The trouble with the instructions: # ausearch -c 'sddm-helper' --raw | audit2allow -M my-sddmhelper # semodule -X 300 -i my-sddmhelper.pp
is the 1st time it can fail on file 'open'. When you do the above and 'open' is allowed but then get shot down when your program tries to 'write', 'relabelfrom', 'setattr', 'relabelto', or 'create'. Do this first: setenforce 0 Do the activity that triggers the AVC, then: setenforce 1 # ausearch -c 'sddm-helper' --raw | audit2allow -M my-sddmhelper # semodule -X 300 -i my-sddmhelper.pp This will allow all the activities that the program needs. Bill On 9/20/2017 11:56 AM, Bob Jackson wrote:
Have a Fedora 26 laptop which I update on a weekly basis by sudo from my regular account. After applying a batch of updates, including a new kernel, I rebooted. At the login screen I entered my standard login credentials but Plasma did not launch and it dropped back to the login screen. I tried an alternate account. It worked. Switched to VT2 and logged in with standard credentials. While doing so, the terminal reported, "Failed to connect to X server". From that terminal ran: startx /usr/bin/startkde which brought up my standard KDE environment. I worked this way for a couple of days trying to find clues in logs and discussion groups. Did find a recent thread on fedoraforum.org that described my situation exactly, but had no solution. https://forums.fedoraforum.org/showthread.php?p=1794119 Finally, while my workaround session was open, I went back to VT1 and tried another login from SDDM. It failed, but back in my working session I had an SELinux alert, which told me: SELinux is preventing sddm-helper from write access on the file .Xauthority. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that sddm-helper should be allowed write access on the .Xauthority file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'sddm-helper' --raw | audit2allow -M my-sddmhelper # semodule -X 300 -i my-sddmhelper.pp I applied the recommended fixes and tried again. Failed but received another alert: SELinux is preventing sddm-helper from open access on the file /home/xxxx/.Xauthority. ***** Plugin restorecon (99.5 confidence) suggests ************************ If you want to fix the label. /home/xxxx/.Xauthority default label should be xauth_home_t. Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly. Do # /sbin/restorecon -v /home/xxxx/.Xauthority Applied this fix and tried again ... with success. With the benefit of hindsight, does anyone have thoughts on why this might have happened, what these SELinux fixes (particularly the first two) did and whether this is a permanent resolution? Thanks, -- Bob _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
_______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org