Bug 981738
Summary: | Shutdown and Reboot options in LXDE doesn't work after update to Fedora 19 | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Alexander230 <fire_2005> |
Component: | selinux-policy-targeted | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED ERRATA | QA Contact: | Ben Levenson <benl> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 19 | CC: | antonio.montagnani, christoph.wickert, danielsun3164, darkhado, dwalsh, ed.greshko |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i686 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-3.12.1-65.fc19 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-07-20 09:32:48 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Alexander230
2013-07-05 16:09:50 UTC
I'me experiencing the same issue, I guess it's SELinux-related...after a failed shutdown journalctl says: systemd[1]: SELinux policy denies access. console-kit-daemon[606]: Failed to issue method call: Access denied I don't know how to fix it, but as temporary workaround you can put SELinux into permissive mode The AVC for this is..... type=USER_AVC msg=audit(1373698327.629:499): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } for auid=-1 uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" scontext=system_u:system_r:consolekit_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' What version of selinux-policy-targeted is this? selinux-policy-targeted-3.12.1-62.fc19 Also, just tested with selinux-policy-targeted-3.12.1-63.fc19 from koji. Same results.....as expected. Fixed in selinux-policy-3.12.1-64.fc19 I just checked in a fix for this into git. b283fc8eb9f76eb33e51552ff7fc95c4c9a37577 Still fails..... I was ssh'd into the system and tried a shutdown. The terminal output..... [root@f18x audit]# rpm -qa | grep ^selinux selinux-policy-doc-3.12.1-64.fc19.noarch selinux-policy-devel-3.12.1-64.fc19.noarch selinux-policy-targeted-3.12.1-64.fc19.noarch selinux-policy-3.12.1-64.fc19.noarch [root@f18x audit]# Broadcast message from root@f18x (Tue 2013-07-16 15:58:09 CST): The system is going down for power-off NOW! [root@f18x audit]# cat audit.log type=SERVICE_START msg=audit(1373961485.437:471): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="upower" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' type=USER_AVC msg=audit(1373961489.309:472): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } for auid=-1 uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" scontext=system_u:system_r:consolekit_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' And no shutdown occurred. selinux-policy-3.12.1-65.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-65.fc19 That new version does fix the issue..... I have one question. During the update process I saw... Updating : selinux-policy-3.12.1-65.fc19.noarch 1/8 Updating : selinux-policy-doc-3.12.1-65.fc19.noarch 2/8 Updating : selinux-policy-targeted-3.12.1-65.fc19.noarch 3/8 *** Updating : selinux-policy-devel-3.12.1-65.fc19.noarch 4/8 I don't recall ever seeing "***" during an update. What is the meaning? Confirmed. It fixes the issue.... (In reply to Ed Greshko from comment #7) > Still fails..... > > I was ssh'd into the system and tried a shutdown. The terminal output..... > > [root@f18x audit]# rpm -qa | grep ^selinux > selinux-policy-doc-3.12.1-64.fc19.noarch > selinux-policy-devel-3.12.1-64.fc19.noarch > selinux-policy-targeted-3.12.1-64.fc19.noarch > selinux-policy-3.12.1-64.fc19.noarch > [root@f18x audit]# > Broadcast message from root@f18x (Tue 2013-07-16 15:58:09 CST): > > The system is going down for power-off NOW! > > > [root@f18x audit]# cat audit.log > type=SERVICE_START msg=audit(1373961485.437:471): pid=1 uid=0 > auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' > comm="upower" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? > res=success' > type=USER_AVC msg=audit(1373961489.309:472): pid=1 uid=0 auid=4294967295 > ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } > for auid=-1 uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" > scontext=system_u:system_r:consolekit_t:s0 > tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service > exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' > > > And no shutdown occurred. #============= consolekit_t ============== #!!!! This avc is allowed in the current policy allow consolekit_t power_unit_file_t:service start; You need to install the latest version. Package selinux-policy-3.12.1-65.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-65.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-13172/selinux-policy-3.12.1-65.fc19 then log in and leave karma (feedback). Fixed after updating selinux-policy from updates-testing. selinux-policy-3.12.1-65.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. |