Bug 619238
Summary: | can't login to normal F14 install - avc: denied { entrypoint } for comm="login" path="/bin/bash" | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jens Petersen <petersen> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | urgent | Docs Contact: | |
Priority: | medium | ||
Version: | 14 | CC: | bruno, dcantrell, drjohnson1, dwalsh, fdc, mgrepl, robatino |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | AcceptedBlocker | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-08-04 14:53:50 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 611990 |
Description
Jens Petersen
2010-07-29 01:01:40 UTC
Jesse suggested I make this a F14Alpha blocker for now. Tried both minimal install and standard desktop. (In reply to comment #0) > Steps to Reproduce: > 1. install rawhide directly: eg via F13 boot.iso pointed at rawhide mirror > or from http://alt.fedoraproject.org/pub/alt/stage/rawhide-20100722/x86_64/os/ If you boot with init=/bin/bash (or single user mode); $ rpm -qa | grep (upstart|systemd) Also, any AVC errors logged? Ah, I just managed to fix an install with a rescue disk which then lead to selinux relabelling when I rebooted. So yeah may be a selinux issue. (This was latest rawhide tree here today.) Will update with more details after next install attempt. It is running upstart-0.6.5-7.fc14 FWIW. I did a new install and see /var/log/messages has localhost kernel: type=1400 audit(...): avc: denied { entrypoint } for pid=1234 comm="login" path="/bin/bash" dev=dm-0 ino=41 scontext=unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file Reproduced with installer from http://alt.fedoraproject.org/pub/alt/stage/rawhide-20100722/x86_64/os/ and rawhide tree from local mirror. Setting as F14 Alpha blocker. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers I can confirm that forcing a relabel fixes the issue. * switching component to selinux-policy as decided in blocker review meeting. * setting severity as urgent since an installed system can't be used. Gentle reminder: we need a workaround or a fix by Tuesday in order to be able to start spinning Alpha RCs. Thanks! -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers After a minimal F13 install, updating fedora-release to 14-0.7, and updating, I have the same problem, but an selinux relabel does NOT fix it. I can still boot up either in rescue mode or single-user mode, start the network, and update/install packages that way. I tried resetting my password in the event it wasn't set properly, but that doesn't help. (It's a little hard to tell since the system won't shut down cleanly, so I have to force it off, and can't be sure if all settings are saved.) Booting up in single-user mode, then running "systemctl default", seems to be a workaround, giving me the ability to log in normally either as root or an ordinary user. Andre, please confirm that by "same problem", you mean AVCs matching the ones in comment 7. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers "grep avc /var/log/messages" returns no output, so it's not the same in that sense. (BTW, either the Subject should be changed to refer to F14, or the Version should be changed back to rawhide.) Thanks for the suggestion, I've changed the subject. Please file a bug with the issue you're experiencing. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers I don't see this any more with F14 alpha TC2. |