Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora User (http://www.linux-archive.org/fedora-user/)
-   -   F13->F14 upgrade + relabel = logins hosed: entrypoint access denied (http://www.linux-archive.org/fedora-user/533305-f13-f14-upgrade-relabel-logins-hosed-entrypoint-access-denied.html)

Dave Mitchell 05-31-2011 09:17 PM

F13->F14 upgrade + relabel = logins hosed: entrypoint access denied
 
I just tried to upgrade a F13 system to F14 using preupgrade.
It seemed to go well, but I was getting a lot of AVC denials for NM
and polkitd, and NM wasn't working properly. So I tried a 'touch
/.autorelabel' and reboot. It seemed to work, but now I can't login. Any
login attempt (via gdm or F2 console) immediately logs me back out again.

/var/log/messages shows, for a console login as root:

SELinux is preventing /bin/login from entrypoint access on the file /bin/bash

and for a GUI-based login:

SELinux is preventing /usr/libexec/gdm-session-worker from entrypoint access on the file /usr/bin/gnome-keyring/daemon
SELinux is preventing /usr/libexec/gdm-session-worker from entrypoint access on the file /etc/X11/xinit/Xsession

I can boot single user okay.

I ran 'fixfiles restore' to relabel again and rebooted, and it made no
difference.

By comparing with a similar but un-upgraded (ie F13) working host, I
found that the following are the same on both hosts:

# ls -lZ /bin/login
-rwxr-xr-x. root root system_u:object_r:login_exec_t:s0 /bin/login

# ls -lZ /bin/bash
-rwxr-xr-x. root root system_u:object_r:shell_exec_t:s0 /bin/bash

Policy is the same apart from changes in ethereal and spamd:

# sesearch --allow --neverallow --auditallow --dontaudit --type
--role_allow --role_trans --range_trans
| sort | egrep -v'ethereal|spam[cd]'

# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted

While the two systems give the following:

# rpm -q selinux-policy
selinux-policy-3.7.19-101.fc13.noarch # F13 host
selinux-policy-3.9.7-40.fc14.noarch # F14 borked host

At this point I've exhausted my meager understanding of selinux.

Any suggestions?
Thanks.

--
In economics, the exam questions are the same every year.
They just change the answers.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


All times are GMT. The time now is 07:10 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.