Description of problem: With the latest selinux-policy, udev, and systemd packages from rawhide, I can no longer login to the system, even as root. Version-Release number of selected component (if applicable): systemd-32-1.fc17.x86_64 udev-173-1.fc17.x86_64 selinux-policy-3.10.0-11.fc17.noarch selinux-policy-targeted-3.10.0-11.fc17.noarch How reproducible: Always Steps to Reproduce: 1. Install 2. Boot 3. Try to login via GDM or VT Actual results: It looks like the login works, then GDM restarts or the VT goes back to the login prompt Expected results: login works Additional info: If I add enforcing=0 to the kernel command line, I can login just fine. Here are some early avc denials: Aug 2 16:15:04 localhost kernel: [ 7.389050] type=1400 audit(1312316090.250:4): avc: denied { dyntransition } for pid=1 comm="systemd" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=process Aug 2 16:15:04 localhost kernel: [ 10.752448] type=1400 audit(1312316093.615:5): avc: denied { write } for pid=378 comm="udevd" name="notify" dev=tmpfs ino=8918 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file Aug 2 16:15:04 localhost kernel: [ 11.178286] type=1400 audit(1312316094.041:6): avc: denied { use } for pid=393 comm="loadkeys" path="/dev/null" dev=devtmpfs ino=4278 scontext=system_u:system_r:loadkeys_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd Aug 2 16:15:04 localhost kernel: [ 11.185978] type=1400 audit(1312316094.048:7): avc: denied { use } for pid=393 comm="loadkeys" path="socket:[9779]" dev=sockfs ino=9779 scontext=system_u:system_r:loadkeys_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd Aug 2 16:15:04 localhost kernel: [ 11.188895] type=1400 audit(1312316094.050:8): avc: denied { use } for pid=393 comm="loadkeys" path="socket:[9779]" dev=sockfs ino=9779 scontext=system_u:system_r:loadkeys_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd Aug 2 16:15:04 localhost kernel: [ 11.643555] type=1400 audit(1312316094.506:9): avc: denied { sigchld } for pid=1 comm="systemd" scontext=system_u:system_r:loadkeys_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process The majority of them are of the sigchld kind. I'll attach the boot log for the failed boot shortly. I tried touching ./autorelabel and that didn't do anything.
Created attachment 516389 [details] /var/log/messages from bad boot
Fixed in selinux-policy-3.10.0-13.fc17.noarch