severity 265920 wishlist
retitle 265920 kdm: please make it compatible with SE/Linux (don't remove
/var/run/xdmctl)
quit
* Luke Kenneth Casson Leighton [Mon, 16 Aug 2004 23:27:07 +0100]:
> hi there adeodato,
> then this needs to be made the default behaviour in the kdm package!
> it is unfortunately unreasonable to expect ordinary
> people using SE/Linux to go editing policy files, creating
> /var/run/xdmctl/.keep or to edit anything in /etc/kde3 at all.
> you are of course entitled to close this bug however you may wish to
> remain aware that as the number of Debian / SE/Linux / KDE users goes
> up, the number of reports of problems like "i upgraded and now i can't log
> in" will also go up.
> it is fortunate that i was able to track this because i understand
> SE/Linux.
> other users will not be so fortunate: they will likely give up, or
> worse, do something horrible to their SE/Linux policy files.
> l.
ok, that's very valid reasoning. we'll keep the bug report open and
set it to a wishlist severity.
you or some other SE/Linux user may consider reporting the problem to
upstream KDE, with a good reasoning too.
> On Mon, Aug 16, 2004 at 12:48:10PM -0700, Debian Bug Tracking System wrote:
> > This is an automatic notification regarding your Bug report
> > #265920: kdm 3.3 is deleting /var/run/xdmctl (causes problem under selinux),
> > which was filed against the kdm package.
> > It has been closed by one of the developers, namely
> > Adeodato =?iso-8859-1?Q?Sim=F3?= <[EMAIL PROTECTED]>.
> > Their explanation is attached below. If this explanation is
> > unsatisfactory and you have not received a better one in a separate
> > message then please contact the developer, by replying to this email.
> > Debian bug tracking system administrator
> > (administrator, Debian Bugs database)
> > Received: (at 265920-done) by bugs.debian.org; 16 Aug 2004 19:38:18 +0000
> > >From [EMAIL PROTECTED] Mon Aug 16 12:38:18 2004
> > Return-path: <[EMAIL PROTECTED]>
> > Received: from 84-120-64-227.onocable.ono.com (chistera.yi.org)
> > [84.120.64.227]
> > by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
> > id 1BwnJC-0006fL-00; Mon, 16 Aug 2004 12:38:18 -0700
> > Received: from userid 1000 by chistera.yi.org with local (Exim 4.34)
> > id 1BwnJ8-0006Nq-0R; Mon, 16 Aug 2004 21:38:14 +0200
> > Date: Mon, 16 Aug 2004 21:38:14 +0200
> > From: Adeodato =?iso-8859-1?Q?Sim=F3?= <[EMAIL PROTECTED]>
> > To: Luke Kenneth Casson Leighton <[EMAIL PROTECTED]>,
> > [EMAIL PROTECTED]
> > Subject: Re: Bug#265920: kdm 3.3 is deleting /var/run/xdmctl (causes
> > problem under selinux)
> > Message-ID: <[EMAIL PROTECTED]>
> > References: <[EMAIL PROTECTED]>
> > Mime-Version: 1.0
> > Content-Type: text/plain; charset=iso-8859-1
> > Content-Disposition: inline
> > Content-Transfer-Encoding: 8bit
> > In-Reply-To: <[EMAIL PROTECTED]>
> > X-No-CC: Please respect my Mail-Followup-To header
> > User-Agent: Mutt/1.5.6+20040810i
> > Delivered-To: [EMAIL PROTECTED]
> > X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
> > (1.212-2003-09-23-exp) on spohr.debian.org
> > X-Spam-Status: No, hits=-4.8 required=4.0 tests=BAYES_00,FROM_ENDS_IN_NUMS,
> > HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2004_03_25
> > X-Spam-Level:
> > * Luke Kenneth Casson Leighton [Sun, 15 Aug 2004 19:36:19 +0100]:
> > > the directory is being deleted and recreated.
> > > whilst this makes it nice and easy for dealing with sockets in it,
> > > it makes for an impossible situation for selinux.
> > > the issue is that kdm will have to be given both unlink and write access
> > > to /var/run, in order for /var/run/xdmctl to be deleted and recreated.
> > > neither of these things are desirable.
> > > this behaviour was not present in kdm 3.2.X.
> > you have two options:
> > # touch /var/run/xdmctl/.keep
> > kdm will refrain from unlinking the directory, then (checked).
> > set, in /etc/kde3/kdm/kdmrc, FifoDir to some directory which you don't
> > mind being created and unlinked on each kdm start-stop cycle. e.g.
> > FifoDir=/tmp/xdmctl.
> > I'm closing this bug, since I can't see why at least one of these
> > options won't work for you.
> > thanks, and please write back if this doesn't solve your problem,
--
Adeodato Simó
EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
Everything you read in newspapers is absolutely true, except for that
rare story of which you happen to have first-hand knowledge.
-- Erwin Knoll
