Red Hat Bugzilla – Bug 479411
selinux prevents logins on newly installed system
Last modified: 2009-01-18 07:25:14 EST
Created attachment 328541 [details]
lspci output in case the hardware configuration has anything to say
Description of problem:
I installed Fedora 10 from scratch on a laptop. Once the install was done it would not allow me to log in.
Version-Release number of selected component (if applicable):
selinux-policy-3.5.13-38.fc10.noarch (random guess, I really don't know which component is at fault).
Steps to Reproduce:
3. Log in
From graphical login the screen will flash a few times and return to the login screen. From text login there will be a message saying something like "no login shell - permission denied", but it is visible for too short to read it exactly.
I can log in.
It wasn't possible to change any boot parameters from grub, but by booting the installer in rescue mode I was able to mount the root file system and edit /etc/selinux/config to put selinux in permissive mode. After that the system can boot, but in gnome there is a popup window about avc denied every few seconds.
The system was installed on a reiserfs partition which before the install contained a directory named /suse and no files outside of that directory, so there shouldn't be any conflicting names.
reserfs does not support extended attributes properly so SELinux can not run on it. Either change to use a file system that supports extended attributes properly or disable selinux.
In that case the bug might be in the installer. It shouldn't enable selinux by default if the file system doesn't support it.
Should this bug be changed to anaconda and rawhide?
You can try but I would not be hopeful for a better state then I gave you. :^(
reiserfs is completely unsupported in anaconda, which is why we make you use a command line option to even enable it. If you have a patch to disable SELinux in the reiserfs case, please submit it to email@example.com for consideration. Thanks.
I did not specify any command line option to enable it.
I might submit a patch. But documentation on how to test an anaconda change and how to build a new install image with it is not that easy to find.