Bug 1278287 - "shutdown --poweroff +1" acts immediately with setenforce 1
"shutdown --poweroff +1" acts immediately with setenforce 1
Status: CLOSED DUPLICATE of bug 1279928
Product: Fedora
Classification: Fedora
Component: systemd (Show other bugs)
23
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: systemd-maint
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-05 02:45 EST by Marius Vollmer
Modified: 2015-12-02 07:16 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-02 04:16:45 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Marius Vollmer 2015-11-05 02:45:29 EST
Description of problem:

When SELinux is on, delayed shutdowns don't work because the "shutdown" command can't talk to systemd-logind over D-Bus.

Version-Release number of selected component (if applicable):

systemd-222-7

How reproducible:

Always

Steps to Reproduce:
1. virt-builder fedora-23
2. Run the image and log in
3. setenforce 1
3. shutdown --poweroff +1

Actual results:

Machine powers off immediately.

Expected results:

Machine powers off in one minute.

Additional info:

This can be found in the journal:

Failed to call ScheduleShutdown in logind, proceeding with immediate shutdown: Access denied

marras 05 09:12:47 f3 systemd-logind[391]: Failed to save information about scheduled shutdowns: Permission denied
marras 05 09:12:47 f3 audit[391]: AVC avc:  denied  { create } for  pid=391 comm="systemd-logind" name=".#scheduledy93pDt" scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=file permissive=0
marras 05 09:12:47 f3 audit[391]: SYSCALL arch=c000003e syscall=2 success=no exit=-13 a0=55c6c9b18370 a1=800c2 a2=180 a3=0 items=0 ppid=1 pid=391 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-logind" exe="/usr/lib/systemd/systemd-logind" subj=system_u:system_r:systemd_logind_t:s0 key=(null)
marras 05 09:12:47 f3 audit: PROCTITLE proctitle="/usr/lib/systemd/systemd-logind"
marras 05 09:12:47 f3 cockpit-bridge[955]: Failed to call ScheduleShutdown in logind, proceeding with immediate shutdown: Access denied
marras 05 09:12:47 f3 systemd-logind[391]: Creating /run/nologin, blocking further logins...
marras 05 09:12:47 f3 audit[391]: AVC avc:  denied  { create } for  pid=391 comm="systemd-logind" name=".#nologingerasc" scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
marras 05 09:12:47 f3 systemd-logind[391]: Failed to create /run/nologin: Permission denied
marras 05 09:12:47 f3 audit[391]: SYSCALL arch=c000003e syscall=2 success=no exit=-13 a0=55c6c9b196f0 a1=800c2 a2=180 a3=0 items=0 ppid=1 pid=391 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-logind" exe="/usr/lib/systemd/systemd-logind" subj=system_u:system_r:systemd_logind_t:s0 key=(null)
marras 05 09:12:47 f3 audit: PROCTITLE proctitle="/usr/lib/systemd/systemd-logind"
marras 05 09:12:47 f3 systemd-logind[391]: Failed to abandon session scope: Transport endpoint is not connected
marras 05 09:12:47 f3 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Calling "setenforce 0" before "shutdown --poweroff +1" makes everything work as expected.
Comment 1 Jan Synacek 2015-12-02 04:16:45 EST

*** This bug has been marked as a duplicate of bug 1279928 ***
Comment 2 Marius Vollmer 2015-12-02 05:15:36 EST
Would bug 1255238 be a better duplicate?
Comment 3 Jan Synacek 2015-12-02 07:16:01 EST
Not really, there are several bugs about basically the same issue. I tried to link them together. The original issue is resolved now.

Note You need to log in before you can comment on or make changes to this bug.