reassign 850116 gdm3 thanks I find it difficult to think of situations where a SEGV in a program is anything other than a bug in the program or a library it uses. If the program is prevented from doing something it wants to do (by SE Linux, Unix permissions, a filesystem error, lack of disk space, etc) it should log an error so that the sysadmin can fix the problem.
The are some situations in which an out of memory error can legitimately excuse a SEGV due to the need to allocate memory to log an error. But even that isn't a desirable situation and if it's repeatable it becomes a bug. The current SE Linux policy for XDM type programs works well for kdm (even though it's obsolete it still works), xdm, and sddm. When I was developing the policy for those programs (when the policy didn't permit everything they wanted to do) they didn't SEGV, and I think it's reasonable to expect that gdm3 not SEGV if it is in similar situations (which it isn't). When gdm3 SEGVs it is not giving an AVC error. So the things that it is asking to do SE Linux is permitting. The issue is most likely something related to interactions with PAM module SE Linux checks. It is plausible that further investigation will determine that this bug should be reassigned to pam or something else. But I can't imagine any way in which refpolicy could be a reasonable assignment for this bug. When working on this I ran "semodule -DB" and iteratively installed rules allowing everything that gdm3 tried to do, but it still gave a SEGV. Below is an extract from the SE Linux policy for XDM type programs. These are all programs that have worked in the past. Previous versions of GDM worked, gpe-dm worked, slim worked, lightdm worked, and wdm worked. Once this SEGV issue is solved I'll make it work. /opt/kde3/bin/kdm -- gen_context(system_u:object_r:xdm_exec_t,s0) /usr/s?bin/gdm(3)? -- gen_context(system_u:object_r:xdm_exec_t,s0) /usr/s?bin/gdm-binary -- gen_context(system_u:object_r:xdm_exec_t,s0) /usr/s?bin/lxdm(-binary)? -- gen_context(system_u:object_r:xdm_exec_t,s0) /usr/s?bin/[xkw]dm -- gen_context(system_u:object_r:xdm_exec_t,s0) /usr/bin/sddm -- gen_context(system_u:object_r:xdm_exec_t,s0) /usr/bin/gpe-dm -- gen_context(system_u:object_r:xdm_exec_t,s0) /usr/bin/slim -- gen_context(system_u:object_r:xdm_exec_t,s0) /usr/sbin/lightdm -- gen_context(system_u:object_r:xdm_exec_t,s0) /usr/X11R6/bin/[xgkw]dm -- gen_context(system_u:object_r:xdm_exec_t,s0) -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/
