Bug 479411 - selinux prevents logins on newly installed system
selinux prevents logins on newly installed system
Product: Fedora
Classification: Fedora
Component: anaconda (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Anaconda Maintenance Team
Fedora Extras Quality Assurance
: Reopened
Depends On:
  Show dependency treegraph
Reported: 2009-01-09 07:56 EST by Kasper Dupont
Modified: 2009-01-18 07:25 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-01-13 16:14:43 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
lspci output in case the hardware configuration has anything to say (9.67 KB, text/plain)
2009-01-09 07:56 EST, Kasper Dupont
no flags Details

  None (edit)
Description Kasper Dupont 2009-01-09 07:56:48 EST
Created attachment 328541 [details]
lspci output in case the hardware configuration has anything to say

Description of problem:
I installed Fedora 10 from scratch on a laptop. Once the install was done it would not allow me to log in.

Version-Release number of selected component (if applicable):
selinux-policy-3.5.13-38.fc10.noarch (random guess, I really don't know which component is at fault).

How reproducible:
Don't know

Steps to Reproduce:
1. Install
2. Boot
3. Log in
Actual results:
From graphical login the screen will flash a few times and return to the login screen. From text login there will be a message saying something like "no login shell - permission denied", but it is visible for too short to read it exactly.

Expected results:
I can log in.

Additional info:
It wasn't possible to change any boot parameters from grub, but by booting the installer in rescue mode I was able to mount the root file system and edit /etc/selinux/config to put selinux in permissive mode. After that the system can boot, but in gnome there is a popup window about avc denied every few seconds.

The system was installed on a reiserfs partition which before the install contained a directory named /suse and no files outside of that directory, so there shouldn't be any conflicting names.
Comment 1 Daniel Walsh 2009-01-12 15:53:47 EST
reserfs does not support extended attributes properly so SELinux can not run on it.  Either change to use a file system that supports extended attributes properly or disable selinux.
Comment 2 Kasper Dupont 2009-01-12 17:59:33 EST
In that case the bug might be in the installer. It shouldn't enable selinux by default if the file system doesn't support it.

Should this bug be changed to anaconda and rawhide?
Comment 3 Daniel Walsh 2009-01-13 10:02:16 EST
You can try but I would not be hopeful for a better state then I gave you.  :^(
Comment 4 Chris Lumens 2009-01-13 16:14:43 EST
reiserfs is completely unsupported in anaconda, which is why we make you use a command line option to even enable it.  If you have a patch to disable SELinux in the reiserfs case, please submit it to anaconda-devel-list@redhat.com for consideration.  Thanks.
Comment 5 Kasper Dupont 2009-01-18 07:25:14 EST
I did not specify any command line option to enable it.

I might submit a patch. But documentation on how to test an anaconda change and how to build a new install image with it is not that easy to find.

Note You need to log in before you can comment on or make changes to this bug.