Created attachment 1627420 [details] journalctl -b -3 full output Description of problem: When rebasing Silverblue from F30 to F31 systemd-logind won't start with selinux errors Version-Release number of selected component (if applicable): How reproducible: rpm-ostree rebase fedora:fedora/31/x86_x64/silverblue Steps to Reproduce: 1. rpm-ostree rebase fedora:fedora/31/x86_x64/silverblue 2. systemctl reboot 3. Actual results: System will not boot to login screen with errors such as: Oct 19 08:51:52 xps13 systemd[920]: systemd-logind.service: Failed to set up special execution directory in /var/lib: Permission denied Oct 19 08:51:52 xps13 systemd[920]: systemd-logind.service: Failed at step STATE_DIRECTORY spawning /sbin/modprobe: Permission denied Expected results: System boots normally Additional info: Running restorecon on /var/lib/systemd/linger or /sysroot/ostree/deploy/fedora/var/lib/systemd/linger does not seem to help System can be booted with selinux=0 kernel parameter Seems to be similar or same issue as CLOSED and NOTABUG https://bugzilla.redhat.com/show_bug.cgi?id=1753404 https://bugzilla.redhat.com/show_bug.cgi?id=1734831 But this does not seem to be resolved for Silverblue
I'm also affected by this. I've got the stock selinux policy and haven't run any loginctl disable/enable-linger commands.
Hi All, Could you please boot in permissive mode and attach output of: # ausearch -m AVC -ts boot Thanks, Lukas.
Here you go... Thanks! [root@xps13 ~]# ausearch -m AVC -ts boot ---- time->Thu Oct 31 21:45:30 2019 type=AVC msg=audit(1572558330.228:99): avc: denied { read } for pid=916 comm="(modprobe)" name="linger" dev="dm-0" ino=2621453 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:systemd_logind_var_lib_t:s0 tclass=dir permissive=1 ---- time->Thu Oct 31 21:45:30 2019 type=AVC msg=audit(1572558330.232:100): avc: denied { mounton } for pid=916 comm="(modprobe)" path="/run/systemd/unit-root/var/lib/systemd/linger" dev="dm-0" ino=2621453 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:systemd_logind_var_lib_t:s0 tclass=dir permissive=1 ---- time->Thu Oct 31 21:45:42 2019 type=AVC msg=audit(1572558342.360:205): avc: denied { unlink } for pid=949 comm="NetworkManager" name="internal-17f7861f-8422-4f6c-ae9c-7567648e7555-wlp2s0.lease" dev="dm-0" ino=4194464 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 [root@xps13 ~]#
*** Bug 1767749 has been marked as a duplicate of this bug. ***
The command returns nothing for me when booted on commit 1f77b254e196f244b20f14e0bac895ca151dd90dd18e0431e716ee1dbbe3f06e
My output of sudo ausearch -m AVC -ts boot : ---- time->Fri Nov 1 10:20:14 2019 type=AVC msg=audit(1572600014.309:93): avc: denied { read } for pid=1008 comm="firewalld" name="site-packages" dev="dm-2" ino=1187855 scontext=system_u:system_r:firewalld_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=dir permissive=1 ---- time->Fri Nov 1 10:20:14 2019 type=AVC msg=audit(1572600014.453:99): avc: denied { read } for pid=1067 comm="(modprobe)" name="linger" dev="dm-2" ino=1106050 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:systemd_logind_var_lib_t:s0 tclass=dir permissive=1 ---- time->Fri Nov 1 10:20:14 2019 type=AVC msg=audit(1572600014.457:100): avc: denied { mounton } for pid=1067 comm="(modprobe)" path="/run/systemd/unit-root/var/lib/systemd/linger" dev="dm-2" ino=1106050 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:systemd_logind_var_lib_t:s0 tclass=dir permissive=1 ---- time->Fri Nov 1 10:20:31 2019 type=AVC msg=audit(1572600031.049:214): avc: denied { read } for pid=1131 comm="gdbus" path="/var/home/<username>/.local/share/icc/edid-6608c115f4ad7a4dbfc8db2e8900a4ac.icc" dev="dm-5" ino=4194434 scontext=system_u:system_r:colord_t:s0 tcontext=unconfined_u:object_r:default_t:s0 tclass=file permissive=1 ---- time->Fri Nov 1 10:20:31 2019 type=AVC msg=audit(1572600031.599:215): avc: denied { getattr } for pid=1131 comm="colord" path="/var/home/<username>/.local/share/icc/edid-6608c115f4ad7a4dbfc8db2e8900a4ac.icc" dev="dm-5" ino=4194434 scontext=system_u:system_r:colord_t:s0 tcontext=unconfined_u:object_r:default_t:s0 tclass=file permissive=1 ---- time->Fri Nov 1 10:20:31 2019 type=AVC msg=audit(1572600031.600:216): avc: denied { map } for pid=1131 comm="colord" path="/var/home/<username>/.local/share/icc/edid-6608c115f4ad7a4dbfc8db2e8900a4ac.icc" dev="dm-5" ino=4194434 scontext=system_u:system_r:colord_t:s0 tcontext=unconfined_u:object_r:default_t:s0 tclass=file permissive=1 ---- time->Fri Nov 1 10:20:31 2019 type=AVC msg=audit(1572600031.768:219): avc: denied { getattr } for pid=1131 comm="colord" path="/var/home/<username>/.local/share/icc/edid-d81dc20af206bf6dc271920a1c71c4b3.icc" dev="dm-5" ino=4195613 scontext=system_u:system_r:colord_t:s0 tcontext=unconfined_u:object_r:default_t:s0 tclass=file permissive=1 ---- time->Fri Nov 1 10:20:31 2019 type=AVC msg=audit(1572600031.768:220): avc: denied { read } for pid=1131 comm="colord" path="/var/home/<username>/.local/share/icc/edid-d81dc20af206bf6dc271920a1c71c4b3.icc" dev="dm-5" ino=4195613 scontext=system_u:system_r:colord_t:s0 tcontext=unconfined_u:object_r:default_t:s0 tclass=file permissive=1 ---- time->Fri Nov 1 10:20:31 2019 type=AVC msg=audit(1572600031.768:221): avc: denied { map } for pid=1131 comm="colord" path="/var/home/<username>/.local/share/icc/edid-d81dc20af206bf6dc271920a1c71c4b3.icc" dev="dm-5" ino=4195613 scontext=system_u:system_r:colord_t:s0 tcontext=unconfined_u:object_r:default_t:s0 tclass=file permissive=1
Hi All, All the AVCs should be fixed in the latest version of selinux-policy for Fedora 31. For AVCs with unlabeled_t please run: # restorecon -Rv / and for default_t AVcs please run: # semanage fcontext -a -e /home /var/home # restorecon -Rv /var/ Thanks, Lukas.
Is it save to run # restorecon -Rv / on silverblue? According to https://bugzilla.redhat.com/show_bug.cgi?id=1259018#c17 this command should not be run on ostree-based systems.
This still doesn't work
If someone finds this through a search, here is at least a workaround from discussion.fedoraproject.org: https://discussion.fedoraproject.org/t/selinux-still-a-problem-for-f31-rebase/10688/2?u=boydkelly let the boot fail, then reboot into rescue mode and run journalctl -b-1 | grep -A20 'Starting Login' | audit2allow -M mylogind, then semodule -i mylogind. Terrible, but the system now boots in enforcing mode until I find a better fix. Its regrettable that problems are closed as notabug without any user confirmation. This is clearly a bug, and could be solved more efficiently with user interaction.
Boyd, Could you please share with me the output files of command: "# audit2allow -M mylogind" ? I can look on the rules and add them to the distribution policy. THanks, Lukas
I just tried rebasing from f30 to f31 last night and encountered this exact same bug. It is most definitely still a problem.
Its weird, I can't even run audit2allow -M mylogind It just hangs....
(In reply to Lukas Vrabec from comment #11) > Could you please share with me the output files of command: "# audit2allow > -M mylogind" ? I can look on the rules and add them to the distribution > policy. If I run # journalctl -b-1 | grep -A20 'Starting Login' | audit2allow -M mylogind the resulting mylogind.te file looks as following: module mylogind 1.0; require { type init_t; type systemd_logind_var_lib_t; class dir read; } #============= init_t ============== allow init_t systemd_logind_var_lib_t:dir read;
Hi, Is this the only one allow rule? Because it's allowed by default in distribution policy (selinux-policy rpm package) rpm -q selinux-policy selinux-policy-3.14.5-5.fc32.noarch # sesearch -A -s init_t -t systemd_logind_var_lib_t -c dir -p read allow init_t file_type:dir { getattr ioctl lock open read relabelfrom relabelto search }; allow init_t systemd_mount_directory:dir { create getattr ioctl lock mounton open read search }; Thanks, Lukas.
(In reply to Lukas Vrabec from comment #15) > Is this the only one allow rule? At least it is the only rule returned by executing the command # journalctl -b-1 | grep -A20 'Starting Login' | audit2allow -M mylogind > Because it's allowed by default in > distribution policy (selinux-policy rpm package) > > rpm -q selinux-policy > selinux-policy-3.14.5-5.fc32.noarch # rpm -q selinux-policy selinux-policy-3.14.4-39.fc31.noarch > > # sesearch -A -s init_t -t systemd_logind_var_lib_t -c dir -p read > allow init_t file_type:dir { getattr ioctl lock open read relabelfrom > relabelto search }; > allow init_t systemd_mount_directory:dir { create getattr ioctl lock mounton > open read search }; # sesearch -A -s init_t -t systemd_logind_var_lib_t -c dir -p read returns nothing
Hi jonubulin, Issue is fixed in -40.fc31 # sesearch -A -s init_t -t systemd_logind_var_lib_t -c dir -p read allow init_t file_type:dir { getattr ioctl lock open read relabelfrom relabelto search }; allow init_t systemd_mount_directory:dir { create getattr ioctl lock mounton open read search }; Thanks, Lukas.
Unfortunately this is still an issue on my system, even tough I updated to the new selinux policy version. # rpm -q selinux-policy selinux-policy-3.14.4-40.fc31.noarch # sesearch -A -s init_t -t systemd_logind_var_lib_t -c dir -p read still no output Maybe it is a issue specific to Silverblue?
# rpm -q selinux-policy selinux-policy-3.14.3-52.fc30.noarch # rpm-ostree status State: idle AutomaticUpdates: check; rpm-ostreed-automatic.timer: no runs since boot Deployments: ostree://fedora:fedora/31/x86_64/silverblue Version: 31.20191118.0 (2019-11-18T00:40:47Z) BaseCommit: 80944945d229dc557bc8c2b9e49c7bfbe055cc7b5537bcf8b9aa6893061e1fc4 GPGSignature: Valid signature by 7D22D5867F2A4236474BF7B850CB390B3C3359C4 Diff: 1279 upgraded, 4 downgraded, 15 removed, 33 added LayeredPackages: libvirt libvirt-client libvirt-daemon-kvm libvirt-devel qemu-kvm samba virt-install virt-manager ● ostree://fedora:fedora/30/x86_64/silverblue Version: 30.20191118.0 (2019-11-18T00:46:57Z) BaseCommit: dc602503781b077644b5afb7754624a1e9aa197dcccd348add4ddd23552b0213 GPGSignature: Valid signature by F1D8EC98F241AAF20DF69420EF3C111FCFC659B9 LayeredPackages: libvirt libvirt-client libvirt-daemon-kvm libvirt-devel qemu-kvm samba virt-install virt-manager Pinned: yes # journalctl -b-1 | grep -A20 'Starting Login' Nov 18 14:13:39 washer systemd[1]: Starting Login Service... Nov 18 14:13:39 washer systemd[1]: Stopped Daemon for power management. Nov 18 14:13:39 washer systemd[761]: systemd-logind.service: Failed to set up special execution directory in /var/lib: Permission denied Nov 18 14:13:39 washer systemd[761]: systemd-logind.service: Failed at step STATE_DIRECTORY spawning /sbin/modprobe: Permission denied Nov 18 14:13:39 washer audit[761]: AVC avc: denied { read } for pid=761 comm="(modprobe)" name="linger" dev="sde5" ino=1706700 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:systemd_logind_var_lib_t:s0 tclass=dir permissive=0 Nov 18 14:13:39 washer audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=upower comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Nov 18 14:13:39 washer audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=upower comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Nov 18 14:13:39 washer systemd[1]: Starting Daemon for power management... Nov 18 14:13:39 washer systemd[765]: upower.service: Failed to set up special execution directory in /var/lib: Permission denied Nov 18 14:13:39 washer systemd[765]: upower.service: Failed at step STATE_DIRECTORY spawning /usr/libexec/upowerd: Permission denied Nov 18 14:13:39 washer audit[765]: AVC avc: denied { read } for pid=765 comm="(upowerd)" name="upower" dev="sde5" ino=1441816 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:devicekit_var_lib_t:s0 tclass=dir permissive=0 Nov 18 14:13:39 washer audit[766]: AVC avc: denied { read } for pid=766 comm="(d-logind)" name="linger" dev="sde5" ino=1706700 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:systemd_logind_var_lib_t:s0 tclass=dir permissive=0 Nov 18 14:13:39 washer systemd[766]: systemd-logind.service: Failed to set up special execution directory in /var/lib: Permission denied Nov 18 14:13:39 washer systemd[766]: systemd-logind.service: Failed at step STATE_DIRECTORY spawning /usr/lib/systemd/systemd-logind: Permission denied Nov 18 14:13:39 washer systemd[1]: upower.service: Main process exited, code=exited, status=238/STATE_DIRECTORY Nov 18 14:13:39 washer systemd[1]: upower.service: Failed with result 'exit-code'. Nov 18 14:13:39 washer systemd[1]: Failed to start Daemon for power management. Nov 18 14:13:39 washer audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=upower comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' Nov 18 14:13:39 washer systemd[1]: systemd-logind.service: Main process exited, code=exited, status=238/STATE_DIRECTORY Nov 18 14:13:39 washer systemd[1]: systemd-logind.service: Failed with result 'exit-code'. Nov 18 14:13:39 washer audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' -- Nov 18 14:13:39 washer systemd[1]: Starting Login Service... Nov 18 14:13:39 washer audit[771]: AVC avc: denied { read } for pid=771 comm="(modprobe)" name="linger" dev="sde5" ino=1706700 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:systemd_logind_var_lib_t:s0 tclass=dir permissive=0 Nov 18 14:13:39 washer systemd[771]: systemd-logind.service: Failed to set up special execution directory in /var/lib: Permission denied Nov 18 14:13:39 washer systemd[771]: systemd-logind.service: Failed at step STATE_DIRECTORY spawning /sbin/modprobe: Permission denied Nov 18 14:13:39 washer audit[772]: AVC avc: denied { read } for pid=772 comm="(d-logind)" name="linger" dev="sde5" ino=1706700 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:systemd_logind_var_lib_t:s0 tclass=dir permissive=0 Nov 18 14:13:39 washer systemd[772]: systemd-logind.service: Failed to set up special execution directory in /var/lib: Permission denied Nov 18 14:13:39 washer systemd[772]: systemd-logind.service: Failed at step STATE_DIRECTORY spawning /usr/lib/systemd/systemd-logind: Permission denied Nov 18 14:13:39 washer systemd[1]: systemd-logind.service: Main process exited, code=exited, status=238/STATE_DIRECTORY Nov 18 14:13:39 washer systemd[1]: systemd-logind.service: Failed with result 'exit-code'. Nov 18 14:13:39 washer systemd[1]: Failed to start Login Service. Nov 18 14:13:39 washer audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' Nov 18 14:13:39 washer systemd[1]: systemd-logind.service: Service has no hold-off time (RestartSec=0), scheduling restart. Nov 18 14:13:39 washer systemd[1]: systemd-logind.service: Scheduled restart job, restart counter is at 2. Nov 18 14:13:39 washer systemd[1]: Stopped Login Service. Nov 18 14:13:39 washer audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Nov 18 14:13:39 washer audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Nov 18 14:13:39 washer systemd[1]: Starting Login Service... Nov 18 14:13:39 washer audit[775]: AVC avc: denied { read } for pid=775 comm="(modprobe)" name="linger" dev="sde5" ino=1706700 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:systemd_logind_var_lib_t:s0 tclass=dir permissive=0 Nov 18 14:13:39 washer systemd[775]: systemd-logind.service: Failed to set up special execution directory in /var/lib: Permission denied Nov 18 14:13:39 washer systemd[775]: systemd-logind.service: Failed at step STATE_DIRECTORY spawning /sbin/modprobe: Permission denied Nov 18 14:13:39 washer audit[776]: AVC avc: denied { read } for pid=776 comm="(d-logind)" name="linger" dev="sde5" ino=1706700 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:systemd_logind_var_lib_t:s0 tclass=dir permissive=0 Nov 18 14:13:39 washer systemd[776]: systemd-logind.service: Failed to set up special execution directory in /var/lib: Permission denied Nov 18 14:13:39 washer systemd[776]: systemd-logind.service: Failed at step STATE_DIRECTORY spawning /usr/lib/systemd/systemd-logind: Permission denied Nov 18 14:13:39 washer systemd[1]: systemd-logind.service: Main process exited, code=exited, status=238/STATE_DIRECTORY Nov 18 14:13:39 washer systemd[1]: systemd-logind.service: Failed with result 'exit-code'. Nov 18 14:13:39 washer systemd[1]: Failed to start Login Service. Nov 18 14:13:39 washer audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' Nov 18 14:13:39 washer systemd[1]: systemd-logind.service: Service has no hold-off time (RestartSec=0), scheduling restart. Nov 18 14:13:39 washer systemd[1]: systemd-logind.service: Scheduled restart job, restart counter is at 3. Nov 18 14:13:39 washer systemd[1]: Stopped Login Service. Nov 18 14:13:39 washer audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Nov 18 14:13:39 washer audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Nov 18 14:13:39 washer systemd[1]: Starting Login Service... Nov 18 14:13:39 washer audit[789]: AVC avc: denied { read } for pid=789 comm="(modprobe)" name="linger" dev="sde5" ino=1706700 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:systemd_logind_var_lib_t:s0 tclass=dir permissive=0 Nov 18 14:13:39 washer systemd[789]: systemd-logind.service: Failed to set up special execution directory in /var/lib: Permission denied Nov 18 14:13:39 washer systemd[789]: systemd-logind.service: Failed at step STATE_DIRECTORY spawning /sbin/modprobe: Permission denied Nov 18 14:13:39 washer audit[790]: AVC avc: denied { read } for pid=790 comm="(d-logind)" name="linger" dev="sde5" ino=1706700 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:systemd_logind_var_lib_t:s0 tclass=dir permissive=0 Nov 18 14:13:39 washer systemd[790]: systemd-logind.service: Failed to set up special execution directory in /var/lib: Permission denied Nov 18 14:13:39 washer systemd[790]: systemd-logind.service: Failed at step STATE_DIRECTORY spawning /usr/lib/systemd/systemd-logind: Permission denied Nov 18 14:13:39 washer systemd[1]: systemd-logind.service: Main process exited, code=exited, status=238/STATE_DIRECTORY Nov 18 14:13:39 washer systemd[1]: systemd-logind.service: Failed with result 'exit-code'. Nov 18 14:13:39 washer systemd[1]: Failed to start Login Service. Nov 18 14:13:39 washer audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' Nov 18 14:13:39 washer systemd[1]: systemd-logind.service: Service has no hold-off time (RestartSec=0), scheduling restart. Nov 18 14:13:39 washer systemd[1]: systemd-logind.service: Scheduled restart job, restart counter is at 4. Nov 18 14:13:39 washer systemd[1]: Stopped Login Service. Nov 18 14:13:39 washer audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Nov 18 14:13:39 washer audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Nov 18 14:13:39 washer systemd[1]: Starting Login Service... Nov 18 14:13:39 washer audit[793]: AVC avc: denied { read } for pid=793 comm="(modprobe)" name="linger" dev="sde5" ino=1706700 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:systemd_logind_var_lib_t:s0 tclass=dir permissive=0 Nov 18 14:13:39 washer systemd[793]: systemd-logind.service: Failed to set up special execution directory in /var/lib: Permission denied Nov 18 14:13:39 washer systemd[793]: systemd-logind.service: Failed at step STATE_DIRECTORY spawning /sbin/modprobe: Permission denied Nov 18 14:13:39 washer audit[794]: AVC avc: denied { read } for pid=794 comm="(d-logind)" name="linger" dev="sde5" ino=1706700 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:systemd_logind_var_lib_t:s0 tclass=dir permissive=0 Nov 18 14:13:39 washer systemd[794]: systemd-logind.service: Failed to set up special execution directory in /var/lib: Permission denied Nov 18 14:13:39 washer systemd[794]: systemd-logind.service: Failed at step STATE_DIRECTORY spawning /usr/lib/systemd/systemd-logind: Permission denied Nov 18 14:13:39 washer systemd[1]: systemd-logind.service: Main process exited, code=exited, status=238/STATE_DIRECTORY Nov 18 14:13:39 washer systemd[1]: systemd-logind.service: Failed with result 'exit-code'. Nov 18 14:13:39 washer systemd[1]: Failed to start Login Service. Nov 18 14:13:39 washer audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' Nov 18 14:13:39 washer systemd[1]: systemd-logind.service: Service has no hold-off time (RestartSec=0), scheduling restart. Nov 18 14:13:39 washer systemd[1]: systemd-logind.service: Scheduled restart job, restart counter is at 5. Nov 18 14:13:39 washer systemd[1]: Stopped Login Service. Nov 18 14:13:39 washer audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Nov 18 14:13:39 washer audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Nov 18 14:13:39 washer systemd[1]: systemd-logind.service: Start request repeated too quickly. Nov 18 14:13:39 washer systemd[1]: systemd-logind.service: Failed with result 'exit-code'. Nov 18 14:13:39 washer systemd[1]: Failed to start Login Service. Nov 18 14:13:39 washer systemd[1]: upower.service: Service RestartSec=100ms expired, scheduling restart. Nov 18 14:13:39 washer systemd[1]: upower.service: Scheduled restart job, restart counter is at 3. # df -Th Filesystem Type Size Used Avail Use% Mounted on devtmpfs devtmpfs 5.9G 0 5.9G 0% /dev tmpfs tmpfs 5.9G 91M 5.8G 2% /dev/shm tmpfs tmpfs 5.9G 1.8M 5.9G 1% /run tmpfs tmpfs 5.9G 0 5.9G 0% /sys/fs/cgroup /dev/sde3 ext4 69G 8.5G 57G 14% /sysroot tmpfs tmpfs 5.9G 64M 5.8G 2% /tmp /dev/sde5 ext4 69G 2.6G 63G 4% /var /dev/sde1 ext4 976M 144M 766M 16% /boot /dev/sde2 ext4 75G 9.5G 62G 14% /var/home /dev/sdc ext4 11T 7.5T 2.9T 73% /var/mnt/data tmpfs tmpfs 1.2G 9.2M 1.2G 1% /run/user/1000
Is there any way to provide additional information which could help to fix this issue?
I fixed the issue following the described steps in https://docs.fedoraproject.org/en-US/fedora-silverblue/troubleshooting/#_selinux_problems For whatever reason the SELinux policy was modified from the default one or wasn't updated during the upgrade to Silverblue 31. Copying the default SELinux policy shipped in the OSTree compose fixed the issue.
This message is a reminder that Fedora 31 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora 31 on 2020-11-24. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '31'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 31 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 31 changed to end-of-life (EOL) status on 2020-11-24. Fedora 31 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.