706750 – selinux is preventing gdm from starting and user's login

Bug 706750 - selinux is preventing gdm from starting and user's login

Summary: selinux is preventing gdm from starting and user's login

Keywords:
Status:	CLOSED DUPLICATE of bug 702865
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	14
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-05-22 17:50 UTC by cornel panceac
Modified:	2011-05-22 19:15 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-05-22 18:12:38 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
the log file (1.68 MB, application/octet-stream) 2011-05-22 17:50 UTC, cornel panceac	no flags	Details
View All

Description cornel panceac 2011-05-22 17:50:39 UTC

Created attachment 500290 [details]
the log file

Description of problem:
if selinux is set to enforcing in /etc/selinux/config , i can not login with root or any other user, and gdm is not starting.

Version-Release number of selected component (if applicable):
# rpm -q selinux-policy
selinux-policy-3.9.7-40.fc14.noarch


How reproducible:
always

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
the system was upgraded from f13. adding setenforce=0 in kernel line is useless. touch /.autorelabel (fixfiles onboot) is useless. creating and applying a custom policy is useless. the only way to use this system is setting selinux to permissive in config file. any help is greately appreciated.

Comment 1 Dominick Grift 2011-05-22 18:06:09 UTC

You could try re-installing the policy, If that works then we know that something in the upgrade path f13 -> f14 may be broken in selinux-policy package. (Other packages could also e responsible i imagine)

Try this at you own risk though:

1. setenforce 0 (i know it is probably already permissive since it wouldnt let you boot otherwise)
2. yum erase selinux-policy selinux-policy-targeted (only proceed if it does not try to erase any other alleged dependencies)
3. mv /etc/selinux/targeted /etc/selinux/targeted.backup
4. yum install selinux-policy selinux-policy-targeted
5. touch /.autorelabel && reboot (this step may not be needed since you relabeled just recently.

Comment 2 Dominick Grift 2011-05-22 18:08:37 UTC

Actually before "touch /.autorelabel && reboot" edit /etc/selinux/config and set SELINUX=enforcing. Because if you de-install then it will edit the config file to set it to disabled.

Comment 3 Miroslav Grepl 2011-05-22 18:12:38 UTC


*** This bug has been marked as a duplicate of bug 702865 ***

Comment 4 cornel panceac 2011-05-22 19:15:18 UTC

(In reply to comment #1)
> You could try re-installing the policy, If that works then we know that
> something in the upgrade path f13 -> f14 may be broken in selinux-policy
> package. (Other packages could also e responsible i imagine)
> 
> Try this at you own risk though:
> 
> 1. setenforce 0 (i know it is probably already permissive since it wouldnt let
> you boot otherwise)
> 2. yum erase selinux-policy selinux-policy-targeted (only proceed if it does
> not try to erase any other alleged dependencies)
> 3. mv /etc/selinux/targeted /etc/selinux/targeted.backup
> 4. yum install selinux-policy selinux-policy-targeted
> 5. touch /.autorelabel && reboot (this step may not be needed since you
> relabeled just recently.

thank you very much dominick, that fixed it.

Note You need to log in before you can comment on or make changes to this bug.