Bug 454776

Summary: livecd-tools-017.1-1.fc9 breaks Xfce spin autologin
Product: [Fedora] Fedora Reporter: Kevin Fenzi <kevin>
Component: livecd-toolsAssignee: Jeremy Katz <katzj>
Status: CLOSED CANTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 9CC: davidz, dwalsh, eparis, katzj, vanmeeuwen+fedora
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-07-16 20:36:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
full log of fedora-livecd-xfce.ks with livecd-tools-017.1-1.fc9.i386 none

Description Kevin Fenzi 2008-07-09 21:55:03 UTC 
If you use the 017.1-1.fc9 version of livecd-tools on a updated F9 system to
make a Xfce livecd, the image builds fine, but then the user can't login. 

It seems /home/fedora gets a unconfined_t selinux context, and selinux won't let
the user login. 

Backing off to 017-1.fc9, everything works fine as expected. 

Happy to provide more info...
Comment 1 Jeremy Katz 2008-07-09 22:37:34 UTC 
Do you have the log of the livecd-creator run handy?  If not, I can probably get
one, but it'll take me a teensy bit to get things set up to do so.
Comment 2 Kevin Fenzi 2008-07-09 22:55:30 UTC 
I don't... ;( 
I can do another run here in a bit and save that though.
Comment 3 Kevin Fenzi 2008-07-10 02:35:32 UTC 
I'll attach the entire output, but these jump out: 

Installing: selinux-policy-targeted      #####################
[623/846]libsemanage.dbase_llist_query: could not query record value
SELinux:  Could not load policy file /etc/selinux/targeted/policy/policy.23: 
Invalid argument
/usr/sbin/load_policy:  Can't load policy:  Invalid argument
libsemanage.semanage_reload_policy: load_policy returned error code 2.
libsemanage.semanage_install_active: Could not copy
/etc/selinux/targeted/modules/active/policy.kern to
/etc/selinux/targeted/policy/policy.23. (No such file or directory).
semodule:  Failed!
libsemanage.semanage_link_sandbox: Could not access sandbox base file
/etc/selinux/targeted/modules/tmp/base.pp. (No such file or directory).
/usr/sbin/semanage: Could not add SELinux user guest_u
libsemanage.semanage_link_sandbox: Could not access sandbox base file
/etc/selinux/targeted/modules/tmp/base.pp. (No such file or directory).
/usr/sbin/semanage: Could not add SELinux user xguest_u
Comment 4 Kevin Fenzi 2008-07-10 02:37:39 UTC 
Oops. Thats the output from the livecd-tools-017-1.fc9 case. 

Let me update to the 017.1-1.fc9 and re-run.
Comment 5 Kevin Fenzi 2008-07-10 15:06:32 UTC 
The output from the 017.1-1 run is 25MB... 
Do you still want me to attach it?
Comment 6 Christoph Wickert 2008-07-10 15:11:12 UTC 
Created attachment 311487 [details]
full log of fedora-livecd-xfce.ks with livecd-tools-017.1-1.fc9.i386

The resulting iso does not work
Comment 7 Christoph Wickert 2008-07-10 15:16:48 UTC 
(In reply to comment #5)
> The output from the 017.1-1 run is 25MB... 

Mine is only 500 Kb, so attached it. The relevant part:

  Installier: selinux-policy-targeted      #####################
[622/856]libsemanage.dbase_llist_query: could not query record value
SELinux:  Could not downgrade policy file
/etc/selinux/targeted/policy/policy.23, searching for an older version.
SELinux:  Could not open policy file <= /etc/selinux/targeted/policy/policy.23:
 No such file or directory
/usr/sbin/load_policy:  Can't load policy:  No such file or directory
libsemanage.semanage_reload_policy: load_policy returned error code 2.
libsemanage.semanage_install_active: Could not copy
/etc/selinux/targeted/modules/active/policy.kern to
/etc/selinux/targeted/policy/policy.23. (No such file or directory).
semodule:  Failed!
libsemanage.semanage_link_sandbox: Could not access sandbox base file
/etc/selinux/targeted/modules/tmp/base.pp. (No such file or directory).
Comment 8 Jeremy Katz 2008-07-10 16:16:06 UTC 
cwickert -- yours is pulling from updates, the official spin will be pulling
from the release version only. 

Eric/Dan -- would it be expected to get failures with the new SELinux bits in
livecd-creator without an updated couple of packages?
Comment 9 Daniel Walsh 2008-07-10 18:51:13 UTC 
You need the updated policy and kernel I believe.
Comment 10 Kevin Fenzi 2008-07-10 19:41:47 UTC 
In the host running livecd-tools? Or in the chroot?
The host here is F9+all updates here...
Comment 11 Jeremy Katz 2008-07-10 21:25:35 UTC 
Updated policy in the chroot, updated kernel on the host is what my hunch would be
Comment 12 Kevin Fenzi 2008-07-10 22:34:31 UTC 
ok, so what do we do for the F9 Xfce spin then?

I would guess use the previous livecd-creator for the spinning on the host? 
If we add the updated policy, then we need a src.rpm image, right?
Comment 13 Jeremy Katz 2008-07-10 23:43:18 UTC 
Yeah, I think that spinning with the F9 livecd-tools is probably the right thing
to do.  Were we doing this concurrent with the release as per the intent, we'd
have been doing that to begin with.
Comment 14 Jeremy Katz 2008-07-16 20:36:18 UTC 
And confirmed that that makes things better.  Going to close this as CANTFIX as
fundamentally, the "work with SELinux enforcing" changes kind of require a
packages with fixes being installed.