Bug 1267207
Summary: | GDM Fails to start when selinux is enforcing | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Richard Bradfield <bradfier> | ||||||||
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||||||
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||
Severity: | high | Docs Contact: | |||||||||
Priority: | high | ||||||||||
Version: | rawhide | CC: | bradfier, bugzilla, dominick.grift, dwalsh, fedora, lvrabec, mgrepl, plautrba, robatino, vondruch, ypossem | ||||||||
Target Milestone: | --- | ||||||||||
Target Release: | --- | ||||||||||
Hardware: | Unspecified | ||||||||||
OS: | Unspecified | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | selinux-policy-3.13.1-150.fc24 | Doc Type: | Bug Fix | ||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2015-10-02 13:57:36 UTC | Type: | Bug | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Attachments: |
|
Hi, Could you attach also /var/log/audit/audit.log file? Thank you. It relates with security classes changes. We should have a fix in libselinux and we should require a new libselinux in the policy. Richard, could you try to execute # dnf update libselinux to see if it fixes your issue. Thank you. *** Bug 1265913 has been marked as a duplicate of this bug. *** And also run # systemctl daemon-reexec I can't see any difference with latest libselinux. $ rpm -q libselinux libselinux-2.4-4.fc24.x86_64 No difference for me either. I might add that the title is misleading, this occurred for me during a routine update of a rawhide install from a rawhide boot.iso. Both of my two active installs have this issue. libselinux-2.4-4 and daemon-reexec have had no effect. Yes, I installed originally from one of the early F23 pre-Alpha images, so this is unlikely to depend on how the installation happened. Changing title. Also removing needinfo since it's pretty clear the problem is not fixed. Created attachment 1079323 [details]
an audit.log
Well, an audit.log was asked for in the needinfo. Given that the original reporter has said nothing more, I will provide my own.
Created attachment 1079324 [details] /var/log/audit/audit.log Just noticed that one of the two needinfos I just cancelled was associated with Comment 1 (request for /var/log/audit/audit.log ). Attaching mine. Ok I added additiona fixes to rawhide. https://github.com/fedora-selinux/selinux-policy/commit/5aad18c3bcf173f58ab515321f2e6b6ae5570bb0 which fixes this issue for me. $ rpm -q selinux-policy selinux-policy-3.13.1-151.fc24.noarch The above version works for me. Thank you for testing. |
Created attachment 1078284 [details] Journal log after systemctl restart gdm Description of problem: I installed a clean F23 beta machine, then used dnf system upgrade to try and move up to Rawhide. When I rebooted the system, I got the 'Oh no! Something has gone wrong' screen, which repeats if I try and relaunch GDM. Setting 'setenforce 0', or setting selinux to permissive in the config allows everything to work normally. I have tried relabelling the filesystem. Version-Release number of selected component (if applicable): Rawhide as of 2015-09-28, precise version numbers to follow if required. How reproducible: Always Steps to Reproduce: Install F23 Beta from ISO. Perform dnf system-upgrade to Rawhide and reboot. Actual results: GDM Fails to start with an "Oops, something went wrong." screen. Expected results: GDM to start normally. Additional Info: Setting setenforce 0 from a tty allows GDM to start. Attached is a journal with all AVCs shown (I disabled dontaudit with semodule -DB).