SELinux execmem and execstack denials for everything, and GNOME not running

Posted by adamwill on December 23, 2013

So hey, this blog still exists!

For this author (AdamW), there are two major issues in Rawhide currently. SELinux appears to be denying ‘execmem’ and ‘execstack’ access to all sorts of stuff – this is affecting dhclient (stopping networking working), sshd, sssd (for those of us who use FreeIPA authentication), cups and several other things. I haven’t looked into what caused this exactly yet, but booting with enforcing=0 is likely to be a requirement for Rawhide users until it gets figured out. Bugs filed so far are #1046112 and #1045682.

Also for this author, GNOME currently fails to run at all. GDM doesn’t start, and if I boot to runlevel 3 and run startx I get an extremely broken GNOME session with Shell not running and windows all over the shop. For now, I’ve switched to Xfce. I suspect this is because about half of GNOME 3.11.3 got built before most of the desktop team left for the holidays, but again don’t have precise details yet. We may be able to get it fixed up with the help of any desktop folks who are still around.

Update on GNOME: turns out it just needs a new gsettings-desktop-schemas build. That is now in progress – grab that when it’s done, and GNOME should work again, with all other components at their latest Rawhide level.


4 Responses to “SELinux execmem and execstack denials for everything, and GNOME not running”

  1. Ryan Press said

    Hey thanks for this! I have these two problems, too. I installed the new gsettings-desktop-schemas and now it no longer crashes, but I have a third problem seen below:

    Dec 24 11:36:17 socrates gnome-session[2884]: /usr/bin/gnome-shell: symbol lookup error: /lib64/libclutter-1.0.so.0: undefined symbol: LIBEVDEV_READ_NORMAL
    Dec 24 11:36:17 socrates gnome-session[2884]: gnome-session[2884]: WARNING: App ‘gnome-shell.desktop’ exited with code 127

    It looks like the new version of clutter fixes this:

    If you have time maybe you could build the new clutter too? Thanks!

    • adamwill said

      Well, I’ve seen that error in trying to build gnome-shell against current clutter indeed, but didn’t know it was happening at runtime. Is it actually stopping Shell working for you?

      Rebuilding clutter is quite a big job as it requires rebuilding a dozen or so deptrees underneath it, so I was hoping to avoid it until the desktop team is back from the RH holiday shutdown…

      • Ryan Press said

        Yeah I can’t get to the desktop, I get the frowny face. Looks like it’s respawning gnome-shell because of this error and giving up? Here’s my log:

        Thanks again. I’m using my dual boot Windows (blech) so I don’t need it fixed asap; sounds like it’s a pain.

      • adamwill said

        Aha, I know what’s happening to you, Ryan. Unfortunately it’s going to be a PITA to fix on Rawhide as it’ll need a clutter rebuild.

        Downgrade libevdev to 0.5 and all should be fine. 0.6 apparently has an ABI change which breaks clutter and was not communicated. It was sent to F19 and F20 too(!) but has been rapidly -1ed out of existence for those two.

