Bug 1314372
| Summary: | Current Rawhide Workstation live image does not reach GDM due to mislabelled /run/systemd/inhibit and /run/user/1000 | |||
|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Petr Lautrbach <plautrba> | |
| Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> | |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | |
| Severity: | urgent | Docs Contact: | ||
| Priority: | high | |||
| Version: | 24 | CC: | awilliam, cra, dominick.grift, dwalsh, extras-qa, jfrieben, johannbg, juliux.pigface, lnykryn, lvrabec, mgrepl, msekleta, muadda, petersen, plautrba, pschindl, robatino, satellitgo, s, systemd-maint, zbyszek | |
| Target Milestone: | --- | |||
| Target Release: | --- | |||
| Hardware: | x86_64 | |||
| OS: | Linux | |||
| Whiteboard: | AcceptedBlocker | |||
| Fixed In Version: | selinux-policy-3.13.1-176.fc24 | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | 1308771 | |||
| : | 1315779 1320973 (view as bug list) | Environment: | ||
| Last Closed: | 2016-03-08 19:07:43 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 1308771 | |||
| Bug Blocks: | 1230431 | |||
commit bc10e3f4a04dbf4e88c4ad8634d6137590f62f1b
Author: Lukas Vrabec <lvrabec>
Date: Thu Mar 3 15:18:10 2016 +0100
Build file_contexts.bin file_context.local.bin file_context.homedir.bin during build phase. This fix issue in Fedora live images when selinux-policy-targeted is not installed but just unpackaged, since there's no .bin files, file_contexts is parsed in selabel_open(). Resolves: rhbz#1314372
The fix worked, lives boot OK now. Thanks. |
Currently, selinux-policy-* packages don't ship %{_sysconfdir}/selinux/%1/contexts/files/file_contexts.bin. This file is created during post install phase. It would be useful to generate this file during build time and ship it in order to prevent cases like the one with Live workstation where selinux-policy-targeted is not installed, but only unpackaged. And since there's no .bin files, file_contexts is parsed in selabel_open(). While it's not a fix for #1308771, it could prevent similar issues in other not-yet-discovered cases and make Live images and maybe even Atomic a little bit faster.