Bug 692436 - Incorrect SELinux labelling of new /run directory prevents system boot
Incorrect SELinux labelling of new /run directory prevents system boot
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
15
Unspecified Unspecified
unspecified Severity urgent
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
AcceptedBlocker
: Reopened, Triaged
: 692137 692440 692475 692600 (view as bug list)
Depends On:
Blocks: F15Beta/F15BetaBlocker
  Show dependency treegraph
 
Reported: 2011-03-31 07:11 EDT by Kamil Páral
Modified: 2011-04-04 16:35 EDT (History)
17 users (show)

See Also:
Fixed In Version: systemd-22-1.fc15, selinux-policy-3.9.16-10.fc15
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-04-04 15:39:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
messages (1.59 MB, text/plain)
2011-03-31 07:13 EDT, Kamil Páral
no flags Details
audit.log (1.04 MB, text/plain)
2011-03-31 07:13 EDT, Kamil Páral
no flags Details
secure (16.60 KB, text/plain)
2011-03-31 07:13 EDT, Kamil Páral
no flags Details

  None (edit)
Description Kamil Páral 2011-03-31 07:11:14 EDT
Description of problem:
After latest yum update in Fedora 15 the system won't boot at all. It's stuck with the last message being "Starting monitoring LVM2 mirrors, snapshots, etc." (or similar). When enforce=0 is put into kernel boot line, system works fine.

Version-Release number of selected component (if applicable):
systemd-21-2.fc15.x86_64
libselinux-2.0.98-2.fc15.x86_64
selinux-policy-3.9.16-6.fc15.noarch
systemd-units-21-2.fc15.x86_64
selinux-policy-targeted-3.9.16-6.fc15.noarch
libselinux-utils-2.0.98-2.fc15.x86_64
libselinux-python-2.0.98-2.fc15.x86_64

How reproducible:
always
Comment 1 Kamil Páral 2011-03-31 07:13:13 EDT
Created attachment 489037 [details]
messages
Comment 2 Kamil Páral 2011-03-31 07:13:34 EDT
Created attachment 489038 [details]
audit.log
Comment 3 Kamil Páral 2011-03-31 07:13:48 EDT
Created attachment 489039 [details]
secure
Comment 4 Miroslav Grepl 2011-03-31 07:33:38 EDT
*** Bug 692137 has been marked as a duplicate of this bug. ***
Comment 5 Miroslav Grepl 2011-03-31 07:34:21 EDT
*** Bug 692440 has been marked as a duplicate of this bug. ***
Comment 6 Michal Schmidt 2011-03-31 09:23:09 EDT
*** Bug 692475 has been marked as a duplicate of this bug. ***
Comment 7 Adam Williamson 2011-03-31 12:44:29 EDT
Better summary.
Comment 8 Michal Schmidt 2011-03-31 13:08:45 EDT
*** Bug 692600 has been marked as a duplicate of this bug. ***
Comment 9 Fedora Update System 2011-04-01 10:35:38 EDT
systemd-22-1.fc15, selinux-policy-3.9.16-9.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/selinux-policy-3.9.16-9.fc15,systemd-22-1.fc15
Comment 10 Andrew McNabb 2011-04-01 15:10:13 EDT
I have updated to systemd-22-1.fc15 and selinux-policy-3.9.16-10.fc15, and the system still fails to boot. If these updates are working for others, then it may be important to mention that my system has selinux disabled.
Comment 11 Tim Flink 2011-04-01 16:25:08 EDT
Discussed during the 2011-04-01 blocker review meeting. One of the release criteria this hits is:

after firstboot is completed and on subsequent boots, a system installed according to any of the above criteria (or the appropriate Beta or Final criteria, when applying this criterion to those releases) must boot to a working graphical environment without unintended user intervention.

Proposed fix has been pushed to updates, not clear if it fixes the problem. More testing of the proposed update is needed to verify that it does/does not work.
Comment 12 Horst H. von Brand 2011-04-01 19:48:21 EDT
Updated to selinux-policy-3.9.16-10.fc15.noarch, systemd-22-1.fc15.x86_64; after relabeling boot went fine. So it works for me.
Comment 13 Fedora Update System 2011-04-02 01:54:46 EDT
systemd-22-1.fc15, selinux-policy-3.9.16-10.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 14 Andrew McNabb 2011-04-04 13:19:26 EDT
Why was this bug closed? I clearly stated that my system still fails to boot.
Comment 15 Daniel Walsh 2011-04-04 15:18:34 EDT
Andrew is it failing to boot in enforcing=0?
Comment 16 Andrew McNabb 2011-04-04 15:26:44 EDT
It still fails to boot if I set enforcing=0 (with the "Failed to load SELinux policy" from bug #692537), but it does boot if I specify selinux=0.
Comment 17 Michal Schmidt 2011-04-04 15:35:52 EDT
(In reply to comment #10)
> it may be important to mention that my system has selinux disabled.

Very important. This bug affected SELinux-enabled systemds. Broken systems with SELinux disabled using /etc/config/selinux is bug 692573.
Comment 18 Michal Schmidt 2011-04-04 15:39:02 EDT
So I am closing this again. Anyone is still seeing problems booting *with SELinux enabled*, please reopen or file a new bug.
Comment 19 Daniel Walsh 2011-04-04 15:40:51 EDT
That is a different bug then this one, related to systemd, which you found the
link to.

We are working to fix the labeling of /run which is mostly fixed by this
update.

systemd-23-1 is supposed to be released tonight to fix the rest of the
labeling.
Comment 20 Andrew McNabb 2011-04-04 16:10:59 EDT
In the other bug, it was stated that this one was for the failure to boot, and the other was for the selinux-related error message. I will try to clarify the situation for all who are following the other bug.
Comment 21 Michal Schmidt 2011-04-04 16:19:22 EDT
Both bugs could cause a failure to boot.
Comment 22 Andrew McNabb 2011-04-04 16:35:05 EDT
(In reply to comment #21)
> Both bugs could cause a failure to boot.

Both indeed do. :)

Note You need to log in before you can comment on or make changes to this bug.