Description of problem: Every boot of Desktop (gnome) liveCD (built in 20140416) ends with message: "Failed to start Accounts Service" After a while screen goes dark and nothing more happens. Version-Release number of selected component (if applicable): I guess it's accountsservice-0.6.35-2.fc21.x86_64 (it is version from the day after liveCD was built) How reproducible: 100% Steps to Reproduce: 1. Boot liveCD Actual results: It will end with black screen. Expected results: Live system boots and the default user is logged in Additional info:
Created attachment 887459 [details] Boot output (without quiet) some relevant parts: .... [ 11.395170] accounts-daemon[675]: segfault at 10 ip 00007f5a67eac4a1 sp 00007fff580cb6d8 error 4 in libpthread-2.19.90.so[7f5a67ea3000+17000] [FAILED] Failed to start Accounts Service. .... Starting Authorization Manager... [ 14.448444] accounts-daemon[886]: segfault at 10 ip 00007fd9ac8e64a1 sp 00007fffcb2c42f8 error 4 in libpthread-2.19.90.so[7fd9ac8dd000+17000] [ 14.714115] polkitd[897]: segfault at 10 ip 00007f1cc7b794a1 sp 00007fff385be688 error 4 in libpthread-2.19.90.so[7f1cc7b70000+17000] [FAILED] Failed to start Authorization Manager. See 'systemctl status polkit.service' for details. [FAILED] Failed to start Accounts Service.
(In reply to Petr Schindler from comment #0) > Description of problem: > Every boot of Desktop (gnome) liveCD (built in 20140416) What image is this? Google find nothing obvious, and neither can I find a live image browsing download.fedoraproject.org. Could you provide an exact URL, please?
You can find it here: http://kojipkgs.fedoraproject.org//work/tasks/6981/6746981/Fedora-Live-Desktop-x86_64-rawhide-20140416.iso Generally we got newest livecds from here: https://apps.fedoraproject.org/releng-dash/#livecds I tested with today's livecd (http://kojipkgs.fedoraproject.org/work/tasks/6358/6756358/Fedora-Live-Desktop-x86_64-rawhide-20140419.iso) and it is still the same.
I'm seeing the same with a locally built live image. This still seems to be a problem.
I'm pretty sure this is actually a SELinux policy issue. polkit was hitting a denial and it just wasn't ready for it. I don't have the AVC to hand.
Yeah. Booting the local live image with enforcing=0 seems to get past the issue.
OK, looking at the logs it seems we're getting AVC denials on /dev/urandom type=AVC msg=audit(1398455505.523:17): avc: denied { read } for pid=683 comm="accounts-daemon" name="urandom" dev="devtmpfs" ino=6267 scontext=system_u:system_r:accountsd_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file type=AVC msg=audit(1398455505.523:17): avc: denied { open } for pid=683 comm="accounts-daemon" path="/dev/urandom" dev="devtmpfs" ino=6267 scontext=system_u:system_r:accountsd_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file type=AVC msg=audit(1398455506.150:26): avc: denied { read } for pid=735 comm="polkitd" name="urandom" dev="devtmpfs" ino=6267 scontext=system_u:system_r:policykit_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file type=AVC msg=audit(1398455506.150:26): avc: denied { open } for pid=735 comm="polkitd" path="/dev/urandom" dev="devtmpfs" ino=6267 scontext=system_u:system_r:policykit_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file Colin pointed to 1081429 for the SELinux issue. That's probably one problem, but polkitd probably shouldn't segfault.
Are folks still seeing this? I just booted the 0428 nightly in a VM and it booted fine. Josh, did you build your image from an F20 or F21 host? I've found that SELinux pain can sometimes result when trying to build lives 'cross-release', it always seems to work better to match up the host and image version.
Looks like this is fixed in selinux-policy-3.13.1-48.fc21.noarch