Bug 981738
| Summary: | Shutdown and Reboot options in LXDE doesn't work after update to Fedora 19 | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Alexander230 <fire_2005> |
| Component: | selinux-policy-targeted | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED ERRATA | QA Contact: | Ben Levenson <benl> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 19 | CC: | antonio.montagnani, christoph.wickert, danielsun3164, darkhado, dwalsh, ed.greshko |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i686 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | selinux-policy-3.12.1-65.fc19 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-07-20 09:32:48 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Alexander230
2013-07-05 16:09:50 UTC
I'me experiencing the same issue, I guess it's SELinux-related...after a failed shutdown journalctl says: systemd[1]: SELinux policy denies access. console-kit-daemon[606]: Failed to issue method call: Access denied I don't know how to fix it, but as temporary workaround you can put SELinux into permissive mode The AVC for this is.....
type=USER_AVC msg=audit(1373698327.629:499): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } for auid=-1 uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" scontext=system_u:system_r:consolekit_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
What version of selinux-policy-targeted is this? selinux-policy-targeted-3.12.1-62.fc19 Also, just tested with selinux-policy-targeted-3.12.1-63.fc19 from koji. Same results.....as expected. Fixed in selinux-policy-3.12.1-64.fc19 I just checked in a fix for this into git. b283fc8eb9f76eb33e51552ff7fc95c4c9a37577 Still fails.....
I was ssh'd into the system and tried a shutdown. The terminal output.....
[root@f18x audit]# rpm -qa | grep ^selinux
selinux-policy-doc-3.12.1-64.fc19.noarch
selinux-policy-devel-3.12.1-64.fc19.noarch
selinux-policy-targeted-3.12.1-64.fc19.noarch
selinux-policy-3.12.1-64.fc19.noarch
[root@f18x audit]#
Broadcast message from root@f18x (Tue 2013-07-16 15:58:09 CST):
The system is going down for power-off NOW!
[root@f18x audit]# cat audit.log
type=SERVICE_START msg=audit(1373961485.437:471): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="upower" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=USER_AVC msg=audit(1373961489.309:472): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } for auid=-1 uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" scontext=system_u:system_r:consolekit_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
And no shutdown occurred.
selinux-policy-3.12.1-65.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-65.fc19 That new version does fix the issue..... I have one question. During the update process I saw... Updating : selinux-policy-3.12.1-65.fc19.noarch 1/8 Updating : selinux-policy-doc-3.12.1-65.fc19.noarch 2/8 Updating : selinux-policy-targeted-3.12.1-65.fc19.noarch 3/8 *** Updating : selinux-policy-devel-3.12.1-65.fc19.noarch 4/8 I don't recall ever seeing "***" during an update. What is the meaning? Confirmed. It fixes the issue.... (In reply to Ed Greshko from comment #7) > Still fails..... > > I was ssh'd into the system and tried a shutdown. The terminal output..... > > [root@f18x audit]# rpm -qa | grep ^selinux > selinux-policy-doc-3.12.1-64.fc19.noarch > selinux-policy-devel-3.12.1-64.fc19.noarch > selinux-policy-targeted-3.12.1-64.fc19.noarch > selinux-policy-3.12.1-64.fc19.noarch > [root@f18x audit]# > Broadcast message from root@f18x (Tue 2013-07-16 15:58:09 CST): > > The system is going down for power-off NOW! > > > [root@f18x audit]# cat audit.log > type=SERVICE_START msg=audit(1373961485.437:471): pid=1 uid=0 > auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' > comm="upower" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? > res=success' > type=USER_AVC msg=audit(1373961489.309:472): pid=1 uid=0 auid=4294967295 > ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } > for auid=-1 uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" > scontext=system_u:system_r:consolekit_t:s0 > tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service > exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' > > > And no shutdown occurred. #============= consolekit_t ============== #!!!! This avc is allowed in the current policy allow consolekit_t power_unit_file_t:service start; You need to install the latest version. Package selinux-policy-3.12.1-65.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-65.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-13172/selinux-policy-3.12.1-65.fc19 then log in and leave karma (feedback). Fixed after updating selinux-policy from updates-testing. selinux-policy-3.12.1-65.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. |