Bug 619238 - can't login to normal F14 install - avc: denied { entrypoint } for comm="login" path="/bin/bash"
can't login to normal F14 install - avc: denied { entrypoint } for comm="log...
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
14
All Linux
medium Severity urgent
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
AcceptedBlocker
:
Depends On:
Blocks: F14Alpha/F14AlphaBlocker
  Show dependency treegraph
 
Reported: 2010-07-28 21:01 EDT by Jens Petersen
Modified: 2013-01-10 01:05 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-08-04 10:53:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jens Petersen 2010-07-28 21:01:40 EDT
Description of problem:
When I installed rawhide yesterday I couldn't login as root or a user
neither at VC or gdm.  Not really any more data-points yet.
I am pretty sure this is still with upstart.

Steps to Reproduce:
1. install rawhide directly: eg via F13 boot.iso pointed at rawhide mirror
   or 

2. boot install
3. try to login
  
Actual results:
3. can't login - get thrown out of shell/gdm session immediately.

Expected results:
3. able to login

Additional info:
Live and upgrades from F13 seem unaffected.
Comment 1 Jens Petersen 2010-07-28 21:03:16 EDT
Jesse suggested I make this a F14Alpha blocker for now.
Comment 2 Jens Petersen 2010-07-28 21:05:15 EDT
Tried both minimal install and standard desktop.
Comment 3 Jens Petersen 2010-07-28 21:09:22 EDT
(In reply to comment #0)
> Steps to Reproduce:
> 1. install rawhide directly: eg via F13 boot.iso pointed at rawhide mirror
>    or 

from http://alt.fedoraproject.org/pub/alt/stage/rawhide-20100722/x86_64/os/
Comment 4 Bill Nottingham 2010-07-29 11:40:27 EDT
If you boot with init=/bin/bash (or single user mode);

$ rpm -qa | grep (upstart|systemd)

Also, any AVC errors logged?
Comment 5 Jens Petersen 2010-07-30 03:28:02 EDT
Ah, I just managed to fix an install with a rescue disk
which then lead to selinux relabelling when I rebooted.
So yeah may be a selinux issue.  (This was latest rawhide tree here today.)

Will update with more details after next install attempt.
Comment 6 Jens Petersen 2010-07-30 03:38:30 EDT
It is running upstart-0.6.5-7.fc14 FWIW.
Comment 7 Jens Petersen 2010-07-30 05:13:43 EDT
I did a new install and see /var/log/messages has

localhost kernel: type=1400 audit(...): avc: denied { entrypoint } for  pid=1234 comm="login" path="/bin/bash" dev=dm-0 ino=41 scontext=unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
Comment 8 François Cami 2010-07-30 15:03:22 EDT
Reproduced with installer from http://alt.fedoraproject.org/pub/alt/stage/rawhide-20100722/x86_64/os/ and rawhide tree from local mirror.
Setting as F14 Alpha blocker.

-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers
Comment 9 François Cami 2010-07-30 16:08:45 EDT
I can confirm that forcing a relabel fixes the issue.
* switching component to selinux-policy as decided in blocker review meeting. 
* setting severity as urgent since an installed system can't be used.

Gentle reminder: we need a workaround or a fix by Tuesday in order to be able to start spinning Alpha RCs. Thanks!

-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers
Comment 10 Andre Robatino 2010-08-01 13:21:31 EDT
After a minimal F13 install, updating fedora-release to 14-0.7, and updating, I have the same problem, but an selinux relabel does NOT fix it.  I can still boot up either in rescue mode or single-user mode, start the network, and update/install packages that way.  I tried resetting my password in the event it wasn't set properly, but that doesn't help.  (It's a little hard to tell since the system won't shut down cleanly, so I have to force it off, and can't be sure if all settings are saved.)
Comment 11 Andre Robatino 2010-08-01 13:33:03 EDT
Booting up in single-user mode, then running "systemctl default", seems to be a workaround, giving me the ability to log in normally either as root or an ordinary user.
Comment 12 François Cami 2010-08-01 13:40:57 EDT
Andre, please confirm that by "same problem", you mean AVCs matching the ones in comment 7.

-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers
Comment 13 Andre Robatino 2010-08-01 13:50:06 EDT
"grep avc /var/log/messages" returns no output, so it's not the same in that sense.  (BTW, either the Subject should be changed to refer to F14, or the Version should be changed back to rawhide.)
Comment 14 François Cami 2010-08-01 13:53:34 EDT
Thanks for the suggestion, I've changed the subject.
Please file a bug with the issue you're experiencing.

-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers
Comment 15 Jens Petersen 2010-08-03 21:52:41 EDT
I don't see this any more with F14 alpha TC2.

Note You need to log in before you can comment on or make changes to this bug.