Bug 479411 - selinux prevents logins on newly installed system
Summary: selinux prevents logins on newly installed system
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: anaconda
Version: 10
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Anaconda Maintenance Team
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-01-09 12:56 UTC by Kasper Dupont
Modified: 2009-01-18 12:25 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-01-13 21:14:43 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
lspci output in case the hardware configuration has anything to say (9.67 KB, text/plain)
2009-01-09 12:56 UTC, Kasper Dupont
no flags Details

Description Kasper Dupont 2009-01-09 12:56:48 UTC
Created attachment 328541 [details]
lspci output in case the hardware configuration has anything to say

Description of problem:
I installed Fedora 10 from scratch on a laptop. Once the install was done it would not allow me to log in.

Version-Release number of selected component (if applicable):
selinux-policy-3.5.13-38.fc10.noarch (random guess, I really don't know which component is at fault).

How reproducible:
Don't know

Steps to Reproduce:
1. Install
2. Boot
3. Log in
  
Actual results:
From graphical login the screen will flash a few times and return to the login screen. From text login there will be a message saying something like "no login shell - permission denied", but it is visible for too short to read it exactly.

Expected results:
I can log in.

Additional info:
It wasn't possible to change any boot parameters from grub, but by booting the installer in rescue mode I was able to mount the root file system and edit /etc/selinux/config to put selinux in permissive mode. After that the system can boot, but in gnome there is a popup window about avc denied every few seconds.

The system was installed on a reiserfs partition which before the install contained a directory named /suse and no files outside of that directory, so there shouldn't be any conflicting names.

Comment 1 Daniel Walsh 2009-01-12 20:53:47 UTC
reserfs does not support extended attributes properly so SELinux can not run on it.  Either change to use a file system that supports extended attributes properly or disable selinux.

Comment 2 Kasper Dupont 2009-01-12 22:59:33 UTC
In that case the bug might be in the installer. It shouldn't enable selinux by default if the file system doesn't support it.

Should this bug be changed to anaconda and rawhide?

Comment 3 Daniel Walsh 2009-01-13 15:02:16 UTC
You can try but I would not be hopeful for a better state then I gave you.  :^(

Comment 4 Chris Lumens 2009-01-13 21:14:43 UTC
reiserfs is completely unsupported in anaconda, which is why we make you use a command line option to even enable it.  If you have a patch to disable SELinux in the reiserfs case, please submit it to anaconda-devel-list for consideration.  Thanks.

Comment 5 Kasper Dupont 2009-01-18 12:25:14 UTC
I did not specify any command line option to enable it.

I might submit a patch. But documentation on how to test an anaconda change and how to build a new install image with it is not that easy to find.


Note You need to log in before you can comment on or make changes to this bug.