From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1 Description of problem: System upgraded to rawhide 2006-01-26 I was previosuly using selinux=0 due to baddly labelled security contexts Today I realised that selinux=0 remained in my grub.conf, so removed it and rebooted, system not bootable due to ld.so.cache and libuuid.so.1.2 being blocked. Version-Release number of selected component (if applicable): rawhide 2006-01-26 How reproducible: Didn't try Steps to Reproduce: 1. happens every boot with selinux enabled, not tried fresh install .... 2. 3. Actual Results: security: 3 users, 6 roles, 1117 types, 132 bools, 1 sens, 256 cats security: 55 classes, 37531 rules SELinux: Completing initialization. SELinux: Setting up existing superblocks. SELinux: initialized (dev dm-0, type ext3), uses xattr SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs SELinux: initialized (dev debugfs, type debugfs), uses genfs_contexts SELinux: initialized (dev selinuxfs, type selinuxfs), uses genfs_contexts SELinux: initialized (dev mqueue, type mqueue), uses transition SIDs SELinux: initialized (dev hugetlbfs, type hugetlbfs), uses genfs_contexts SELinux: initialized (dev devpts, type devpts), uses transition SIDs SELinux: initialized (dev eventpollfs, type eventpollfs), uses genfs_contexts Losing some ticks... checking if CPU frequency changed. SELinux: initialized (dev inotifyfs, type inotifyfs), uses genfs_contexts SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs SELinux: initialized (dev futexfs, type futexfs), uses genfs_contexts SELinux: initialized (dev pipefs, type pipefs), uses task SIDs SELinux: initialized (dev sockfs, type sockfs), uses task SIDs SELinux: initialized (dev cpuset, type cpuset), not configured for labeling SELinux: initialized (dev proc, type proc), uses genfs_contexts SELinux: initialized (dev bdev, type bdev), uses genfs_contexts SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts INIT: version 2.86 booting audit(1138364602.246:2): avc: denied { read } for pid=437 comm="hostname" name="ld.so.cache" dev=dm-0 ino=69273384 scontext=system_u:system_r:hostname_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file audit(1138364602.370:3): avc: denied { execute } for pid=440 comm="mount" name="libuuid.so.1.2" dev=dm-0 ino=93388904 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file mount: error while loadaudit(1138364602.390:4): avc: denied { execute } for pid=441 comm="mount" name="libuuid.so.1.2" dev=dm-0 ino=93388904 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file ing shared libraaudit(1138364602.410:5): avc: denied { execute } for pid=442 comm="mount" name="libuuid.so.1.2" dev=dm-0 ino=93388904 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file ries: libuuid.so.1: failed to map segment from shared object: Permission denied mount: error while loading shared libraries: libuuid.so.1: failed to map segment from shared object: Permission denied Welcome to Fedora Core Press 'I' to enter interactive startup. audit(1138364603.126:6): avc: denied { read } for pid=455 comm="hwclock" name="ld.so.cache" dev=dm-0 ino=69273384 scontext=system_u:system_r:hwclock_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file Setting clock (utc): Fri Jan 27 12:23:24 GMT 2006 [ OK ] Starting udev:[ OK ] mount: error while loading shared libraries: libuuid.so.1: failed to map segment from shared object: Permission denied Setting hostname htpc.lan: [ OK ] No RAID disks Setting up Logical Volume Management: 2 logical volume(s) in volume group "vg00" now active [ OK ] Checking filesystems fsck: error while loading shared libraries: libuuid.so.1: cannot open shared object file: No such file or directory [FAILED] *** An error occurred during the file system check. *** Dropping you to a shell; the system will reboot *** when you leave the shell. *** Warning -- SELinux is active *** Disabling security enforcement for system recovery. *** Run 'setenforce 1' to reenable. Give root password for maintenance Additional info:
You need to relabel your system. touch /.autorelabel reboot You might have to boot in permissive mode. Any time you run with selinux=0 files will get mislabeled. You are always better to boot with enforcing=0 so that file contexts are maintained.
the relabel fixed it, is the mere presence of the .autorelabel the trigger, or it's timestamp relative to something else? Thanks for the enforcing=0 tip too, I still have quite a blindspot about selinux, so it seems that jumping to selinx=0 can be a short term cure, but longer term headache, though many people on the devel and test lists recommend selinux=0 at the first hint of an selinux issue :-(
That is unfortunate. Next time you see it maybe you can make this comment.