Hide Forgot
1. Boot the F16 DVD on a brand new machine, adding reiserfs to the kernel command line and install a minimal system, selecting reiserfs for the / filesystem. 2. Boot your freshly installed system. 3. Try to login. Login is denied: the password is accepted but a message "root - no shell - permission denied" appears for an instant and then the screen goes back to a login prompt. Tried to add selinux=off to grub. No difference. Tried to switch selinux off in /etc/sysconfig/selinux. No difference. Tried to specify user_xattr,acl as mount options for / in /etc/fstab. Next boot got a dracut prompt blaming mounting problems. This scenario works on F14. (I don't know about 15)
Discovered that selinux=0 actually makes logging in possible. Modified /etc/default/grub, run grub2-mkconfig -o /boot/grub/grub.cfg and the system now lets me login.
Moving to kernel, as the intersection of selinux & reiserfs likely lies there.
Eric, is this something that should be sent upstream?
Not sure. Roberto, can you add enforcing=0 selinux=1 and try to login? Hopefully it will work and you will be able to attach the selinux denials (most likely /var/log/audit/audit.log) and the output of dmesg so we can get a better idea what is wrong?
This the failed login, it looks like /bin/bash was denied execution: type=USER_AUTH msg=audit(1325968839.075:25): user pid=717 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 msg='op=PAM:authentication acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' type=USER_ACCT msg=audit(1325968839.083:26): user pid=717 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 msg='op=PAM:accounting acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' type=LOGIN msg=audit(1325968839.084:27): login pid=717 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1 type=USER_ROLE_CHANGE msg=audit(1325968839.333:28): user pid=717 uid=0 auid=0 ses=1 subj=system_u:system_r:kernel_t:s0 msg='pam: default-context=unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023 selected-context=unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023: exe=" /bin/login" hostname=? addr=? terminal=tty1 res=success' type=USER_START msg=audit(1325968839.353:29): user pid=717 uid=0 auid=0 ses=1 subj=system_u:system_r:kernel_t:s0 msg='op=PAM:session_open acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' type=CRED_ACQ msg=audit(1325968839.354:30): user pid=717 uid=0 auid=0 ses=1 subj=system_u:system_r:kernel_t:s0 msg='op=PAM:setcred acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' type=USER_LOGIN msg=audit(1325968839.354:31): user pid=717 uid=0 auid=0 ses=1 subj=system_u:system_r:kernel_t:s0 msg='op=login id=0 exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' type=AVC msg=audit(1325968839.355:32): avc: denied { entrypoint } for pid=772 comm="login" path="/bin/bash" dev=sda4 ino=4738 scontext=unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023 tcontext=system_u:object_r:nfs_t:s0 tclass=file type=SYSCALL msg=audit(1325968839.355:32): arch=40000003 syscall=11 success=no exit=-13 a0=915c350 a1=bf9b7f0c a2=916a210 a3=916a210 items=0 ppid=717 pid=772 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty1 ses=1 comm="login" exe="/bin/login" subj =system_u:system_r:kernel_t:s0 key=(null) type=CRED_DISP msg=audit(1325968839.357:33): user pid=717 uid=0 auid=0 ses=1 subj=system_u:system_r:kernel_t:s0 msg='op=PAM:setcred acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' type=USER_END msg=audit(1325968839.357:34): user pid=717 uid=0 auid=0 ses=1 subj=system_u:system_r:kernel_t:s0 msg='op=PAM:session_close acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' type=SERVICE_STOP msg=audit(1325968839.402:35): user pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 msg=': comm="getty@tty1" exe="/bin/systemd" hostname=? addr=? terminal=? res=success' type=SERVICE_START msg=audit(1325968839.430:36): user pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 msg=': comm="getty@tty1" exe="/bin/systemd" hostname=? addr=? terminal=? res=success' this is instead a complete boot with a successful login (enforcing=0) on tty1 followed by another login on tty2: type=DAEMON_START msg=audit(1326231482.408:1629): auditd start, ver=2.1.3 format=raw kernel=3.1.6-1.fc16.i686 auid=4294967295 pid=627 res=success type=SERVICE_START msg=audit(1326231482.649:3): user pid=1 uid=0 auid=4294967295 ses=4294967295 msg=': comm="sshd-keygen" exe="/bin/systemd" hostname=? addr=? terminal=? res=success' type=SERVICE_START msg=audit(1326231482.651:4): user pid=1 uid=0 auid=4294967295 ses=4294967295 msg=': comm="sshd" exe="/bin/systemd" hostname=? addr=? terminal=? res=success' type=NETFILTER_CFG msg=audit(1326231482.853:5): table=filter family=2 entries=4 type=SYSCALL msg=audit(1326231482.853:5): arch=40000003 syscall=102 success=yes exit=0 a0=e a1=bfefc860 a2=7f9868 a3=88d6170 items=0 ppid=625 pid=685 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables-restor" exe="/sbin/xtables-multi" key=(null) type=SERVICE_START msg=audit(1326231482.917:6): user pid=1 uid=0 auid=4294967295 ses=4294967295 msg=': comm="iptables" exe="/bin/systemd" hostname=? addr=? terminal=? res=success' type=NETFILTER_CFG msg=audit(1326231482.932:7): table=filter family=10 entries=0 type=SYSCALL msg=audit(1326231482.932:7): arch=40000003 syscall=128 success=yes exit=0 a0=8b06898 a1=1090 a2=8b06820 a3=0 items=0 ppid=698 pid=700 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/sbin/modprobe" key=(null) type=SERVICE_START msg=audit(1326231482.956:8): user pid=1 uid=0 auid=4294967295 ses=4294967295 msg=': comm="sendmail" exe="/bin/systemd" hostname=? addr=? terminal=? res=success' type=NETFILTER_CFG msg=audit(1326231482.939:9): table=filter family=10 entries=4 type=SYSCALL msg=audit(1326231482.939:9): arch=40000003 syscall=102 success=yes exit=0 a0=e a1=bffe9ef0 a2=471bec a3=903f170 items=0 ppid=624 pid=691 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables-resto" exe="/sbin/xtables-multi" key=(null) type=SERVICE_START msg=audit(1326231482.987:10): user pid=1 uid=0 auid=4294967295 ses=4294967295 msg=': comm="netfs" exe="/bin/systemd" hostname=? addr=? terminal=? res=success' type=SERVICE_START msg=audit(1326231483.013:11): user pid=1 uid=0 auid=4294967295 ses=4294967295 msg=': comm="ip6tables" exe="/bin/systemd" hostname=? addr=? terminal=? res=success' type=SERVICE_START msg=audit(1326231483.016:12): user pid=1 uid=0 auid=4294967295 ses=4294967295 msg=': comm="systemd-user-sessions" exe="/bin/systemd" hostname=? addr=? terminal=? res=success' type=SERVICE_START msg=audit(1326231483.018:13): user pid=1 uid=0 auid=4294967295 ses=4294967295 msg=': comm="getty@tty1" exe="/bin/systemd" hostname=? addr=? terminal=? res=success' type=SYSTEM_BOOT msg=audit(1326231483.050:14): user pid=713 uid=0 auid=4294967295 ses=4294967295 msg='init: exe="/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success' type=SYSTEM_RUNLEVEL msg=audit(1326231483.061:15): user pid=713 uid=0 auid=4294967295 ses=4294967295 msg='old-level=N new-level=3: exe="/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success' type=SERVICE_START msg=audit(1326231483.066:16): user pid=1 uid=0 auid=4294967295 ses=4294967295 msg=': comm="systemd-update-utmp-runlevel" exe="/bin/systemd" hostname=? addr=? terminal=? res=success' type=SERVICE_STOP msg=audit(1326231483.066:17): user pid=1 uid=0 auid=4294967295 ses=4294967295 msg=': comm="systemd-update-utmp-runlevel" exe="/bin/systemd" hostname=? addr=? terminal=? res=success' type=SERVICE_START msg=audit(1326231483.120:18): user pid=1 uid=0 auid=4294967295 ses=4294967295 msg=': comm="sm-client" exe="/bin/systemd" hostname=? addr=? terminal=? res=success' type=SERVICE_START msg=audit(1326231493.004:19): user pid=1 uid=0 auid=4294967295 ses=4294967295 msg=': comm="systemd-readahead-done" exe="/bin/systemd" hostname=? addr=? terminal=? res=success' type=SERVICE_STOP msg=audit(1326231493.004:20): user pid=1 uid=0 auid=4294967295 ses=4294967295 msg=': comm="systemd-readahead-done" exe="/bin/systemd" hostname=? addr=? terminal=? res=success' type=USER_AUTH msg=audit(1326231495.723:21): user pid=717 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' type=USER_ACCT msg=audit(1326231495.723:22): user pid=717 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' type=LOGIN msg=audit(1326231495.724:23): login pid=717 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1 type=USER_START msg=audit(1326231495.741:24): user pid=717 uid=0 auid=0 ses=1 msg='op=PAM:session_open acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' type=CRED_ACQ msg=audit(1326231495.742:25): user pid=717 uid=0 auid=0 ses=1 msg='op=PAM:setcred acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' type=USER_LOGIN msg=audit(1326231495.742:26): user pid=717 uid=0 auid=0 ses=1 msg='op=login id=0 exe="/bin/login" hostname=? addr=? terminal=tty1 res=success' type=SERVICE_START msg=audit(1326231983.551:27): user pid=1 uid=0 auid=4294967295 ses=4294967295 msg=': comm="getty@tty2" exe="/bin/systemd" hostname=? addr=? terminal=? res=success' type=USER_AUTH msg=audit(1326231986.670:28): user pid=749 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication acct="root" exe="/bin/login" hostname=? addr=? terminal=tty2 res=success' type=USER_ACCT msg=audit(1326231986.671:29): user pid=749 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct="root" exe="/bin/login" hostname=? addr=? terminal=tty2 res=success' type=LOGIN msg=audit(1326231986.671:30): login pid=749 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=2 type=USER_START msg=audit(1326231986.687:31): user pid=749 uid=0 auid=0 ses=2 msg='op=PAM:session_open acct="root" exe="/bin/login" hostname=? addr=? terminal=tty2 res=success' type=CRED_ACQ msg=audit(1326231986.687:32): user pid=749 uid=0 auid=0 ses=2 msg='op=PAM:setcred acct="root" exe="/bin/login" hostname=? addr=? terminal=tty2 res=success' type=USER_LOGIN msg=audit(1326231986.688:33): user pid=749 uid=0 auid=0 ses=2 msg='op=login id=0 exe="/bin/login" hostname=? addr=? terminal=tty2 res=success'
[mass update] kernel-3.3.0-4.fc16 has been pushed to the Fedora 16 stable repository. Please retest with this update.