Package: selinux-policy-default Version: 2:2.20140311-1 Severity: important Tags: upstream
Dear Maintainer, When using a SELinux-mapped user (user_u), LightDM fails to login with AVC denial messages, such as this one: type=AVC msg=audit(1396092400.551:432): avc: denied { sigchld } for pid=5823 comm="lightdm" scontext=user_u:user_r:user_ssh_agent_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=process It would seem that the usage of the SIGCHLD signal is blocked by SELinux on all processes which are not a direct child of Init, thus not allowing children of xdm_t login programs to send SIGCHLD signals to their parents. The issue has been reported in the Red Hat bugtracker: https://bugzilla.redhat.com/show_bug.cgi?id=903828 A fix has been applied in Fedora, with the comment "We should allow all user programs to sigchld login programs." Thank you very much for investigating this issue. -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (990, 'testing'), (250, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.13-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages selinux-policy-default depends on: ii libpam-modules 1.1.8-2 ii libselinux1 2.2.2-1 ii libsepol1 2.2-1 ii policycoreutils 2.2.5-1 ii python 2.7.5-5 ii selinux-utils 2.2.2-1 Versions of packages selinux-policy-default recommends: ii checkpolicy 2.2-1 ii setools 3.3.8-3 Versions of packages selinux-policy-default suggests: pn logcheck <none> pn syslog-summary <none> -- Configuration Files: /etc/selinux/default/modules/active/file_contexts.local [Errno 13] Permission denied: u'/etc/selinux/default/modules/active/file_contexts.local' -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org