Bug 981738 - Shutdown and Reboot options in LXDE doesn't work after update to Fedora 19
Shutdown and Reboot options in LXDE doesn't work after update to Fedora 19
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
19
i686 Linux
unspecified Severity high
: ---
: ---
Assigned To: Miroslav Grepl
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-05 12:09 EDT by Alexander230
Modified: 2013-07-20 05:32 EDT (History)
6 users (show)

See Also:
Fixed In Version: selinux-policy-3.12.1-65.fc19
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-07-20 05:32:48 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Alexander230 2013-07-05 12:09:50 EDT
Description of problem:
Shutdown and Reboot options in LXDE doesn't work after update to Fedora 19. I've updated with fedup, and now Shutdown and Reboot buttons in LXDE shutdown menu do nothing. I can only reboot or shutdown from terminal.

Version-Release number of selected component (if applicable):
lxpanel 0.5.12

Steps to Reproduce:
1. Install Fedora 18 with LXDE.
2. Update to Fedora 19 with fedup.
3. Try to shutdown or reboot from menu.
Comment 1 Simone Sclavi 2013-07-12 17:29:39 EDT
I'me experiencing the same issue, I guess it's SELinux-related...after a failed shutdown journalctl says:

systemd[1]: SELinux policy denies access.
console-kit-daemon[606]: Failed to issue method call: Access denied

I don't know how to fix it, but as temporary workaround you can put SELinux into permissive mode
Comment 2 Ed Greshko 2013-07-13 02:53:49 EDT
The AVC for this is.....

type=USER_AVC msg=audit(1373698327.629:499): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  { start } for auid=-1 uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" scontext=system_u:system_r:consolekit_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
Comment 3 Christoph Wickert 2013-07-13 04:10:48 EDT
What version of selinux-policy-targeted is this?
Comment 4 Ed Greshko 2013-07-13 04:20:01 EDT
selinux-policy-targeted-3.12.1-62.fc19
Comment 5 Ed Greshko 2013-07-13 04:45:55 EDT
Also, just tested with selinux-policy-targeted-3.12.1-63.fc19 from koji.  Same results.....as expected.
Comment 6 Daniel Walsh 2013-07-15 17:44:14 EDT
Fixed in selinux-policy-3.12.1-64.fc19

I just checked in a fix for this into git.

b283fc8eb9f76eb33e51552ff7fc95c4c9a37577
Comment 7 Ed Greshko 2013-07-16 04:00:24 EDT
Still fails.....   

I was ssh'd into the system and tried a shutdown.  The terminal output.....

[root@f18x audit]# rpm -qa | grep ^selinux
selinux-policy-doc-3.12.1-64.fc19.noarch
selinux-policy-devel-3.12.1-64.fc19.noarch
selinux-policy-targeted-3.12.1-64.fc19.noarch
selinux-policy-3.12.1-64.fc19.noarch
[root@f18x audit]# 
Broadcast message from root@f18x (Tue 2013-07-16 15:58:09 CST):

The system is going down for power-off NOW!


[root@f18x audit]# cat audit.log
type=SERVICE_START msg=audit(1373961485.437:471): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="upower" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=USER_AVC msg=audit(1373961489.309:472): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  { start } for auid=-1 uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" scontext=system_u:system_r:consolekit_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'


And no shutdown occurred.
Comment 8 Fedora Update System 2013-07-17 07:52:23 EDT
selinux-policy-3.12.1-65.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-65.fc19
Comment 9 Ed Greshko 2013-07-17 08:08:54 EDT
That new version does fix the issue.....

I have one question.  During the update process I saw...

  Updating   : selinux-policy-3.12.1-65.fc19.noarch                           1/8 
  Updating   : selinux-policy-doc-3.12.1-65.fc19.noarch                       2/8 
  Updating   : selinux-policy-targeted-3.12.1-65.fc19.noarch                  3/8 
***
  Updating   : selinux-policy-devel-3.12.1-65.fc19.noarch                     4/8 

I don't recall ever seeing "***" during an update.  What is the meaning?
Comment 10 antonio montagnani 2013-07-17 10:28:36 EDT
Confirmed. It fixes the issue....
Comment 11 Miroslav Grepl 2013-07-17 11:39:37 EDT
(In reply to Ed Greshko from comment #7)
> Still fails.....   
> 
> I was ssh'd into the system and tried a shutdown.  The terminal output.....
> 
> [root@f18x audit]# rpm -qa | grep ^selinux
> selinux-policy-doc-3.12.1-64.fc19.noarch
> selinux-policy-devel-3.12.1-64.fc19.noarch
> selinux-policy-targeted-3.12.1-64.fc19.noarch
> selinux-policy-3.12.1-64.fc19.noarch
> [root@f18x audit]# 
> Broadcast message from root@f18x (Tue 2013-07-16 15:58:09 CST):
> 
> The system is going down for power-off NOW!
> 
> 
> [root@f18x audit]# cat audit.log
> type=SERVICE_START msg=audit(1373961485.437:471): pid=1 uid=0
> auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='
> comm="upower" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=?
> res=success'
> type=USER_AVC msg=audit(1373961489.309:472): pid=1 uid=0 auid=4294967295
> ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  { start }
> for auid=-1 uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target"
> scontext=system_u:system_r:consolekit_t:s0
> tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service 
> exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
> 
> 
> And no shutdown occurred.

#============= consolekit_t ==============

#!!!! This avc is allowed in the current policy
allow consolekit_t power_unit_file_t:service start;

You need to install the latest version.
Comment 12 Fedora Update System 2013-07-18 01:59:39 EDT
Package selinux-policy-3.12.1-65.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-65.fc19'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-13172/selinux-policy-3.12.1-65.fc19
then log in and leave karma (feedback).
Comment 13 Alexander230 2013-07-18 07:58:05 EDT
Fixed after updating selinux-policy from updates-testing.
Comment 14 Fedora Update System 2013-07-20 05:32:48 EDT
selinux-policy-3.12.1-65.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.