Bug 206095 - Graphical boot just shows the first service starting
Graphical boot just shows the first service starting
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
i386 Linux
medium Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-09-11 21:33 EDT by Horst H. von Brand
Modified: 2007-11-30 17:11 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-10-02 09:46:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Horst H. von Brand 2006-09-11 21:33:31 EDT
Description of problem:
The graphical boot shows just the first line of the initscripts, the spinner
spins and at the upper right the services are listed, but the main screen
doesn't show more than one line.

Version-Release number of selected component (if applicable):
initscripts-8.39-1

How reproducible:
Each boot

Steps to Reproduce:
1. Boot
2.
3.
  
Actual results:
Only one line of services recorded as starting

Expected results:
All services shown

Additional info:
Comment 1 Bill Nottingham 2006-09-11 23:00:08 EDT
Any SELinux errors?
Comment 2 Stephanos Manos 2006-09-24 10:24:07 EDT
FC6T3 + updates as of today

I have the same problem with initscripts-8.42-1.
The only thing that shows is

Setting hostname ghost.home-net				[ OK ]
Setting up Logical Volume Management:			[ OK ]
/dev/VolGroup00/LogVol00: clean ...
/boot: clean ...
Remounting root filesystem in read-write mode:		[ OK ]
Mounting local filesystems:				[ OK ]
Enabling local filesystem quotas:			[ OK ]
Enabling /etc/fstab swaps:				[ OK ]

Disabling SELinux fixes the problem but when re-enabling SELinux the problem
reemerges 
Comment 3 Bill Nottingham 2006-09-25 12:41:42 EDT
Do you have any AVC messages in the logs?
Comment 4 Stephanos Manos 2006-09-26 11:06:29 EDT
None.
Comment 5 Bill Nottingham 2006-09-26 14:05:36 EDT
CC'ing policy gurus, but I'm not sure how to best proceed without AVCs. 

What version of policy do you have installed?
Comment 6 Daniel Walsh 2006-09-26 20:25:27 EDT
I really don't understand what problem you are talking about here. 

Could you execute

semodule -b /usr/share/selinux/targeted/enableaudit.pp

And then check if any avc messages are generated related to rhgb_t or xdm_t or
initrc_t
Comment 7 Stephanos Manos 2006-09-27 13:37:27 EDT
(In reply to comment #5)
Prerior to today's updates
selinux-policy-targeted-2.3.14-6
libselinux-1.30.28-2
selinux-policy-2.3.14-6
selinux-doc-1.26-1.1
libselinux-python-1.30.28-2
rhgb-0.16.3-5.fc6

(In reply to comment #6)
> Could you execute
> semodule -b /usr/share/selinux/targeted/enableaudit.pp
> And then check if any avc messages are generated related to rhgb_t or xdm_t or
> initrc_t

[root@ghost ~]# /sbin/ausearch -m avc | grep rhgb_t
type=AVC msg=audit(1159374790.981:1823): avc:  denied  { search } for  pid=1913
comm="automount" name="1075" dev=proc ino=70451202
scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:rhgb_t:s0
tclass=dir
type=AVC msg=audit(1159374790.985:1825): avc:  denied  { search } for  pid=1913
comm="automount" name="1111" dev=proc ino=72810498
scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:rhgb_t:s0
tclass=dir
type=AVC msg=audit(1159375283.988:1822): avc:  denied  { search } for  pid=1916
comm="automount" name="1076" dev=proc ino=70516738
scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:rhgb_t:s0
tclass=dir
type=AVC msg=audit(1159375283.988:1824): avc:  denied  { search } for  pid=1916
comm="automount" name="1112" dev=proc ino=72876034
scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:rhgb_t:s0
tclass=dir
type=AVC msg=audit(1159375575.371:1822): avc:  denied  { search } for  pid=1947
comm="automount" name="1080" dev=proc ino=70778882
scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:rhgb_t:s0
tclass=dir
type=AVC msg=audit(1159375575.371:1824): avc:  denied  { search } for  pid=1947
comm="automount" name="1118" dev=proc ino=73269250
scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:rhgb_t:s0
tclass=dir
[root@ghost ~]# /sbin/ausearch -m avc | grep xdm_t
type=AVC msg=audit(1159377128.742:11842): avc:  denied  { ptrace } for  pid=2874
comm="killall" scontext=user_u:system_r:rpm_script_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1159377128.746:11843): avc:  denied  { ptrace } for  pid=2874
comm="killall" scontext=user_u:system_r:rpm_script_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1159377128.746:11844): avc:  denied  { ptrace } for  pid=2874
comm="killall" scontext=user_u:system_r:rpm_script_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1159377128.746:11845): avc:  denied  { ptrace } for  pid=2874
comm="killall" scontext=user_u:system_r:rpm_script_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=process
[root@ghost ~]# /sbin/ausearch -m avc | grep initrc_t
type=AVC msg=audit(1159374790.985:1829): avc:  denied  { search } for  pid=1913
comm="automount" name="1269" dev=proc ino=83165186
scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:initrc_t:s0
tclass=dir
type=AVC msg=audit(1159374790.997:1846): avc:  denied  { search } for  pid=1913
comm="automount" name="1883" dev=proc ino=123404290
scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:initrc_t:s0
tclass=dir
type=AVC msg=audit(1159374790.997:1848): avc:  denied  { search } for  pid=1913
comm="automount" name="1905" dev=proc ino=124846082
scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:initrc_t:s0
tclass=dir
type=AVC msg=audit(1159375283.992:1828): avc:  denied  { search } for  pid=1916
comm="automount" name="1269" dev=proc ino=83165186
scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:initrc_t:s0
tclass=dir
type=AVC msg=audit(1159375284.000:1845): avc:  denied  { search } for  pid=1916
comm="automount" name="1886" dev=proc ino=123600898
scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:initrc_t:s0
tclass=dir
type=AVC msg=audit(1159375284.004:1847): avc:  denied  { search } for  pid=1916
comm="automount" name="1908" dev=proc ino=125042690
scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:initrc_t:s0
tclass=dir
type=AVC msg=audit(1159375575.375:1828): avc:  denied  { search } for  pid=1947
comm="automount" name="1305" dev=proc ino=85524482
scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:initrc_t:s0
tclass=dir
type=AVC msg=audit(1159375575.383:1845): avc:  denied  { search } for  pid=1947
comm="automount" name="1917" dev=proc ino=125632514
scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:initrc_t:s0
tclass=dir
type=AVC msg=audit(1159375575.387:1847): avc:  denied  { search } for  pid=1947
comm="automount" name="1939" dev=proc ino=127074306
scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:initrc_t:s0
tclass=dir
[root@ghost ~]# 

Same with today's updates with one exception. When running semodule -b
setroubleshoot popup with the following error: "SELinux is preventing
/sbin/setfiles (semanage_t) "noatsecure" to [unknown] (setfiles_t)."
Comment 8 Stephanos Manos 2006-09-28 08:59:47 EDT
BZ #206751 is for the same problem but filled against rhgb
Comment 9 Stephanos Manos 2006-09-28 18:10:00 EDT
With todays updates the problem is different rhdg hangs and needs to be killed
(ctrl+alt+bs) so as the system to be started with selinux enabled; with selinux
disabled the system starts fine.

kernel.i686 2.6.18-1.2699.fc6
initscripts.i386 8.43-1
nash.i386 5.1.18-1
rhgb.i386 0.16.3-6.fc6
gdm.i386 1:2.16.0-10.fc6
Comment 10 Mark Wielaard 2006-09-29 06:33:18 EDT
(In reply to comment #9)
> With todays updates the problem is different rhdg hangs and needs to be killed
> (ctrl+alt+bs) so as the system to be started with selinux enabled; with selinux
> disabled the system starts fine.
> 
> kernel.i686 2.6.18-1.2699.fc6
> initscripts.i386 8.43-1
> nash.i386 5.1.18-1
> rhgb.i386 0.16.3-6.fc6
> gdm.i386 1:2.16.0-10.fc6

Seeing a similar problem. Killing X with ctrl-alt-backspace makes the boot
proceed. dmesg shows the following avc messages:

SELinux: initialized (dev ramfs, type ramfs), uses genfs_contexts
audit(1159517013.540:4): avc:  denied  { setpgid } for  pid=1375 comm="bash"
scontext=system_u:system_r:rhgb_t:s0 tcontext=system_u:system_r:rhgb_t:s0
tclass=process
audit(1159517013.572:5): avc:  denied  { execute } for  pid=1375 comm="bash"
name="colorls.sh" dev=dm-0 ino=8446164 scontext=system_u:system_r:rhgb_t:s0
tcontext=system_u:object_r:etc_t:s0 tclass=file
audit(1159517013.660:6): avc:  denied  { execute } for  pid=1375 comm="bash"
name="cvs.sh" dev=dm-0 ino=8446667 scontext=system_u:system_r:rhgb_t:s0
tcontext=system_u:object_r:etc_t:s0 tclass=file
audit(1159517013.672:7): avc:  denied  { execute } for  pid=1375 comm="bash"
name="glib2.sh" dev=dm-0 ino=8449085 scontext=system_u:system_r:rhgb_t:s0
tcontext=system_u:object_r:etc_t:s0 tclass=file
audit(1159517013.688:8): avc:  denied  { execute } for  pid=1375 comm="bash"
name="gnome-ssh-askpass.sh" dev=dm-0 ino=8449420
scontext=system_u:system_r:rhgb_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
audit(1159517013.700:9): avc:  denied  { execute } for  pid=1375 comm="bash"
name="krb5.sh" dev=dm-0 ino=8449008 scontext=system_u:system_r:rhgb_t:s0
tcontext=system_u:object_r:etc_t:s0 tclass=file
audit(1159517013.752:10): avc:  denied  { execute } for  pid=1375 comm="bash"
name="lang.sh" dev=dm-0 ino=8446772 scontext=system_u:system_r:rhgb_t:s0
tcontext=system_u:object_r:etc_t:s0 tclass=file
audit(1159517013.764:11): avc:  denied  { execute } for  pid=1386 comm="bash"
name="consoletype" dev=dm-0 ino=10999421 scontext=system_u:system_r:rhgb_t:s0
tcontext=system_u:object_r:consoletype_exec_t:s0 tclass=file
audit(1159517013.764:12): avc:  denied  { getattr } for  pid=1386 comm="bash"
name="consoletype" dev=dm-0 ino=10999421 scontext=system_u:system_r:rhgb_t:s0
tcontext=system_u:object_r:consoletype_exec_t:s0 tclass=file
audit(1159517013.764:13): avc:  denied  { getattr } for  pid=1386 comm="bash"
name="consoletype" dev=dm-0 ino=10999421 scontext=system_u:system_r:rhgb_t:s0
tcontext=system_u:object_r:consoletype_exec_t:s0 tclass=file
audit(1159517013.764:14): avc:  denied  { execute } for  pid=1375 comm="bash"
name="less.sh" dev=dm-0 ino=8446042 scontext=system_u:system_r:rhgb_t:s0
tcontext=system_u:object_r:etc_t:s0 tclass=file
audit(1159517013.848:15): avc:  denied  { execute } for  pid=1375 comm="bash"
name="vim.sh" dev=dm-0 ino=8448893 scontext=system_u:system_r:rhgb_t:s0
tcontext=system_u:object_r:etc_t:s0 tclass=file
audit(1159517013.860:16): avc:  denied  { execute } for  pid=1375 comm="bash"
name="which-2.sh" dev=dm-0 ino=8446619 scontext=system_u:system_r:rhgb_t:s0
tcontext=system_u:object_r:etc_t:s0 tclass=file
NET: Registered protocol family 10
Comment 11 Bill Nottingham 2006-09-29 09:19:49 EDT
OK, obviously all those messages stem from the first one. Why is that denied, I
wonder.
Comment 12 Daniel Walsh 2006-09-29 11:22:26 EDT
Fixed in selinux-policy-2.3.16-8

I think I got all of these.  Package is available on
http://people.redhat.com/dwalsh/SELinux/Fedora/

Now.  Please test to make sure it works.
Comment 13 Stephanos Manos 2006-09-29 17:16:49 EDT
Downloaded. Installed. Tested.

rhgb starts OK!
Show Details OK! (Shows the services starting correctly)

AVC messages related to rhgb_t 0; xdm_t 0; initrc_t a few

[root@ghost ~]# /sbin/ausearch -m avc | grep rhgb_t
[root@ghost ~]# /sbin/ausearch -m avc | grep xdm_t
[root@ghost ~]# /sbin/ausearch -m avc | grep initrc_t
type=AVC msg=audit(1159478470.228:1845): avc:  denied  { search } for  pid=1973
comm="automount" name="1303" dev=proc ino=85393410
scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:initrc_t:s0
tclass=dir
type=AVC msg=audit(1159478470.240:1862): avc:  denied  { search } for  pid=1973
comm="automount" name="1943" dev=proc ino=127336450
scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:initrc_t:s0
tclass=dir
type=AVC msg=audit(1159478470.240:1864): avc:  denied  { search } for  pid=1973
comm="automount" name="1965" dev=proc ino=128778242
scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:initrc_t:s0
tclass=dir
type=AVC msg=audit(1159547844.107:1847): avc:  denied  { search } for  pid=1975
comm="automount" name="1299" dev=proc ino=85131266
scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:initrc_t:s0
tclass=dir
type=AVC msg=audit(1159547844.119:1864): avc:  denied  { search } for  pid=1975
comm="automount" name="1945" dev=proc ino=127467522
scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:initrc_t:s0
tclass=dir
type=AVC msg=audit(1159547844.123:1866): avc:  denied  { search } for  pid=1975
comm="automount" name="1967" dev=proc ino=128909314
scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:initrc_t:s0
tclass=dir
Comment 14 Mark Wielaard 2006-09-30 12:51:42 EDT
rhgb starts up again and boot proceeds normally.
selinux-policy-2.3.16-9
kernel-2.6.18-1.2699.fc6
xorg-x11-server-Xorg-1.1.1-43.fc6
Comment 15 Stephanos Manos 2006-10-01 17:31:54 EDT
Fresh installation from a rawhide tree Sep 30 on a different system.
Every thing works ok.
No avc messages.
Comment 16 Bill Nottingham 2006-10-02 09:46:18 EDT
Thanks for the verification! Adjusting component and closing.

Note You need to log in before you can comment on or make changes to this bug.