It's impossible to create new thinlinc sessions on Fedora 19. The logs show this: 2013-05-03 14:24:04 WARNING tl-session: pam_open_session failed: 14 (Cannot make/remove an entry for the specified session) and in secure we can find: May 3 14:24:04 dhcp-254-223 tl-session: pam_loginuid(thinlinc:session): set_loginuid failed An strace confirms it: [pid 10993] open("/proc/self/loginuid", O_WRONLY|O_TRUNC|O_NOFOLLOW) = 3 [pid 10993] write(3, "1001", 4) = -1 EPERM (Operation not permitted) [pid 10993] close(3) = 0 I don't understand why this is happening though. SELinux is in permissive mode, and in the same strace we can see that tl-session has both CAP_AUDIT_WRITE and CAP_AUDIT_CONTROL: [pid 10993] capget({_LINUX_CAPABILITY_VERSION_3, 0}, NULL) = 0 [pid 10993] capget({_LINUX_CAPABILITY_VERSION_3, 0}, {CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_SETPCAP|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_ADMIN|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_MODULE|CAP_SYS_RAWIO|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_PACCT|CAP_SYS_ADMIN|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TIME|CAP_SYS_TTY_CONFIG|CAP_MKNOD|CAP_LEASE|CAP_AUDIT_WRITE|CAP_AUDIT_CONTROL|CAP_SETFCAP, CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_SETPCAP|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_ADMIN|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_MODULE|CAP_SYS_RAWIO|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_PACCT|CAP_SYS_ADMIN|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TIME|CAP_SYS_TTY_CONFIG|CAP_MKNOD|CAP_LEASE|CAP_AUDIT_WRITE|CAP_AUDIT_CONTROL|CAP_SETFCAP, 0}) = 0 Disabling pam_loginuid makes it possible to log in though.
Reported to Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=959418
The problem is systemd (of course). They've changed the way loginuid works, so you absolutely must be started from systemd. No more running vsmagent (or sshd for that matter) from a terminal. This works for Fedora's SysV/LSB scripts as they redirect things via systemctl, but breaks for any third party stuff. The suggested "fix" is to source /etc/init.d/functions at the top of the init scripts. Just sourcing it is sufficient, but it's still hardly LSB compliant. So I'm hoping upstream can come up with a better suggestion.
We could also start shipping a systemd definition, as I believe that trumps any init script found.
(In reply to comment #3) > We could also start shipping a systemd definition, as I believe that trumps any > init script found. https://www.cendio.com/bugzilla/show_bug.cgi?id=4290
r27378 adds our own implementation of redirecting things via systemd.
Problem starting services on Ubuntu 13.04: /etc/init.d/vsmagent: 15: /opt/thinlinc/libexec/functions: Syntax error: redirection unexpected
(In reply to comment #6) > Problem starting services on Ubuntu 13.04: > > /etc/init.d/vsmagent: 15: /opt/thinlinc/libexec/functions: Syntax error: > redirection unexpected r27387.
Tested also on Fedora 19, starting a Gnome Shell session works fine. Closing.
