selinux is preventing me from logging in. This is with an F14 install from todays tree. the avc's are .. type=AVC msg=audit(1285185783.731:43469): avc: denied { entrypoint } for pid=1865 comm="login" path="/bin/bash" dev=dm-0 ino=1571933 scontext=unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file type=AVC msg=audit(1285185867.898:43481): avc: denied { entrypoint } for pid=1883 comm="login" path="/bin/bash" dev=dm-0 ino=1571933 scontext=unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file trying to login prints a 'Unable to get valid context for root' message on the tty.
This looks like you have a version of sshd that is not running as sshd_t? Did you run it by hand? Is your system labeling screwed up? ps -eZ | grep sshd Or it could be gdm that is mislabeled.
ah. this seems to be fixed after applying all the updates from updates-testing. something there should really be flagged as being needed in F14 final. it also prevented login on the console, it wasn't just sshd.
didn't hit anything like this in any of the validation testing. the tree you tested may not exactly rc3, rc3 came with some fixes from a side repo of packages that have only very recently been pushed stable (may not have been in the tree you tested). though i don't recall seeing any bugs like this throughout the beta testing period, and none of the fixes i recall being in the side repo is related to anything like this. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
I guess fixed in selinux-policy-3.9.4-1.fc14
seems fixed.