Bug 498227

Summary: SeLinux freezes Fedora on shutdown
Product: [Fedora] Fedora Reporter: Leslie Brooks <no_cats2000>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: dwalsh, jkubin, mgrepl, s.fielding
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-04-30 13:50:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
audit log as requested from previous user
none
Audit log as requested none

Description Leslie Brooks 2009-04-29 14:17:40 UTC 
Description of problem: On my ECS A740GM-M motherboard with AMD X2 7750 processor, shutdown freezes some of the time.  I installed Fedora 11 Preview and it froze after I told it to reboot.  I power cycled the computer and it booted from the hard drive just fine; I added all of the updates and it froze again when I told it to shutdown.  The freeze was after the desktop had cleared and just the wallpaper was showing.  Ctrl-Alt-Backspace did not do anything.

I had installed with one change - I formatted the hard drive without LVM.

Version-Release number of selected component (if applicable):
F11 Preview

How reproducible:  Intermittent.  It happened the first two times I tried to shut down the system, but did not happen on the next two tries.  I updated after the first hang, and only after the first hang.


Steps to Reproduce:
1. Boot
2. Login
3. Select 'Shutdown'
  
Actual results: The desktop clears, leaving just the wallpaper showing, then all activity stops and nothing else happens.


Expected results:


Additional info:

/var/logs/messages:

Apr 28 21:33:07 localhost gdm-simple-slave[1835]: GLib-GObject-CRITICAL: g_object_ref: assertion `G_IS_OBJECT (object)' failed
Apr 28 21:33:07 localhost avahi-daemon[1349]: Got SIGTERM, quitting.
Apr 28 21:33:07 localhost avahi-daemon[1349]: Leaving mDNS multicast group on interface eth0.IPv4 with address 192.168.3.202.
Apr 28 21:33:07 localhost init: rc0 main process (5635) killed by TERM signal
Apr 28 21:33:07 localhost gdm[5639]: ******************* START **********************************
Apr 28 21:33:07 localhost gnome-session[1993]: WARNING: Unable to stop system: Not privileged for action: org.freedesktop.consolekit.system.stop no
Apr 28 21:33:07 localhost gnome-session[1993]: WARNING: Unable to stop system: Not privileged for action: org.freedesktop.consolekit.system.stop no
Apr 28 21:33:07 localhost gnome-session[1993]: WARNING: Unable to stop system: Not privileged for action: org.freedesktop.consolekit.system.stop no
Apr 28 21:33:07 localhost gnome-session[1993]: WARNING: Unable to stop system: Not privileged for action: org.freedesktop.consolekit.system.stop no
Apr 28 21:33:07 localhost gnome-session[1993]: WARNING: Unable to stop system: Not privileged for action: org.freedesktop.consolekit.system.stop no
Apr 28 21:33:07 localhost gnome-session[1993]: WARNING: Unable to stop system: Not privileged for action: org.freedesktop.consolekit.system.stop no
Apr 28 21:33:07 localhost gdm[5639]: #0  0x4a26796e in ?? ()
Apr 28 21:33:07 localhost gdm[5639]:
Apr 28 21:33:07 localhost gdm[5639]: Thread 1 (process 1835):
Apr 28 21:33:07 localhost gdm[5639]: #0  0x4a26796e in ?? ()
Apr 28 21:33:07 localhost gdm[5639]: No symbol table info available.
Apr 28 21:33:07 localhost gdm[5639]: The program is running.  Quit anyway (and detach it)? (y or n) [answered Y; input not from terminal]
Apr 28 21:33:07 localhost gdm[5639]: ******************* END **********************************
Apr 28 21:33:09 localhost setroubleshoot: SELinux is preventing shutdown (consolekit_t) "create" consolekit_t. For complete SELinux messages. run sealert -l a8934330-f3a8-44ca-b0cb-65a09d03906b
Apr 28 21:33:09 localhost setroubleshoot: SELinux is preventing shutdown (consolekit_t) "create" consolekit_t. For complete SELinux messages. run sealert -l a8934330-f3a8-44ca-b0cb-65a09d03906b
Comment 1 Daniel Walsh 2009-04-29 14:21:31 UTC 
Please attach your /var/log/audit/audit.log
Comment 2 s.fielding 2009-04-30 09:32:29 UTC 
Created attachment 341887 [details]
audit log as requested from previous user
Comment 3 s.fielding 2009-04-30 09:33:55 UTC 
I have the same problem - seems to happen every time I try to shut down from the Gnome system menu. I have attached my audit log above.
Comment 4 Leslie Brooks 2009-04-30 13:44:54 UTC 
Created attachment 341923 [details]
Audit log as requested
Comment 5 Daniel Walsh 2009-04-30 13:50:37 UTC 
Could you try selinux-policy-3.6.12-25.fc11 and see if this fixes the problem.
This rule is available there.
Comment 6 s.fielding 2009-04-30 14:20:58 UTC 
selinux-policy-3.6.12-23.fc11 appears to have fixed it for me.

Thanks
Simon
Comment 7 Leslie Brooks 2009-04-30 20:06:30 UTC 
When did you get that security policy update, and how many times have you shut down since then?  Looking at the comments on that update I don't see any indication that it is intended to fix this problem.  This bug is marked as 'Closed', but I don't see any notes indicating why it is closed.  Because someone fixed it, or because you reported it fixed?

I just had the problem again, and I have shut down this machine perhaps 10 times since I last had it - so it is intermittent.  I don't think we can assume it is fixed until we have seen at least 30 shutdowns without the problem.

I am downloading selinux-policy-3.6.12-23 now and will see if it happens again.
Comment 8 Daniel Walsh 2009-04-30 21:38:55 UTC 
Right I am saying I  believe it is fixed in -25 which should be in koji.  If you can confirm the fix, I will ask to push into final release.
Comment 9 Leslie Brooks 2009-05-01 18:32:16 UTC 
To be clear, you believe it is fixed in selinux-policy-3.6.12-25?  Need Real Name thought it was fixed in -23, but I thought we needed more data points (more shutdowns) to be sure.

I will try to confirm the fix, but because of the intermittent nature I think it will take 30 shutdowns to be confident.  I have not yet installed -25, so I will do that now.

Need Real Name, have you installed -25, and how many times have you shut down since then?
Comment 10 Leslie Brooks 2009-05-02 22:57:46 UTC 
Where do I get -25?  I got -23 with a software update, but no -25.  The system hung on shutdown again today, with the same SELinux errors in the log.
Comment 11 Daniel Walsh 2009-05-04 14:39:06 UTC 
Fedora developers build into koji.  If these are for a released product we can submit these packages to the fedora-testing repository and if everything is good eventually to fedora-updates.

In the case of F11 which is in this in between world I can ask Release Engineering to add this package to the release.  Which I will probably do soon.


You can grab any release from

http://koji.fedoraproject.org/koji/

Just go to the search window and select selinux-policy

Which you can then click to the actual release and grab the packages.

http://koji.fedoraproject.org/koji/buildinfo?buildID=100563

Has build -26 for example.
Comment 12 Leslie Brooks 2009-05-06 00:17:51 UTC 
Thank you; I installed -29 (the latest).  I will let you know the results, positive or negative.