Headsup: Xorg is broken in F-22 when used with fips or /etc/system-fips
Hi all, Debugging this took me ages, so I thought I would share this with you, with the new gdm on wayland landed in F-22 recently Xorg gets started as a regular user. This is a good thing as we want to move to Xorg running as a regular user, but we're not 100% there yet, so currently Xorg is still suid-root, and needs those root rights to function properly. But when fips is enabled either on the kernel commandline or a /etc/system-fips file exists one of the libraries X is using is dropping the root rights at early library init and things fail. So if X is not working for you all of a sudden, make sure you do not have fips enabled on the kernel commandline, and remove any /etc/system-fips file you may have. Regards, Hans -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Headsup: Xorg is broken in F-22 when used with fips or /etc/system-fips
On Út, 2015-02-24 at 10:42 +0100, Hans de Goede wrote: Hi all, Debugging this took me ages, so I thought I would share this with you, with the new gdm on wayland landed in F-22 recently Xorg gets started as a regular user. This is a good thing as we want to move to Xorg running as a regular user, but we're not 100% there yet, so currently Xorg is still suid-root, and needs those root rights to function properly. But when fips is enabled either on the kernel commandline or a /etc/system-fips file exists one of the libraries X is using is dropping the root rights at early library init and things fail. So if X is not working for you all of a sudden, make sure you do not have fips enabled on the kernel commandline, and remove any /etc/system-fips file you may have. This is unintended side-effect of running the FIPS selftest in the libgcrypt constructor, we need to fix that. Please open a new bug against libgcrypt so the bug fix is tracked. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Headsup: Xorg is broken in F-22 when used with fips or /etc/system-fips
Hi, On 02/24/2015 06:02 PM, Tomas Mraz wrote: On Út, 2015-02-24 at 10:42 +0100, Hans de Goede wrote: Hi all, Debugging this took me ages, so I thought I would share this with you, with the new gdm on wayland landed in F-22 recently Xorg gets started as a regular user. This is a good thing as we want to move to Xorg running as a regular user, but we're not 100% there yet, so currently Xorg is still suid-root, and needs those root rights to function properly. But when fips is enabled either on the kernel commandline or a /etc/system-fips file exists one of the libraries X is using is dropping the root rights at early library init and things fail. So if X is not working for you all of a sudden, make sure you do not have fips enabled on the kernel commandline, and remove any /etc/system-fips file you may have. This is unintended side-effect of running the FIPS selftest in the libgcrypt constructor, we need to fix that. Please open a new bug against libgcrypt so the bug fix is tracked. Done: https://bugzilla.redhat.com/show_bug.cgi?id=1195850 Regards, Hans -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
