Bug 166010
| Summary: | Selinux doesn't allow logins after putting backed up harddrive data back | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Laurens Buhler <masterpe> |
| Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 4 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2005-08-25 19:18:06 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
You need to relabel. touch /.autorelabel reboot |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc4 Firefox/1.0.6 Description of problem: Due to a problem with partitioning I had to move my FC4 installation to another HD. Then repartition with the partition table altered from before and then putting the data back. - I used the FC4 rescuecd and a cp -a command to recopy the files to the original harddrive. - I then mount -o binded /proc /sys and /dev to the original HD and chrooted, ran: source /etc/profile - I made grub work again using the grub console and corrected fstab so that the new partitioning would be mapped correctly - I rebooted and found myself unable to login - Logged in with "selinux=0" passed to the grub commandline, used the securitylevel (X, not console) program to make selinux relabel itself, rebooted - Selinux relabeled itself, rebooted and login failed again - Logged in with selinux=0 once again, ran: "fixfiles relabel" as root, told it to clean up /tmp aswell, rebooted. It started relabeling again, rebooted after that. - No more login problems from that point on Version-Release number of selected component (if applicable): libselinux-1.23.10-2 selinux-policy-targeted-1.25.3-9, libselinux-1.23.10-2 How reproducible: Didn't try Steps to Reproduce: As you can read this is too much of a hassle to reproduce Actual Results: At one time in the process getting my FC4 installation working again did relabeling not work. Expected Results: It should have allowed me to login again. Additional info: System specs: Kernel: Linux 2.6.12-1.1398_FC4 Distro: Fedora Core release 4 (Stentz) CPU: AMD-K7(tm) Processor @ 601 Mhz Mem usage: 125.6/503.3 MB (25%) Swap usage: 0/682.4 MB (0%) Disk usage(Maxtor 92049U6): 4.5/17.4 GB (26%) X.org: 6.8.2 Videocard: S3 Inc. Savage 4 Res: 1152x864, 24-bits Audio: VIA Technologies, Inc. VT82C686 AC97 Audio Controller Ethernet: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ Some avc denied messages from my failed login attempts: Aug 15 19:43:21 server kernel: audit(1124127801.264:3): avc: denied { transition } for pid=2502 comm="gdm-binary" name="Xsession" dev=hda5 ino=4453503 scontext=system_u:system_r:kernel_t tcontext=user_u:system_r:unconfined_t tclass=process Aug 15 19:43:30 server kernel: audit(1124127810.500:4): avc: denied { transition } for pid=2525 comm="gdm-binary" name="Xsession" dev=hda5 ino=4453503 scontext=system_u:system_r:kernel_t tcontext=root:system_r:unconfined_t tclass=process Aug 15 19:44:09 server kernel: audit(1124127849.662:5): avc: denied { transition } for pid=2636 comm="gdm-binary" name="xterm" dev=hda5 ino=2161777 scontext=system_u:system_r:kernel_t tcontext=user_u:system_r:unconfined_t tclass=process Aug 15 19:44:30 server login[2247]: Warning! Could not relabel /dev/tty1 with root:object_r:tty_device_t, not relabeling.Permission denied Aug 15 19:44:30 server kernel: audit(1124127870.228:6): avc: denied { relabelto } for pid=2247 comm="login" name="tty1" dev=tmpfs ino=2307 scontext=system_u:system_r:kernel_t tcontext=root:object_r:tty_device_t tclass=chr_file Aug 15 19:44:30 server kernel: audit(1124127870.232:7): avc: denied { transition } for pid=2661 comm="login" name="bash" dev=hda5 ino=2095194 scontext=system_u:system_r:kernel_t tcontext=root:system_r:unconfined_t tclass=process Aug 15 19:45:42 server login[2663]: Warning! Could not relabel /dev/tty1 with root:object_r:tty_device_t, not relabeling.Permission denied Aug 15 19:45:42 server kernel: audit(1124127942.710:8): avc: denied { relabelto } for pid=2663 comm="login" name="tty1" dev=tmpfs ino=2307 scontext=system_u:system_r:kernel_t tcontext=root:object_r:tty_device_t tclass=chr_file Aug 15 19:45:42 server kernel: audit(1124127942.714:9): avc: denied { transition } for pid=2664 comm="login" name="bash" dev=hda5 ino=2095194 scontext=system_u:system_r:kernel_t tcontext=root:system_r:unconfined_t tclass=process Aug 15 20:01:28 server kernel: audit(1124128657.209:3): avc: denied { relabelto } for pid=1323 comm="setfiles" name="martin" dev=hda5 ino=916610 scontext=system_u:system_r:kernel_t tcontext=user_u:object_r:user_home_dir_t tclass=dir Aug 15 20:01:28 server kernel: audit(1124128657.211:4): avc: denied { relabelto } for pid=1323 comm="setfiles" name=".bash_history" dev=hda5 ino=916611 scontext=system_u:system_r:kernel_t tcontext=user_u:object_r:user_home_t tclass=file