FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

LinkBack Thread Tools
Old 05-31-2011, 09:17 PM
Dave Mitchell
Default F13->F14 upgrade + relabel = logins hosed: entrypoint access denied

I just tried to upgrade a F13 system to F14 using preupgrade.
It seemed to go well, but I was getting a lot of AVC denials for NM
and polkitd, and NM wasn't working properly. So I tried a 'touch
/.autorelabel' and reboot. It seemed to work, but now I can't login. Any
login attempt (via gdm or F2 console) immediately logs me back out again.

/var/log/messages shows, for a console login as root:

SELinux is preventing /bin/login from entrypoint access on the file /bin/bash

and for a GUI-based login:

SELinux is preventing /usr/libexec/gdm-session-worker from entrypoint access on the file /usr/bin/gnome-keyring/daemon
SELinux is preventing /usr/libexec/gdm-session-worker from entrypoint access on the file /etc/X11/xinit/Xsession

I can boot single user okay.

I ran 'fixfiles restore' to relabel again and rebooted, and it made no

By comparing with a similar but un-upgraded (ie F13) working host, I
found that the following are the same on both hosts:

# ls -lZ /bin/login
-rwxr-xr-x. root root system_ubject_r:login_exec_t:s0 /bin/login

# ls -lZ /bin/bash
-rwxr-xr-x. root root system_ubject_r:shell_exec_t:s0 /bin/bash

Policy is the same apart from changes in ethereal and spamd:

# sesearch --allow --neverallow --auditallow --dontaudit --type
--role_allow --role_trans --range_trans
| sort | egrep -v'ethereal|spam[cd]'

# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted

While the two systems give the following:

# rpm -q selinux-policy
selinux-policy-3.7.19-101.fc13.noarch # F13 host
selinux-policy-3.9.7-40.fc14.noarch # F14 borked host

At this point I've exhausted my meager understanding of selinux.

Any suggestions?

In economics, the exam questions are the same every year.
They just change the answers.
users mailing list
To unsubscribe or change subscription options:
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Thread Tools

All times are GMT. The time now is 03:58 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org