Description of problem: SELinux is set to enforcing, policy is targeted. When booting the new kernel after updating today (kernel, selinux, etc) the system won't boot. It goes to system maintenance. Giving the root password only / is mounted (it looks like the contexts for the LVM devices are incorrect, so it can't access them). Only disabling SELinux completely (selinux=0 on the kernel line) seems to be able to continue. "fixfiles relabel" doesn't fix the problem. Version-Release number of selected component (if applicable): selinux-policy-targeted-2.1.6-22 How reproducible: Always Steps to Reproduce: 1. Boot 2. 3. Actual results: Expected results: Additional info:
Could you check to see if the problem is with libsetrans. Edit the /etc/selinux/targeted/setrans.conf and uncomment the disable line and see if it boots. A new version of libsetrans is available at Available on ftp://people.redhat.com/dwalsh/SELinux/Fedora/x86_64
The above edit to setrans.conf 'fixes' this for my x86 system too. [BTW, I could boot by using 'enforcing=0' instead of 'selinux=0']
Ok try the new version of libsetrans available on ftp://people.redhat.com/dwalsh/SELinux/Fedora/ And you can turn back on translations.
libsetrans-0.1.14-1 and enabling translations WFM. Thanks.
Same problem on i686 here. I'll try the new packages and I'll report back.
A little bit better, but now I have a problem with fixfiles. It won't run - it just prints the usage for setfiles instead. I noticed that policycoreutils got updated today as well...
I don't know if the arch as 64-bit matters. I ran into several packages that would download via yum but not actually install. I had to drop to selinux=0 single and run rpm -Uvh from the packages contained in the cache for yum. Audit log attached. I did not relabel my system yet. I started the network service and ran yum from single user mode and several packages would not install but are available. Audit log will be attached next. Updated Packages hpijs.i386 1:0.9.7-6 development hplip.i386 0.9.7-6 development libsane-hpaio.i386 0.9.7-6 development net-snmp-libs.i386 5.3-1 development
Created attachment 122752 [details] audit log kdeutils-3.5.0-2.i386.rpm kdeutils-devel-3.5.0-2.i386.rpm and some php elements seem to be causing problems. I hope the log helps. System only had missing files from mozilla and cups that were discussed on the test-list. Exit
Created attachment 122800 [details] dmesg after relabeling After updating system, dropping to runlevel 1 and verifying packages installed using 2.6.15-1.1819_FC5, I relabeled the system and rebooted with minor errors related to /dev/hda6. df Filesystem 1K-blocks Used Available Use% Mounted on /dev/hda2 16425032 4878912 10698292 32% / /dev/hda1 101086 12210 83657 13% /boot /dev/shm 322364 0 322364 0% /dev/shm /dev/hda3 9920624 978660 8429896 11% /home /dev/hda6 10605128 261408 9796308 3% /var # rpm -qa |grep policy selinux-policy-2.1.6-24 checkpolicy-1.28-2 policycoreutils-1.29.2-10 selinux-policy-targeted-2.1.6-24 The system seems to be mostly successful. Errors submitted for remaining errors.
Indeed today's stuff does work. However, the stangest thing happened on filesystem relabel during boot (forced by switch to SELinux enforcing) - my notebook rebooted in the middle of it. File systems were dirty after the reboot, so it wasn't a "planned" event. Later on, I relabeled from runlevel 5 successfully. No idea what caused this. Kernel bug?