FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 05-31-2011, 09:17 PM
Dave Mitchell
 
Default F13->F14 upgrade + relabel = logins hosed: entrypoint access denied

I just tried to upgrade a F13 system to F14 using preupgrade.
It seemed to go well, but I was getting a lot of AVC denials for NM
and polkitd, and NM wasn't working properly. So I tried a 'touch
/.autorelabel' and reboot. It seemed to work, but now I can't login. Any
login attempt (via gdm or F2 console) immediately logs me back out again.

/var/log/messages shows, for a console login as root:

SELinux is preventing /bin/login from entrypoint access on the file /bin/bash

and for a GUI-based login:

SELinux is preventing /usr/libexec/gdm-session-worker from entrypoint access on the file /usr/bin/gnome-keyring/daemon
SELinux is preventing /usr/libexec/gdm-session-worker from entrypoint access on the file /etc/X11/xinit/Xsession

I can boot single user okay.

I ran 'fixfiles restore' to relabel again and rebooted, and it made no
difference.

By comparing with a similar but un-upgraded (ie F13) working host, I
found that the following are the same on both hosts:

# ls -lZ /bin/login
-rwxr-xr-x. root root system_ubject_r:login_exec_t:s0 /bin/login

# ls -lZ /bin/bash
-rwxr-xr-x. root root system_ubject_r:shell_exec_t:s0 /bin/bash

Policy is the same apart from changes in ethereal and spamd:

# sesearch --allow --neverallow --auditallow --dontaudit --type
--role_allow --role_trans --range_trans
| sort | egrep -v'ethereal|spam[cd]'

# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted

While the two systems give the following:

# rpm -q selinux-policy
selinux-policy-3.7.19-101.fc13.noarch # F13 host
selinux-policy-3.9.7-40.fc14.noarch # F14 borked host

At this point I've exhausted my meager understanding of selinux.

Any suggestions?
Thanks.

--
In economics, the exam questions are the same every year.
They just change the answers.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 03:58 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org