Description of problem: Fedora: 5.10.10-200.fc33.x86_64 Fedora won't boot anymore. First boot error message: [FAILED] Failed to start D-Bus System Message Bus. boot log: https://pastebin.com/wLQkDz3V After disabling SElinux in /etc/sysconfig/selinux, it boots again. Since the last working boot, I dnf updated a few packages. dnf history: https://pastebin.com/uVFqvwF0 Output from journalctl -u dbus-broker.service for the relevant boot: https://pastebin.com/ME6UkCmy SElinux audit log (grep dbus /var/log/audit/audit.log): https://pastebin.com/fgnDXhE5 I have already tried uninstalling everything nvidia-related, and it didn't help.
Meanwhile, I have reinstalled dbus-common dbus-daemon and upgraded the kernel, but I still cannot enable SElinux.
In permissive I can boot - in enforced it is NOT possible.
The `dbus-broker-27` RPM in rawhide now improves this log-message and includes the file-path. Until then, can you check whether `/usr/share/dbus-1/contexts/dbus_contexts/` is accessible by the `dbus` user, and that you did not place any files in there which have restricted access-modifiers?
I cannot find that folder: `/usr/share/dbus-1/contexts/`
(In reply to fattony4 from comment #4) > I cannot find that folder: `/usr/share/dbus-1/contexts/` Ah, sorry, those are stored in the SELinux directory. This should be `/etc/selinux/targeted/contexts/dbus_contexts`. Alternatively, `find / -name "dbus_contexts"` should be able to locate it.
(I know that I did not place any files in there.) About `/etc/selinux/targeted/contexts/dbus_contexts`: I could not log in as `dbus` user and check that way. Not sure the following output contains the answer to what you're looking for. $ namei -l /etc/selinux/targeted/contexts/dbus_contexts f: /etc/selinux/targeted/contexts/dbus_contexts drwxr-xr-x root root / drwxr-xr-x root root etc drwxr-xr-x root root selinux drwxr-xr-x root root targeted drwxr-xr-x root root contexts -rw-r--r-- root root dbus_contexts $ stat /etc/selinux/targeted/contexts/dbus_contexts File: /etc/selinux/targeted/contexts/dbus_contexts Size: 195 Blocks: 8 IO Block: 4096 regular file Device: 23h/35d Inode: 797311 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root) Context: system_u:object_r:default_context_t:s0 Access: 2021-02-18 17:59:34.086414561 +0100 Modify: 2021-01-15 11:23:04.000000000 +0100 Change: 2021-01-17 14:38:31.338905110 +0100 Birth: 2021-01-17 14:38:31.338905110 +0100 $ ls -lZ /etc/selinux/targeted/contexts/dbus_contexts -rw-r--r--. 1 root root system_u:object_r:default_context_t:s0 195 Jan 15 11:23 /etc/selinux/targeted/contexts/dbus_contexts $ getfattr -m security.selinux -d /etc/selinux/targeted/contexts/dbus_contexts # file: etc/selinux/targeted/contexts/dbus_contexts security.selinux="system_u:object_r:default_context_t:s0" If this is not useful, please tell me how to check.
I installed dbus-broker-27-2.fc35 from here: https://src.fedoraproject.org/rpms/dbus-broker Here's the output from `journalctl -u dbus-broker.service`, with some comments added (##): https://pastebin.com/qfxzFUBU Relevant line: dbus-broker-launch[2130]: Access denied in /usr/share/dbus-1/system.d/com.teamviewer.TeamViewer.Daemon.conf +1: /usr/share/dbus-1/system.d/com.teamviewer.TeamViewer.Daemon.conf It seems TeamViewer caused my problem! After uninstalling the package, I can enable SElinux again! Thanks for your help.
(In reply to fattony4 from comment #7) > I installed dbus-broker-27-2.fc35 from here: > https://src.fedoraproject.org/rpms/dbus-broker > > Here's the output from `journalctl -u dbus-broker.service`, with some > comments added (##): https://pastebin.com/qfxzFUBU > > Relevant line: > dbus-broker-launch[2130]: Access denied in > /usr/share/dbus-1/system.d/com.teamviewer.TeamViewer.Daemon.conf +1: > /usr/share/dbus-1/system.d/com.teamviewer.TeamViewer.Daemon.conf > > It seems TeamViewer caused my problem! After uninstalling the package, I can > enable SElinux again! > > Thanks for your help. Thank you very much for confirming this! I assume TeamViewer was installed via a 3rd party repository? In that case, I will just close this. If this is actually part of Fedora, let me know and I will try to put the right people on CC. Sorry for the delay, but I was tracking down some other bugs this week, and it took a few days. Thanks for the fast responses and trying the preliminary builds! If there is anything left for me to do, please don't hesitate to re-open this!
No problem, thanks for your effort! I installed the TeamViewer rpm from https://www.teamviewer.com/download/linux/ some time ago. It automatically adds a repository. I have tried to install it again, and it leads to the same error on boot. Created a ticket on the TeamViewer community: https://community.teamviewer.com/English/discussion/111272/cannot-boot-with-teamviewer-installed-and-selinux-enabled/