Summary: | =gnome-base/gdm-3.6* + systemd + hardened kernel : Fails to start when access to /proc is restricted. | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Alexander Tsoy <alexander> |
Component: | [OLD] GNOME | Assignee: | Gentoo Linux Gnome Desktop Team <gnome> |
Status: | RESOLVED DUPLICATE | ||
Severity: | normal | CC: | hardened, pva, tomwij, zazdxscf+bugs.gentoo.org |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 389719 |
Description
Alexander Tsoy
2013-02-06 23:51:07 UTC
[ebuild R ~] gnome-base/gdm-3.6.2 USE="fallback gnome-shell introspection ipv6 systemd tcpd -accessibility -audit -consolekit -debug -fprint -ldap -plymouth (-selinux) -smartcard {-test} -xinerama" 0 kB [ebuild R ] sys-auth/polkit-0.110 USE="examples gtk introspection nls pam systemd -kde (-selinux)" 0 kB @reporter: Please do not CC maintainers manually as that creates extra mails and work on our part. @gnome herd: Please check whether this really blocks "gnome3-upgrade-guide". Forget to mention: I'm using systemd. Maybe there is no such issue with openrc + consolekit. @tomwij: this issue is not only specific to hardened kernel. In comment 0 I also wrote about "hidepid" mount option. So changing summary was not neccesary imo. (In reply to comment #3) > Forget to mention: I'm using systemd. Maybe there is no such issue with > openrc + consolekit. I actually had a very similar issue when I switched to systemd some time ago, I solved this by changing permissions on that directory; note that I do not run a hardened kernel. So, what you say might be true. Reverted the summary change. Is adding gdm to the CONFIG_GRKERNSEC_PROC_GID group really required, or is adding polkitd there enough? (Basically, I am asking whether this bug is identical to #472098, or if there is something additional here, specific only to gdm but not other polkit-based tools.) (In reply to Alexandre Rostovtsev from comment #5) Just tested with gnome-base/gdm-3.8.3.1. Adding gdm to the CONFIG_GRKERNSEC_PROC_GID group is not required. May be this was really required with gdm-3.6. Now I can't check this. :) Thanks. Marking this as duplicate of #472098, since the core problem here is with polkit, not with gdm. *** This bug has been marked as a duplicate of bug 472098 *** |