1667171 – sddm-helper attempts to create a bizarre folder which gets blocked by SELinux

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1667171 - sddm-helper attempts to create a bizarre folder which gets blocked by SELinux

Summary: sddm-helper attempts to create a bizarre folder which gets blocked by SELinux

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	sddm
Sub Component:
Version:	28
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Rex Dieter
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-01-17 16:12 UTC by peoinas
Modified:	2019-04-15 17:43 UTC (History)
CC List:	10 users (show)
Fixed In Version:	sddm-0.18.0-4.fc29
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-04-15 17:43:36 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
output of sealert -l a527210d-c177-4faf-9e31-f14941998a95 (2.06 KB, text/plain) 2019-01-17 16:12 UTC, peoinas	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	sddm sddm issues 1145	0	None	None	None	2019-03-13 21:39:51 UTC

Description peoinas 2019-01-17 16:12:11 UTC

Created attachment 1521309 [details]
output of sealert -l a527210d-c177-4faf-9e31-f14941998a95

Every time on boot/login, sddm-helper attempts to create a folder with a long nonsense hexadecimal name (eg. EFBFBDEFBFBD1356) and gets blocked by SELinux. Looking at journalctl suggests this happens when sddm-helper attempts to open xsession-errors:

Jan 17 17:22:36 kitakubu audit[1317]: AVC avc:  denied  { create } for  pid=1317 comm="sddm-helper" name=EFBFBDEFBFBD1356 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:user_home_t:s0 tclass=dir permissive=0
Jan 17 17:22:36 kitakubu sddm-helper[1317]: Could not open stderr to "��\u0013V/.cache/xsession-errors"

Because the hex string is different each time, I'm worried there could be something nasty like overflowing going on here.

The sealert output (see attachment) says this started occurring on 2018-12-23. It started happening spontaneously, presumably after an update. My installation is a relatively recent Fedora 29 system (upgraded from 28), which I made last summer. I'm running KDE with an i3 window manager on top (instead of KWin). I have not attempted to reproduce this on a fresh installation.

Comment 1 Ondrej Dolak 2019-01-26 10:14:32 UTC

I can confirm same behaviour on my two computers. Both runs without selinux so the folders are created on every login. I have multiple accounts on both computers, two oldest profiles (migrated from FC25) are immune, but newly created profile suffers from this behaviour.

[root@dsk eva] ls -l
drwxr-xr-x. 4 eva eva  4096 20. led 13.07  Desktop
drwx------. 4 eva eva    51 26. zář  2013  workspace
drwxr-xr-x  3 eva eva    19 24. led 21.50  �A�U
drwxr-xr-x  3 eva eva    19 25. led 08.53 '�'$'\b''iU'
drwxr-xr-x  3 eva eva    19 26. led 10.31 '��'$'\034''V'
drwxr-xr-x  3 eva eva    19 24. led 14.44  ���U

I've also try this bug 1665521 
but abrt version/existence is unrelated to this.

Comment 2 Oleg Kochkin 2019-02-04 15:03:17 UTC

I confim this, selinux disabled:

$ ls -1
''$'\020'
''$'\020''@J�'$'\006''V'

In folders always empty file ".cache/xsession-errors"

Comment 3 Matt Kinni 2019-02-15 22:16:59 UTC

I've observed the same behaviour on two of my machines running Fedora 29.

Comment 4 Petr Bartos 2019-03-11 21:31:59 UTC

Hi,
I have the same problem with fresh installation of Fedora 29 (with disabled selinux). I've have migrated/copied three accounts from another computer (running Fedora 28, upgraded since 16) and this problem affects only two of them. I do not see this problem on another machine with Fedora 29 (also upgraded from previous versions).

Comment 5 Martin Bříza 2019-03-13 09:07:50 UTC

Hi.
This is fixed by this commit: https://github.com/sddm/sddm/commit/047ef56e5cfa757ebfcb03a248edad579564b5f3
The upstream bug is https://github.com/sddm/sddm/issues/1145
There are comments about making a new release soon so it's a question if we should cherry pick a fix or wait until it gets released.

Comment 6 Rex Dieter 2019-03-13 21:39:51 UTC

I'll see if it backports cleanly.

Comment 7 Fedora Update System 2019-03-14 16:17:57 UTC

sddm-0.18.0-4.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-96c964d319

Comment 8 Fedora Update System 2019-03-15 17:57:20 UTC

sddm-0.18.0-4.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-96c964d319

Comment 9 Fedora Update System 2019-04-15 17:43:36 UTC

sddm-0.18.0-4.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.