Bug 198068

Summary: SELinux outdated - prevents system from starting
Product: [Fedora] Fedora Reporter: Darwin H. Webb <thethirddoorontheleft>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED DUPLICATE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-07-11 14:10:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
dmesg for last boot plus last 30 messages
none
dmesg after SELinux update July 10th none

Description Darwin H. Webb 2006-07-09 01:30:44 UTC
Description of problem:
After updates of Jul 8th
Many avc messages
Xorg / dbus execmem, avahi , nautilus, 
Desktop - session screen wanted default (missing), Nautilus splash scerrn hung,
kick back into logon screen.
TTY2 to root and set selinux=permissive, rebooted
everything worked.
Need SELinux policy updated to reflect many chnages in FC6T1

Version-Release number of selected component (if applicable):


How reproducible:
3 times - same thing before setting SELinux to permissive.

Steps to Reproduce:
1. yum update and reboot
2.
3.
  
Actual results:
Desktop not functional 

Expected results:
Desktop usable

Additional info:

Comment 1 Darwin H. Webb 2006-07-09 01:30:45 UTC
Created attachment 132118 [details]
dmesg for last boot plus last 30 messages

Comment 2 Darwin H. Webb 2006-07-10 18:48:01 UTC
Created attachment 132192 [details]
dmesg after SELinux update July 10th

After SELinux-polcy update of July 10th, set to enforcing, and relable on
reboot, most avc messages removed but Desktop still failed.
1. At logon popup for default session still there.
2. Nautius splash screen hangs, click on it, Desktop goes back to Logon screen.

3. Set to permissive and reboot.
4. Desktop come up.

The dmesg shows 2 avc messages - 1 for reconstore and 1 for meticty (execmem).
Since execmem is a global setting, it must be a bug in meticity.
I will file a bug on meticity and ref to this one.

Comment 3 Daniel Walsh 2006-07-11 14:10:42 UTC
restorecond should not be a problem and will be fixed shortly.  Your remaining
problem is metacity which is reported in  #197910  So closing this as a
duplicate of that bug.

You can turn on the allow_execmem boolean to allow you to run with SELinux in
enforcing mode

setsebool -P allow_execmem=1

*** This bug has been marked as a duplicate of 197910 ***