Bug 1286503 - systemd-logind (and other services) fail to start after a reboot
systemd-logind (and other services) fail to start after a reboot
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: systemd (Show other bugs)
22
x86_64 Linux
unspecified Severity high
: ---
: ---
Assigned To: systemd-maint
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-29 23:13 EST by Kent Yoder
Modified: 2015-11-30 20:20 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-11-30 20:20:34 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
audit log, audit2allow output, journalctl output, rpm-qa info, etc (86.75 KB, application/x-gzip)
2015-11-29 23:13 EST, Kent Yoder
no flags Details

  None (edit)
Description Kent Yoder 2015-11-29 23:13:42 EST
Created attachment 1100347 [details]
audit log, audit2allow output, journalctl output, rpm-qa info, etc

Description of problem:
Multiple services fail to start including systemd-logind, preventing login except through single user mode. The specific systemd-logind messages are:

Nov 29 21:33:28 localhost systemd-logind: Failed to add match for NameOwnerChanged: Connection reset by peer
Nov 29 21:33:28 localhost systemd-logind: Failed to fully start up daemon: Connection reset by peer
Nov 29 21:33:28 localhost systemd: systemd-logind.service: main process exited, code=exited, status=1/FAILURE
Nov 29 21:33:28 localhost systemd: Failed to start Login Service.
Nov 29 21:33:28 localhost systemd: Unit systemd-logind.service entered failed state.
Nov 29 21:33:28 localhost systemd: systemd-logind.service failed.

However, the common error between all failing services seems to be an selinux deny in talking to dbus.

Version-Release number of selected component (if applicable):

systemd-219-25.fc22.x86_64
systemd-python3-219-25.fc22.x86_64
systemd-libs-219-25.fc22.x86_64
systemd-python-219-25.fc22.x86_64
systemd-compat-libs-219-25.fc22.x86_64

How reproducible:
always

Steps to Reproduce:
1. boot
2. systemd-logind, firewalld, others fail to start

Additional info:

Lots of selinux deny messages in the audit log such as this:

type=USER_AVC msg=audit(1448852007.264:919): pid=703 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=Hello dest=org.freedesktop.DBus spid=1614 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=dbus  exe="?" sauid=81 hostname=? addr=? terminal=?' 

I assumed this was a relabeling issue, set /.autorelabel, rebooted, no change.

Next, grepped the audit log and piped to audit2allow, but for every single rule it generated, it warned that the avc is allowed by current policy (see attachment).

Next, rebooted with selinux=0, but no change. So now I'm thinking this has nothing to do with selinux.
Comment 1 Kamil Dudka 2015-11-30 05:54:54 EST
systemd-logind is installed by the systemd package, not by the basesystem package, which is a meta-package only, thus installs no files at all.
Comment 2 Zbigniew Jędrzejewski-Szmek 2015-11-30 08:46:53 EST
Does it work if you reboot and set 'setenforce=0' on the kernel command line?
Comment 3 Kent Yoder 2015-11-30 10:43:37 EST
Thanks Kamil.

Zbigniew: I haven't tried setenforce=0 on the kernel command line, only selinux=0, which didn't change anything.

I have tried this: logging in using single user mode, then `telinit 3`, then `setenforce 0` on the command line. At that point I tried manually doing `systemctl start systemd-logind.service`, which failed, and the console logged the avc denied error I listed above (or at least looked very similiar, I'm not positive it was the exact same).

This makes no sense to me. I'll rpm verify my selinux packages this evening to see if something's been corrupted.
Comment 4 Kent Yoder 2015-11-30 20:20:34 EST
rpm -qa --verify showed that / was mode 0600. Set it to 0755 and everything returned to normal. systemd-logind starts, all other services start up ok.

Closing.

Note You need to log in before you can comment on or make changes to this bug.