Bug 795555

Summary: SELinux blocks reboot/shutdown in permissive mode
Product: [Fedora] Fedora Reporter: Martin Kho <rh-bugzilla>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 17CC: dominick.grift, dwalsh, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-02-22 14:40:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Martin Kho 2012-02-20 21:12:17 UTC 
Description of problem:
I'm using KDE. When I try to reboot or shutdown my system with SELinux in permissive mode results in an end session (log out). Running SELinux in restrictive mode log in takes more than 30 second to succeed. I've tried to find out why I got those failures (semodule -BD to see all AVC's), but without succes. No idea what else I can try.

Btw. Some applications are crashing (nepomuk [1], google-chrome) when SELinux is in restrictive/permissive mode, but run fine when SELinux is disabled. Google-chrome stopped crashing after I installed a module (sys_ptrace).

[1] https://bugzilla.redhat.com/show_bug.cgi?id=791121

I hope this report contain enough info to find out what happens. I see a lot of AVC messages in audit.log but I don't know which are relevant. If you need the file in what mode, please let me know.


Version-Release number of selected component (if applicable):
selinux-policy-3.10.0-89.fc17.noarch

How reproducible:
always

Steps to Reproduce:
A.
1. be sure SELinux is in permissive mode
2. Log in into KDE
3. Leave KDE vi Kickoff-menu (f-button) -> Leave -> Restart or Shut down
4. --> The log in screen appears (you can reboot or shutdown via Menu)
B.
1. be sure SELinux is in restrictive mode
2. Log in into KDE
3 --> get a cup of coffee :-)
  
Actual results:
A: Choosing reboot/shut down in Kickoff gives the log in screen.
B: Log in takes more than 30 seconds.

Expected results:
A: Choosing reboot/shut down in Kickoff reboots/shut down the system
B: Log in takes not so much time.

Additional info:
Comment 1 Martin Kho 2012-02-20 22:03:16 UTC 
Hi,

Now I've doubts if SELinux is the culprit wrt A. I just rebooted my system with SELinux disabled. I got the login screen :-(. So there must be another application that 'blocks' the reboot/shutdown. Sorry, any ideas?


Martin Kho
Comment 2 Miroslav Grepl 2012-02-21 06:42:56 UTC 
So it is not working also in permissive mode, right?
Comment 3 Martin Kho 2012-02-21 08:34:46 UTC 
Hi Miroslav,

Yes, both in permissive and disabled mode reboot/shutdown results in an end session (logout). So no SELinux issue here?

Martin Kho
Comment 4 Martin Kho 2012-02-22 14:09:44 UTC 
Hi Miroslav,

None of my issues seems to be related to SELinux. So please close this report as it was just noise :-)

Thanks,

Martin Kho

Btw. The log in delay is solved with the update to -91.