Description of problem: The current test1 cannot boot with an enabled targeted policy and a xfs root file system as fsck.xfs isn't allowed to check the file system How reproducible: Install Test1 on a xfs file system Actual results (messages while booting): Checking all file systems. [/sbin/fsck.xfs (1) -- /] fsck.xfs -a /dev/md1 fsck.xfs: Permission denied [FAILED] *** An error occurred during the file system check. *** Dropping you to a shell; the system will reboot *** when you leave the shell. *** Warning -- SELinux is active *** Disabling security enforcement for system recovery. *** Run 'setenforce 1' to reenable. Give root password for maintenance (or type Control-D to continue): And here are the avc messages: audit(1154600649.174:3): avc: denied { execute } for pid=1055 comm="fsck" name="bash" dev=md1 ino=335684494 scontext=system_u:system_r:fsadm_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file audit(1154600649.174:4): avc: denied { read } for pid=1055 comm="fsck" name="bash" dev=md1 ino=335684494 scontext=system_u:system_r:fsadm_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file Expected results: fsck.xfs checks the file system Additional info: The system boots fine with enforcing=0
Fixed in selinux-policy-2.3.14-4
Fedora Core 5 and Fedora Core 6 are, as we're sure you've noticed, no longer test releases. We're cleaning up the bug database and making sure important bug reports filed against these test releases don't get lost. It would be helpful if you could test this issue with a released version of Fedora or with the latest development / test release. Thanks for your help and for your patience. [This is a bulk message for all open FC5/FC6 test release bugs. I'm adding myself to the CC list for each bug, so I'll see any comments you make after this and do my best to make sure every issue gets proper attention.]
All fixed in the current release