apr  7 08:58:15 comms gdm-simple-greeter[3271]: DEBUG:
GdmSignalHandler: running 15 handler: 0x8052420
Apr  7 08:58:15 comms gdm-simple-greeter[3271]: DEBUG: Got callback
for signal 15
Apr  7 08:58:15 comms gdm-simple-greeter[3271]: DEBUG: Caught signal
15, shutting down normally.
Apr  7 08:58:15 comms gdm-simple-greeter[3271]: DEBUG:
GdmSignalHandler: Caught termination signal - exiting main loop
Apr  7 08:58:15 comms gconfd (gdm-3280): Exiting
Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG:
GdmWelcomeSession: Waiting on process 3271
Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmCommon:
process (pid:3271) done (status:1)
Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG:
GdmWelcomeSession: Wait on child process failed
Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG:
GdmWelcomeSession: WelcomeSession died
Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG:
GdmWelcomeSession: De-registering session from ConsoleKit
Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG:
GdmWelcomeSession: Stopping D-Bus daemon
Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmCommon:
sending signal 15 to process -3269
Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GreeterServer:
Stopping greeter server...
Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSlave:
Requesting user authorization
Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSlave: Got
user authorization: /tmp/.gdm-xauth-root.YMLB9T
Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSessionDirect:
looking for session file 'gnome.desktop'
Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GreeterServer:
obj_path=/org/freedesktop/DBus/Local
interface=org.freedesktop.DBus.Local method=Disconnected
Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GreeterServer: Disconnected
Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG:
greeter_server_unregister_handler

I'm using the following init script in my namespace.conf configuration
of /tmp to move the X unix domain socket:

#!/bin/sh
if [ \"$1\" == \"/tmp\" ]; then
   if [ ! -f /.tmp/.X11-unix ]; then
      mkdir -p /.tmp/.X11-unix > /dev/null 2>&1
   fi
   mount | grep X11-unix > /dev/null 2>&1
   if [ $? -ne 0 ]; then
      mount --bind /tmp/.X11-unix /.tmp/.X11-unix > /dev/null 2>&1
   fi
   cp -fp -- /tmp/.X0-lock \"$2/.X0-lock\" > /dev/null 2>&1
   mkdir -- \"$2/.X11-unix\" > /dev/null 2>&1
   ln -fs -- /.tmp/.X11-unix/X0 \"$2/.X11-unix/X0\" > /dev/null 2>&1
fi

Maybe there a similar things I need to do for gconfd?

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: gdm login problem when polyinstantiating /tmp
  2008-04-07 14:18 gdm login problem when polyinstantiating /tmp Xavier Toth
@ 2008-04-08 15:19 ` Xavier Toth
  2008-04-08 18:16   ` Daniel J Walsh
  0 siblings, 1 reply; 3+ messages in thread
From: Xavier Toth @ 2008-04-08 15:19 UTC (permalink / raw)
  To: SE Linux

Resolved: You've also got to move /tmp/.gdm-xauth`id -u -n`.* to the
polyinstantiated directory.

On Mon, Apr 7, 2008 at 9:18 AM, Xavier Toth <txtoth@gmail.com> wrote:
> When I configure namespace.conf to polyinstantiate /tmp I cannot login
>  through gdm. Looking at /var/log/secure it appears that pam_namespace
>  thinks everything is ok:
>
>  Apr  7 08:50:37 comms gdm-session-worker[2471]: pam_unix(gdm:session):
>  session closed for user tedx
>  Apr  7 08:50:54 comms gdm-session-worker[2687]:
>  pam_namespace(gdm:session): open_session - start
>  Apr  7 08:50:54 comms gdm-session-worker[2687]:
>  pam_namespace(gdm:session): Parsing config file
>  /etc/security/namespace.conf
>  Apr  7 08:50:54 comms gdm-session-worker[2687]:
>  pam_namespace(gdm:session): Expanded polydir: '/tmp'
>  Apr  7 08:50:54 comms gdm-session-worker[2687]:
>  pam_namespace(gdm:session): Expanded ruser polydir: '/tmp'
>  Apr  7 08:50:54 comms gdm-session-worker[2687]:
>  pam_namespace(gdm:session): Expanded instance prefix: '/tmp.inst/'
>  Apr  7 08:50:54 comms gdm-session-worker[2687]:
>  pam_namespace(gdm:session): Configured poly dirs:
>  Apr  7 08:50:54 comms gdm-session-worker[2687]:
>  pam_namespace(gdm:session): dir='/tmp' iprefix='/tmp.inst/' meth=3
>  Apr  7 08:50:54 comms gdm-session-worker[2687]:
>  pam_namespace(gdm:session): override user 0
>  Apr  7 08:50:54 comms gdm-session-worker[2687]:
>  pam_namespace(gdm:session): override user 3
>  Apr  7 08:50:54 comms gdm-session-worker[2687]:
>  pam_namespace(gdm:session): Set up namespace for pid 2687
>  Apr  7 08:50:54 comms gdm-session-worker[2687]:
>  pam_namespace(gdm:session): Checking for ns override in dir /tmp for
>  uid 0
>  Apr  7 08:50:54 comms gdm-session-worker[2687]:
>  pam_namespace(gdm:session): Checking for ns override in dir /tmp for
>  uid 0
>  Apr  7 08:50:54 comms gdm-session-worker[2687]:
>  pam_namespace(gdm:session): Overriding poly for user 0 for dir /tmp
>  Apr  7 08:50:54 comms gdm-session-worker[2687]:
>  pam_namespace(gdm:session): namespace setup ok for pid 2687
>
>  but in /var/log/messages I see things that make me think either gdm or
>  gconfd are having a problem which is killing the session:
>
>  Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSessionDirect:
>  Emitting 'accredited' signal
>  Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSimpleSlave: accredited
>  Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSimpleSlave:
>  trying to migrate session
>  Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSlave: getting
>  proxy for seat: /org/freedesktop/ConsoleKit/Seat1
>  Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSlave:
>  checking if seat can activate sessions
>  Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSlave: unable
>  to determine session to activate
>  Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSimpleSlave: migrated: 0
>  Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG:
>  GdmWelcomeSession: Stopping welcome_session
>  Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmCommon:
>  sending signal 15 to process -3271
>  Apr  7 08:58:15 comms gdm-simple-greeter[3271]: DEBUG:
>  GdmSignalHandler: handling signal 15
>  Apr  7 08:58:15 comms gdm-simple-greeter[3271]: DEBUG:
>  GdmSignalHandler: Found 1 callbacks
>  Apr  7 08:58:15 comms gdm-simple-greeter[3271]: DEBUG:
>  GdmSignalHandler: running 15 handler: 0x8052420
>  Apr  7 08:58:15 comms gdm-simple-greeter[3271]: DEBUG: Got callback
>  for signal 15
>  Apr  7 08:58:15 comms gdm-simple-greeter[3271]: DEBUG: Caught signal
>  15, shutting down normally.
>  Apr  7 08:58:15 comms gdm-simple-greeter[3271]: DEBUG:
>  GdmSignalHandler: Caught termination signal - exiting main loop
>  Apr  7 08:58:15 comms gconfd (gdm-3280): Exiting
>  Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG:
>  GdmWelcomeSession: Waiting on process 3271
>  Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmCommon:
>  process (pid:3271) done (status:1)
>  Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG:
>  GdmWelcomeSession: Wait on child process failed
>  Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG:
>  GdmWelcomeSession: WelcomeSession died
>  Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG:
>  GdmWelcomeSession: De-registering session from ConsoleKit
>  Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG:
>  GdmWelcomeSession: Stopping D-Bus daemon
>  Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmCommon:
>  sending signal 15 to process -3269
>  Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GreeterServer:
>  Stopping greeter server...
>  Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSlave:
>  Requesting user authorization
>  Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSlave: Got
>  user authorization: /tmp/.gdm-xauth-root.YMLB9T
>  Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GdmSessionDirect:
>  looking for session file 'gnome.desktop'
>  Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GreeterServer:
>  obj_path=/org/freedesktop/DBus/Local
>  interface=org.freedesktop.DBus.Local method=Disconnected
>  Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG: GreeterServer: Disconnected
>  Apr  7 08:58:15 comms gdm-simple-slave[3247]: DEBUG:
>  greeter_server_unregister_handler
>
>  I'm using the following init script in my namespace.conf configuration
>  of /tmp to move the X unix domain socket:
>
>  #!/bin/sh
>  if [ \"$1\" == \"/tmp\" ]; then
>    if [ ! -f /.tmp/.X11-unix ]; then
>       mkdir -p /.tmp/.X11-unix > /dev/null 2>&1
>    fi
>    mount | grep X11-unix > /dev/null 2>&1
>    if [ $? -ne 0 ]; then
>       mount --bind /tmp/.X11-unix /.tmp/.X11-unix > /dev/null 2>&1
>    fi
>    cp -fp -- /tmp/.X0-lock \"$2/.X0-lock\" > /dev/null 2>&1
>    mkdir -- \"$2/.X11-unix\" > /dev/null 2>&1
>    ln -fs -- /.tmp/.X11-unix/X0 \"$2/.X11-unix/X0\" > /dev/null 2>&1
>  fi
>
>  Maybe there a similar things I need to do for gconfd?
>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: gdm login problem when polyinstantiating /tmp
  2008-04-08 15:19 ` Xavier Toth
@ 2008-04-08 18:16   ` Daniel J Walsh
  0 siblings, 0 replies; 3+ messages in thread
From: Daniel J Walsh @ 2008-04-08 18:16 UTC (permalink / raw)
  To: Xavier Toth; +Cc: SE Linux

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Xavier Toth wrote:
> Resolved: You've also got to move /tmp/.gdm-xauth`id -u -n`.* to the
> polyinstantiated directory.
> 
Looks like we are getting a new version of gdm that stops using /tmp.
/var/run/gdm


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkf7tpgACgkQrlYvE4MpobPq3gCg2EE9n4YbVukR9g/hM5qYT75E
6QYAniXLRznndn1S/JmEJSIRURBxtDNV
=oY7R
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2008-04-08 18:51 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-04-07 14:18 gdm login problem when polyinstantiating /tmp Xavier Toth
2008-04-08 15:19 ` Xavier Toth
2008-04-08 18:16   ` Daniel J Walsh

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.