Bug 166010 - Selinux doesn't allow logins after putting backed up harddrive data back
Selinux doesn't allow logins after putting backed up harddrive data back
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
4
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-08-15 15:05 EDT by Laurens Buhler
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-08-25 15:18:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Laurens Buhler 2005-08-15 15:05:00 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc4 Firefox/1.0.6

Description of problem:
Due to a problem with partitioning I had to move my FC4 installation to another HD. Then repartition with the partition table altered from before and then putting the data back. 
- I used the FC4 rescuecd and a cp -a command to recopy the files to the original harddrive. 
- I then mount -o binded /proc /sys and /dev to the original HD and chrooted, ran: source /etc/profile
- I made grub work again using the grub console and corrected fstab so that the new partitioning would be mapped correctly
- I rebooted and found myself unable to login
- Logged in with "selinux=0" passed to the grub commandline, used the securitylevel (X, not console) program to make selinux relabel itself, rebooted
- Selinux relabeled itself, rebooted and login failed again
- Logged in with selinux=0 once again, ran: "fixfiles relabel" as root, told it to clean up /tmp aswell, rebooted. It started relabeling again, rebooted after that.
- No more login problems from that point on

Version-Release number of selected component (if applicable):
libselinux-1.23.10-2
selinux-policy-targeted-1.25.3-9, libselinux-1.23.10-2

How reproducible:
Didn't try

Steps to Reproduce:
As you can read this is too much of a hassle to reproduce
  

Actual Results:  At one time in the process getting my FC4 installation working again did relabeling not work.

Expected Results:  It should have allowed me to login again.

Additional info:

System specs: 

Kernel: Linux 2.6.12-1.1398_FC4 
Distro: Fedora Core release 4 (Stentz)
CPU: AMD-K7(tm) Processor @ 601 Mhz
Mem usage: 125.6/503.3 MB (25%)
Swap usage: 0/682.4 MB (0%)
Disk usage(Maxtor 92049U6): 4.5/17.4 GB (26%)
X.org: 6.8.2
Videocard: S3 Inc. Savage 4
Res: 1152x864, 24-bits
Audio: VIA Technologies, Inc. VT82C686 AC97 Audio Controller
Ethernet: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+

Some avc denied messages from my failed login attempts:

Aug 15 19:43:21 server kernel: audit(1124127801.264:3): avc:  denied  { transition } for  pid=2502 comm="gdm-binary" name="Xsession" dev=hda5 ino=4453503 scontext=system_u:system_r:kernel_t tcontext=user_u:system_r:unconfined_t tclass=process
Aug 15 19:43:30 server kernel: audit(1124127810.500:4): avc:  denied  { transition } for  pid=2525 comm="gdm-binary" name="Xsession" dev=hda5 ino=4453503 scontext=system_u:system_r:kernel_t tcontext=root:system_r:unconfined_t tclass=process
Aug 15 19:44:09 server kernel: audit(1124127849.662:5): avc:  denied  { transition } for  pid=2636 comm="gdm-binary" name="xterm" dev=hda5 ino=2161777 scontext=system_u:system_r:kernel_t tcontext=user_u:system_r:unconfined_t tclass=process
Aug 15 19:44:30 server login[2247]: Warning!  Could not relabel /dev/tty1 with root:object_r:tty_device_t, not relabeling.Permission denied
Aug 15 19:44:30 server kernel: audit(1124127870.228:6): avc:  denied  { relabelto } for  pid=2247 comm="login" name="tty1" dev=tmpfs ino=2307 scontext=system_u:system_r:kernel_t tcontext=root:object_r:tty_device_t tclass=chr_file
Aug 15 19:44:30 server kernel: audit(1124127870.232:7): avc:  denied  { transition } for  pid=2661 comm="login" name="bash" dev=hda5 ino=2095194 scontext=system_u:system_r:kernel_t tcontext=root:system_r:unconfined_t tclass=process
Aug 15 19:45:42 server login[2663]: Warning!  Could not relabel /dev/tty1 with root:object_r:tty_device_t, not relabeling.Permission denied
Aug 15 19:45:42 server kernel: audit(1124127942.710:8): avc:  denied  { relabelto } for  pid=2663 comm="login" name="tty1" dev=tmpfs ino=2307 scontext=system_u:system_r:kernel_t tcontext=root:object_r:tty_device_t tclass=chr_file
Aug 15 19:45:42 server kernel: audit(1124127942.714:9): avc:  denied  { transition } for  pid=2664 comm="login" name="bash" dev=hda5 ino=2095194 scontext=system_u:system_r:kernel_t tcontext=root:system_r:unconfined_t tclass=process
Aug 15 20:01:28 server kernel: audit(1124128657.209:3): avc:  denied  { relabelto } for  pid=1323 comm="setfiles" name="martin" dev=hda5 ino=916610 scontext=system_u:system_r:kernel_t tcontext=user_u:object_r:user_home_dir_t tclass=dir
Aug 15 20:01:28 server kernel: audit(1124128657.211:4): avc:  denied  { relabelto } for  pid=1323 comm="setfiles" name=".bash_history" dev=hda5 ino=916611 scontext=system_u:system_r:kernel_t tcontext=user_u:object_r:user_home_t tclass=file
Comment 1 Daniel Walsh 2005-08-16 11:29:17 EDT
You need to relabel.  
touch /.autorelabel
reboot


Note You need to log in before you can comment on or make changes to this bug.