| Summary: | SELinux prevents login on rawhide | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Josh Boyer <jwboyer> | ||||
| Component: | selinux-policy-targeted | Assignee: | Miroslav Grepl <mgrepl> | ||||
| Status: | CLOSED RAWHIDE | QA Contact: | Ben Levenson <benl> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | rawhide | CC: | dwalsh | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2011-08-02 21:04:45 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
Created attachment 516389 [details]
/var/log/messages from bad boot
Fixed in selinux-policy-3.10.0-13.fc17.noarch |
Description of problem: With the latest selinux-policy, udev, and systemd packages from rawhide, I can no longer login to the system, even as root. Version-Release number of selected component (if applicable): systemd-32-1.fc17.x86_64 udev-173-1.fc17.x86_64 selinux-policy-3.10.0-11.fc17.noarch selinux-policy-targeted-3.10.0-11.fc17.noarch How reproducible: Always Steps to Reproduce: 1. Install 2. Boot 3. Try to login via GDM or VT Actual results: It looks like the login works, then GDM restarts or the VT goes back to the login prompt Expected results: login works Additional info: If I add enforcing=0 to the kernel command line, I can login just fine. Here are some early avc denials: Aug 2 16:15:04 localhost kernel: [ 7.389050] type=1400 audit(1312316090.250:4): avc: denied { dyntransition } for pid=1 comm="systemd" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=process Aug 2 16:15:04 localhost kernel: [ 10.752448] type=1400 audit(1312316093.615:5): avc: denied { write } for pid=378 comm="udevd" name="notify" dev=tmpfs ino=8918 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file Aug 2 16:15:04 localhost kernel: [ 11.178286] type=1400 audit(1312316094.041:6): avc: denied { use } for pid=393 comm="loadkeys" path="/dev/null" dev=devtmpfs ino=4278 scontext=system_u:system_r:loadkeys_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd Aug 2 16:15:04 localhost kernel: [ 11.185978] type=1400 audit(1312316094.048:7): avc: denied { use } for pid=393 comm="loadkeys" path="socket:[9779]" dev=sockfs ino=9779 scontext=system_u:system_r:loadkeys_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd Aug 2 16:15:04 localhost kernel: [ 11.188895] type=1400 audit(1312316094.050:8): avc: denied { use } for pid=393 comm="loadkeys" path="socket:[9779]" dev=sockfs ino=9779 scontext=system_u:system_r:loadkeys_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd Aug 2 16:15:04 localhost kernel: [ 11.643555] type=1400 audit(1312316094.506:9): avc: denied { sigchld } for pid=1 comm="systemd" scontext=system_u:system_r:loadkeys_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process The majority of them are of the sigchld kind. I'll attach the boot log for the failed boot shortly. I tried touching ./autorelabel and that didn't do anything.