Bug 692436 - Incorrect SELinux labelling of new /run directory prevents system boot
Summary: Incorrect SELinux labelling of new /run directory prevents system boot
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 15
Hardware: Unspecified
OS: Unspecified
unspecified
urgent
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: AcceptedBlocker
: 692137 692440 692475 692600 (view as bug list)
Depends On:
Blocks: F15Beta, F15BetaBlocker
TreeView+ depends on / blocked
 
Reported: 2011-03-31 11:11 UTC by Kamil Páral
Modified: 2011-04-04 20:35 UTC (History)
17 users (show)

Fixed In Version: systemd-22-1.fc15, selinux-policy-3.9.16-10.fc15
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-04-04 19:39:02 UTC


Attachments (Terms of Use)
messages (1.59 MB, text/plain)
2011-03-31 11:13 UTC, Kamil Páral
no flags Details
audit.log (1.04 MB, text/plain)
2011-03-31 11:13 UTC, Kamil Páral
no flags Details
secure (16.60 KB, text/plain)
2011-03-31 11:13 UTC, Kamil Páral
no flags Details

Description Kamil Páral 2011-03-31 11:11:14 UTC
Description of problem:
After latest yum update in Fedora 15 the system won't boot at all. It's stuck with the last message being "Starting monitoring LVM2 mirrors, snapshots, etc." (or similar). When enforce=0 is put into kernel boot line, system works fine.

Version-Release number of selected component (if applicable):
systemd-21-2.fc15.x86_64
libselinux-2.0.98-2.fc15.x86_64
selinux-policy-3.9.16-6.fc15.noarch
systemd-units-21-2.fc15.x86_64
selinux-policy-targeted-3.9.16-6.fc15.noarch
libselinux-utils-2.0.98-2.fc15.x86_64
libselinux-python-2.0.98-2.fc15.x86_64

How reproducible:
always

Comment 1 Kamil Páral 2011-03-31 11:13:13 UTC
Created attachment 489037 [details]
messages

Comment 2 Kamil Páral 2011-03-31 11:13:34 UTC
Created attachment 489038 [details]
audit.log

Comment 3 Kamil Páral 2011-03-31 11:13:48 UTC
Created attachment 489039 [details]
secure

Comment 4 Miroslav Grepl 2011-03-31 11:33:38 UTC
*** Bug 692137 has been marked as a duplicate of this bug. ***

Comment 5 Miroslav Grepl 2011-03-31 11:34:21 UTC
*** Bug 692440 has been marked as a duplicate of this bug. ***

Comment 6 Michal Schmidt 2011-03-31 13:23:09 UTC
*** Bug 692475 has been marked as a duplicate of this bug. ***

Comment 7 Adam Williamson 2011-03-31 16:44:29 UTC
Better summary.

Comment 8 Michal Schmidt 2011-03-31 17:08:45 UTC
*** Bug 692600 has been marked as a duplicate of this bug. ***

Comment 9 Fedora Update System 2011-04-01 14:35:38 UTC
systemd-22-1.fc15, selinux-policy-3.9.16-9.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/selinux-policy-3.9.16-9.fc15,systemd-22-1.fc15

Comment 10 Andrew McNabb 2011-04-01 19:10:13 UTC
I have updated to systemd-22-1.fc15 and selinux-policy-3.9.16-10.fc15, and the system still fails to boot. If these updates are working for others, then it may be important to mention that my system has selinux disabled.

Comment 11 Tim Flink 2011-04-01 20:25:08 UTC
Discussed during the 2011-04-01 blocker review meeting. One of the release criteria this hits is:

after firstboot is completed and on subsequent boots, a system installed according to any of the above criteria (or the appropriate Beta or Final criteria, when applying this criterion to those releases) must boot to a working graphical environment without unintended user intervention.

Proposed fix has been pushed to updates, not clear if it fixes the problem. More testing of the proposed update is needed to verify that it does/does not work.

Comment 12 Horst H. von Brand 2011-04-01 23:48:21 UTC
Updated to selinux-policy-3.9.16-10.fc15.noarch, systemd-22-1.fc15.x86_64; after relabeling boot went fine. So it works for me.

Comment 13 Fedora Update System 2011-04-02 05:54:46 UTC
systemd-22-1.fc15, selinux-policy-3.9.16-10.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 14 Andrew McNabb 2011-04-04 17:19:26 UTC
Why was this bug closed? I clearly stated that my system still fails to boot.

Comment 15 Daniel Walsh 2011-04-04 19:18:34 UTC
Andrew is it failing to boot in enforcing=0?

Comment 16 Andrew McNabb 2011-04-04 19:26:44 UTC
It still fails to boot if I set enforcing=0 (with the "Failed to load SELinux policy" from bug #692537), but it does boot if I specify selinux=0.

Comment 17 Michal Schmidt 2011-04-04 19:35:52 UTC
(In reply to comment #10)
> it may be important to mention that my system has selinux disabled.

Very important. This bug affected SELinux-enabled systemds. Broken systems with SELinux disabled using /etc/config/selinux is bug 692573.

Comment 18 Michal Schmidt 2011-04-04 19:39:02 UTC
So I am closing this again. Anyone is still seeing problems booting *with SELinux enabled*, please reopen or file a new bug.

Comment 19 Daniel Walsh 2011-04-04 19:40:51 UTC
That is a different bug then this one, related to systemd, which you found the
link to.

We are working to fix the labeling of /run which is mostly fixed by this
update.

systemd-23-1 is supposed to be released tonight to fix the rest of the
labeling.

Comment 20 Andrew McNabb 2011-04-04 20:10:59 UTC
In the other bug, it was stated that this one was for the failure to boot, and the other was for the selinux-related error message. I will try to clarify the situation for all who are following the other bug.

Comment 21 Michal Schmidt 2011-04-04 20:19:22 UTC
Both bugs could cause a failure to boot.

Comment 22 Andrew McNabb 2011-04-04 20:35:05 UTC
(In reply to comment #21)
> Both bugs could cause a failure to boot.

Both indeed do. :)


Note You need to log in before you can comment on or make changes to this bug.