Bug 1753404

Summary: systemd-logind faled to boot after upgrade to dc 31
Product: [Fedora] Fedora Reporter: Martin Vala <vala.martin>
Component: rpm-ostreeAssignee: Colin Walters <walters>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 31CC: bkelly, dustymabe, jonathan, lvrabec, miabbott, philip.wyett, rfairley, walters
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-10-15 11:30:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Output of ausearch -m AVC none

Description Martin Vala 2019-09-18 19:45:57 UTC 
Description of problem:
After rebasing silverblue to fc31. I cannot boot system

Version-Release number of selected component (if applicable):


How reproducible:
Rebase silverblue fedora 31

Steps to Reproduce:
1. Boot system
2. Logfile shows
Sep 18 14:46:24 localhost.localdomain systemd[909]: systemd-logind.service: Failed to set up special execution directory in /var/lib: Permission denied
Sep 18 14:46:24 localhost.localdomain systemd[909]: systemd-logind.service: Failed at step STATE_DIRECTORY spawning /sbin/modprobe: Permission denied
Sep 18 14:46:24 localhost.localdomain systemd[911]: systemd-logind.service: Failed to set up special execution directory in /var/lib: Permission denied
Sep 18 14:46:24 localhost.localdomain systemd[911]: systemd-logind.service: Failed at step STATE_DIRECTORY spawning /usr/lib/systemd/systemd-logind: Permission denied
Sep 18 14:46:24 localhost.localdomain systemd[1]: systemd-logind.service: Main process exited, code=exited, status=238/STATE_DIRECTORY
Sep 18 14:46:24 localhost.localdomain systemd[1]: systemd-logind.service: Failed with result 'exit-code'.
Sep 18 14:46:24 localhost.localdomain systemd[1]: Failed to start Login Service.

3.

Actual results:
Doesn't boot

Expected results:
Boots correctly

Additional info:
Comment 1 Martin Vala 2019-09-19 20:15:44 UTC 
Any updates? i would like to try fc31 silverblue.
Comment 2 Lukas Vrabec 2019-09-25 07:37:07 UTC 
Hi Martin, 

Could you please attach also output from audit logs? 

# ausearch -m AVC 

THanks,
Lukas.
Comment 3 Martin Vala 2019-09-25 07:48:38 UTC 
Created attachment 1618920 [details]
Output of ausearch -m AVC

Here it is
Comment 4 Boyd 2019-10-12 09:07:54 UTC 
Appears that I have run into this updating my dell xps13 9370 from Silverblue 30 to 31.
Comment 5 Boyd 2019-10-12 10:16:51 UTC 
ok  I had some selinux denials on gssproxy default.sock and also on /var/lib/AccountService/users/gdm which I have resolved.

I still have selinux denials reported in ausearch -m AVC for linger.  I have run restorecon on all of this:

/sysroot/ostree/deploy/fedora/var/lib/systemd/linger
/sysroot/ostree/deploy/fedora/var/lib/systemd/linger/me
/var/lib/systemd/linger
/var/lib/systemd/linger/me

I have removed 'me' from the linger directory.  And I have run loginctl disable-linger.

But I still have this in the ausearch log:  (There are more pids behind, but all the denials are for modprobe and d-logind with name=linger.  I still cannot boot into F31.

time->Sat Oct 12 10:03:26 2019
type=AVC msg=audit(1570874606.540:103): avc:  denied  { read } for  pid=919 comm="(modprobe)" name="linger" dev="dm-0" ino=2621453 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:systemd_logind_var_lib_t:s0 tclass=dir permissive=0
----
time->Sat Oct 12 10:03:26 2019
type=AVC msg=audit(1570874606.543:104): avc:  denied  { read } for  pid=920 comm="(d-logind)" name="linger" dev="dm-0" ino=2621453 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:systemd_logind_var_lib_t:s0 tclass=dir permissive=0
----
time->Sat Oct 12 10:03:26 2019
type=AVC msg=audit(1570874606.551:108): avc:  denied  { read } for  pid=923 comm="(modprobe)" name="linger" dev="dm-0" ino=2621453 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:systemd_logind_var_lib_t:s0 tclass=dir permissive=0
----
time->Sat Oct 12 10:03:26 2019
type=AVC msg=audit(1570874606.553:109): avc:  denied  { read } for  pid=924 comm="(d-logind)" name="linger" dev="dm-0" ino=2621453 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:systemd_logind_var_lib_t:s0 tclass=dir permissive=0
----
time->Sat Oct 12 10:03:26 2019
type=AVC msg=audit(1570874606.561:113): avc:  denied  { read } for  pid=927 comm="(modprobe)" name="linger" dev="dm-0" ino=2621453 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:systemd_logind_var_lib_t:s0 tclass=dir permissive=0
----
time->Sat Oct 12 10:03:26 2019
type=AVC msg=audit(1570874606.564:114): avc:  denied  { read } for  pid=928 comm="(d-logind)" name="linger" dev="dm-0" ino=2621453 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:systemd_logind_var_lib_t:s0 tclass=dir permissive=0
Comment 6 Martin Vala 2019-10-15 11:30:31 UTC 
This can be closed. I reinstalled silverblue and i don't see this error anymore
Comment 7 Boyd 2019-10-15 13:53:14 UTC 
I just rebased to F30 and back to F31 and this issue persists