Bug 1169103
Summary: | After F21 upgrade, encrypted /home no longer mounted at login due to AVC denial | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Tore Anderson <tore> | ||||
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> | ||||
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 21 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl, plautrba, tore | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2014-12-09 14:04:03 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Tore Anderson
2014-11-30 10:35:58 UTC
Hi, Please run: #restorecon -v /usr/sbin/lxdm-binary To fix your issue. (In reply to Lukas Vrabec from comment #1) > #restorecon -v /usr/sbin/lxdm-binary That didn't help. I ran the above command as root, set SELINUX=enforcing and rebooted. No luck. I also tried to "touch /.autorelabel" and rebooted another time. That didn't help either. Tore okay, I'll try reproduce it. Thank you for response. Could you attach: $ ls -Z /usr/sbin/lxdm-binary Thank you! -rwxr-xr-x. root root system_u:object_r:xdm_exec_t:s0 /usr/sbin/lxdm-binary Created attachment 965399 [details]
Detail output from setroubleshoot applet
When I log in in permissive mode, I sometimes (not always) get four SELinux alerts, relating to LXDM + eCryptfs. I suppose those are relevant to this bug, so I am attaching the detail output.
The error titles are:
1 SELinux is preventing /usr/sbin/mount.ecryptfs_private from entrypoint access on the file /usr/sbin/mount.ecryptfs_private.
2 SELinux is preventing /usr/sbin/lxdm-binary from write access on the file /home/.ecryptfs/tore/.Private/ECRYPTFS_FNEK_ENCRYPTED.FXZho6fsm0GiX-S-inXKR0vtfz5o74eWy2nKNTs3sCmHZTCGpCSH.4xtbpuSey-LQIaArQ8aTer66bk-.
3 SELinux is preventing /usr/sbin/lxdm-binary from write access on the file /home/.ecryptfs/tore/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWZho6fsm0GiX-S-inXKR0vtfz5o74eWy2nKspvsX6rhDfQutOr94hucPU--.
4 SELinux is preventing /usr/sbin/lxdm-binary from create access on the file ECRYPTFS_FNEK_ENCRYPTED.FWZho6fsm0GiX-S-inXKR0vtfz5o74eWy2nKspvsX6rhDfQutOr94hucPU--.
The actual files the encrypted names refer to, are:
$ ecryptfs-find ECRYPTFS_FNEK_ENCRYPTED.FXZho6fsm0GiX-S-inXKR0vtfz5o74eWy2nKNTs3sCmHZTCGpCSH.4xtbpuSey-LQIaArQ8aTer66bk-
/home/tore/.xsession-errors
$ ecryptfs-find ECRYPTFS_FNEK_ENCRYPTED.FWZho6fsm0GiX-S-inXKR0vtfz5o74eWy2nKspvsX6rhDfQutOr94hucPU--
/home/tore/.Xauthority
*** This bug has been marked as a duplicate of bug 1165578 *** |