Bug 619238 - can't login to normal F14 install - avc: denied { entrypoint } for comm="login" path="/bin/bash"
Summary: can't login to normal F14 install - avc: denied { entrypoint } for comm="log...
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy   
(Show other bugs)
Version: 14
Hardware: All Linux
medium
urgent
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: AcceptedBlocker
Keywords:
Depends On:
Blocks: F14Alpha, F14AlphaBlocker
TreeView+ depends on / blocked
 
Reported: 2010-07-29 01:01 UTC by Jens Petersen
Modified: 2013-01-10 06:05 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-08-04 14:53:50 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Jens Petersen 2010-07-29 01:01:40 UTC
Description of problem:
When I installed rawhide yesterday I couldn't login as root or a user
neither at VC or gdm.  Not really any more data-points yet.
I am pretty sure this is still with upstart.

Steps to Reproduce:
1. install rawhide directly: eg via F13 boot.iso pointed at rawhide mirror
   or 

2. boot install
3. try to login
  
Actual results:
3. can't login - get thrown out of shell/gdm session immediately.

Expected results:
3. able to login

Additional info:
Live and upgrades from F13 seem unaffected.

Comment 1 Jens Petersen 2010-07-29 01:03:16 UTC
Jesse suggested I make this a F14Alpha blocker for now.

Comment 2 Jens Petersen 2010-07-29 01:05:15 UTC
Tried both minimal install and standard desktop.

Comment 3 Jens Petersen 2010-07-29 01:09:22 UTC
(In reply to comment #0)
> Steps to Reproduce:
> 1. install rawhide directly: eg via F13 boot.iso pointed at rawhide mirror
>    or 

from http://alt.fedoraproject.org/pub/alt/stage/rawhide-20100722/x86_64/os/

Comment 4 Bill Nottingham 2010-07-29 15:40:27 UTC
If you boot with init=/bin/bash (or single user mode);

$ rpm -qa | grep (upstart|systemd)

Also, any AVC errors logged?

Comment 5 Jens Petersen 2010-07-30 07:28:02 UTC
Ah, I just managed to fix an install with a rescue disk
which then lead to selinux relabelling when I rebooted.
So yeah may be a selinux issue.  (This was latest rawhide tree here today.)

Will update with more details after next install attempt.

Comment 6 Jens Petersen 2010-07-30 07:38:30 UTC
It is running upstart-0.6.5-7.fc14 FWIW.

Comment 7 Jens Petersen 2010-07-30 09:13:43 UTC
I did a new install and see /var/log/messages has

localhost kernel: type=1400 audit(...): avc: denied { entrypoint } for  pid=1234 comm="login" path="/bin/bash" dev=dm-0 ino=41 scontext=unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file

Comment 8 François Cami 2010-07-30 19:03:22 UTC
Reproduced with installer from http://alt.fedoraproject.org/pub/alt/stage/rawhide-20100722/x86_64/os/ and rawhide tree from local mirror.
Setting as F14 Alpha blocker.

-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers

Comment 9 François Cami 2010-07-30 20:08:45 UTC
I can confirm that forcing a relabel fixes the issue.
* switching component to selinux-policy as decided in blocker review meeting. 
* setting severity as urgent since an installed system can't be used.

Gentle reminder: we need a workaround or a fix by Tuesday in order to be able to start spinning Alpha RCs. Thanks!

-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers

Comment 10 Andre Robatino 2010-08-01 17:21:31 UTC
After a minimal F13 install, updating fedora-release to 14-0.7, and updating, I have the same problem, but an selinux relabel does NOT fix it.  I can still boot up either in rescue mode or single-user mode, start the network, and update/install packages that way.  I tried resetting my password in the event it wasn't set properly, but that doesn't help.  (It's a little hard to tell since the system won't shut down cleanly, so I have to force it off, and can't be sure if all settings are saved.)

Comment 11 Andre Robatino 2010-08-01 17:33:03 UTC
Booting up in single-user mode, then running "systemctl default", seems to be a workaround, giving me the ability to log in normally either as root or an ordinary user.

Comment 12 François Cami 2010-08-01 17:40:57 UTC
Andre, please confirm that by "same problem", you mean AVCs matching the ones in comment 7.

-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers

Comment 13 Andre Robatino 2010-08-01 17:50:06 UTC
"grep avc /var/log/messages" returns no output, so it's not the same in that sense.  (BTW, either the Subject should be changed to refer to F14, or the Version should be changed back to rawhide.)

Comment 14 François Cami 2010-08-01 17:53:34 UTC
Thanks for the suggestion, I've changed the subject.
Please file a bug with the issue you're experiencing.

-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers

Comment 15 Jens Petersen 2010-08-04 01:52:41 UTC
I don't see this any more with F14 alpha TC2.


Note You need to log in before you can comment on or make changes to this bug.