Bug 1656529

Summary: unable to log in on arm disk images - no shell: Permission denied
Product: [Fedora] Fedora Reporter: Paul Whalen <pwhalen>
Component: systemdAssignee: systemd-maint
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: dwalsh, herrold, lnykryn, lvrabec, mgrepl, msekleta, plautrba, rgm, ssahani, s, systemd-maint, zbyszek
Target Milestone: ---   
Target Release: ---   
Hardware: armhfp   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-02-11 18:56:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 245418    

Description Paul Whalen 2018-12-05 17:18:07 UTC 
Description of problem:
Attempting to log in when using Fedora-Server-armhfp-Rawhide-20181205.n.0-sda.raw.xz ended with:

localhost login: root
Password: 
 -- root: no shell: Permission denied


Version-Release number of selected component (if applicable):
selinux-policy-3.14.3-13.fc30.noarch

How reproducible:
Every time

Steps to Reproduce:
1. Boot recent rawhide arm disk image
2. After completing initial-setup, attempt to log in

Actual results:

ausearch -m avc -ts recent
----
time->Wed Dec  5 11:57:59 2018
type=AVC msg=audit(1544029079.633:221): avc:  denied  { transition } for  pid=1054 comm="(systemd)" path="/usr/lib/systemd/systemd" dev="sda3" ino=7089614 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process permissive=1
----
time->Wed Dec  5 11:57:59 2018
type=AVC msg=audit(1544029079.633:222): avc:  denied  { entrypoint } for  pid=1054 comm="(systemd)" path="/usr/lib/systemd/systemd" dev="sda3" ino=7089614 scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=file permissive=1
----
time->Wed Dec  5 11:58:00 2018
type=AVC msg=audit(1544029080.102:228): avc:  denied  { transition } for  pid=1061 comm="login" path="/usr/bin/bash" dev="sda3" ino=4371206 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process permissive=1
Comment 1 Lukas Vrabec 2018-12-12 14:16:37 UTC 
Hi All, 

Any idea why login has context kernel_t ? Is there something different on login process for arms? 

Thanks,
Lukas.
Comment 2 Paul Whalen 2019-02-11 18:56:42 UTC 
This is no longer an issue on arm disk images. Closing.