Description of problem: This is a bit obtuse... I use Junipernetworks SSLVPN to get into my work. This program runs as su root and alters /etc/hosts and /etc/resolve.conf while connected (and restores them when it cleanly disconnects). I had a power-bump (and no UPS on my computer which I'll be getting now). When my computer rebooted, it hung on sendmail and cups starting. I had to boot into runlevel 1 and disable them (one at a time) at boot to get my system up into Xorg. Once in Xorg, I could see the error messages (see attachment). The bug is that a "mislabeled file" on /etc/hosts prevents the system from booting. At least cups and sendmail both hung during the boot. How reproducible: Not sure, not interested in hard power-cycling my computer to find out unless someone really wants me to. Steps to Reproduce: 1. Run sslvpn 2. Unplug computer Actual results: Hangs on boot (cups, sendmail, anything accessing the mislabeled "hosts" file) Expected results: Not sure what the right answer is. Kill programs on boot if they take too long. Add a script to "/sbin/restorecon -R -v /etc" on boot?
Created attachment 304954 [details] Error messages from SELinux on mislabled hosts file
Some program/script must have copied the hosts file to /tmp and then edited it and finally mv it back into place causing it to be labeled tmp_t? Can you look to see if you have such a script?
It is a java program, here is the strace from a connect/disconnect where you can see how it mucks with hosts and resolve.conf. If you want the full strace, I'll have to scrub it for private info. # grep host ~bill/Desktop/sslvpn.log [pid 5231] stat64("/usr/share/fonts/default/ghostscript", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 5231] stat64("/usr/share/fonts/default/ghostscript", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 5231] access("/usr/share/fonts/default/ghostscript/fonts.dir", R_OK) = -1 ENOENT (No such file or directory) [pid 5256] open("/etc/host.conf", O_RDONLY <unfinished ...> [pid 5256] <... read resumed> "order hosts,bind\n", 4096) = 17 [pid 5256] open("/etc/hosts", O_RDONLY|0x80000 /* O_??? */) = 21 [pid 5256] open("/etc/hosts", O_RDONLY|0x80000 /* O_??? */) = 17 [pid 5274] open("/etc/host.conf", O_RDONLY) = 6 [pid 5274] read(6, "order hosts,bind\n", 4096) = 17 [pid 5274] open("/etc/hosts", O_RDONLY|0x80000 /* O_??? */) = 6 [pid 5276] open("/etc/hosts", O_RDONLY|0x80000 /* O_??? */) = 9 [pid 5276] open("/etc/hosts", O_RDONLY|0x80000 /* O_??? */) = 9 [pid 5274] open("/etc/hosts", O_RDONLY) = 11 [pid 5274] open("/tmp/hosts.new", O_WRONLY|O_CREAT, 0644) = 16 [pid 5274] open("/etc/hosts.bak", O_WRONLY|O_CREAT, 0644) = 17 [pid 5274] write(16, "# BEGIN hosts added by Network C"..., 108) = 108 [pid 5274] rename("/tmp/hosts.new", "/etc/hosts") = 0 [pid 5274] rename("/etc/hosts.bak", "/etc/hosts") = 0 [pid 5274] rename("/etc/hosts.bak", "/etc/hosts") = -1 ENOENT (No such file or directory)
So your choice is to either fix the script or run restorecond and add /etc/hosts to the /etc/selinux/restorecond.conf file.