FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 06-22-2011, 06:05 PM
Daniel J Walsh
 
Default Serious problem: boot + systemd + luks + selinux + autorelabel = poop

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/20/2011 10:20 PM, Genes MailLists wrote:
> Sure could use some experts to help me fix this. touching /.autorelabel
> on F15 leads to a horrible situation.
>
> Doing this seems to fail because /run is read-only - and so autorelabel
> never completes - leaving the .autorelabel flag and leaving perpetual
> poop on each reboot.
>
> Booting the machine in this state is possible but very very difficult.
>
> systemd and luks seems to have a problem when things dont go as expected
> - in particular removing rhgb confuses systemd into a terrible state -
> it prints text prompts for luks password but never waits for an answer -
> it also attempts to ask plymouth to do graphical prompt for luks which
> you dont see without some carefully timed series of ESC key presses to
> flip it on and off ... and only in single user mode - perhaps systemd
> does more in multi user mode and gets more confused.
>
> Details:
>
> F15 installed on sandy bridge laptop with i915 intel graphics. The
> laptop has luks encyrpted swap and /home but not /.
>
> I did a "touch /.autorelabel" and rebooted - poo rained upon me in large
> amounts ... very large :-(
>
> At some point the relabel ended and it booted but screen was hung at the
> white balloon. I wasn't watching the relabelling process so ... Hard
> reset - and reboot again.
>
> The machine now hangs during every boot - it hangs with the blue screen
> + balloon - and it no longer gives me the plymouth graphical luks
> password prompt.
>
> Hard reset - reboot removing rhgb and quiet -
>
> I see error:
>
> Unable to fix label of /run: read-only file system.
>
> in red text and it is clearly is trying to finish the relabeling and
> failing on /run.
>
> I see multiple text password prompts for luks password - but it
> doesn't stop - it keeps going - says something about 'forwarding to
> plymouth'.
>
> typing in the luks password into the text console has no effect.
>
> I repeated above but in single user with selinux=0 - now same as
> above - but if I type password and also toggle ESC enough times the
> balloon will eventually show password prompt. Toggling ESC again leads
> me back to text single user prompt.
>
> I can now exit single user and it comes up in multi user mode with
> graphical login.
>
> There is some magic timing to get the series of ESC toggles to get a
> luks password prompt otherwise the just machine hangs.
>
> (a) I dont think graphical prompts should be used in text boot.
>
> (b) systemd needs to wait for the password to be typed in.
>
> (c) what can I do to get the relabel to finish - every boot it keeps
> trying - the /.autorelable file is never removed.
>
> I can no longer boot except doing the above contortions in single user
> + ESC key flipping to get luks password in.
>
> Am very open to ideas how to fix this ... if i remove the
> .autorelabel I assume things will go back to the way they were - but
> clearly there are some issues here.
>
> thanks for any guidance
>
> gene
Boot with enforcing=0 Should allow you to complete the relabel and
remove /.autorelabel

I would then login and yum -y update

And also run restorecon -R -v /var

To make sure everything is ok.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk4CLvUACgkQrlYvE4MpobOhCgCfVY9fWKDF4M FxM/u5l04TmPku
BLYAoJvdbr/nfC1HXbfK71mE22LqTTza
=hWtA
-----END PGP SIGNATURE-----
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-22-2011, 06:17 PM
Genes MailLists
 
Default Serious problem: boot + systemd + luks + selinux + autorelabel = poop

On 06/22/2011 02:05 PM, Daniel J Walsh wrote:

> Boot with enforcing=0 Should allow you to complete the relabel and
> remove /.autorelabel
>
> I would then login and yum -y update
>
> And also run restorecon -R -v /var
>
> To make sure everything is ok.
>
>
>

Hi Dan and thanks for your comments.

I tried enforcing=0 selinux=0 (and rhgb removed)

But systemd made life very difficult getting in the luks passwords. I
can't remember now if the /run read-only error was there or not doing
that but I think so.

I suspect systemd needs to not use plymouth in multiuser target with no
rhgb to retrieve luks password info.

I can try again this eve - with enforcing = 0 the relabel will still be
done ? Machine is already fully updated (and now has 3.0 kernel + some
other bits).

I logged this epistle here:

https://bugzilla.redhat.com/show_bug.cgi?id=715313


Thanks again ... will report back





--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-22-2011, 06:20 PM
Daniel J Walsh
 
Default Serious problem: boot + systemd + luks + selinux + autorelabel = poop

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/22/2011 02:17 PM, Genes MailLists wrote:
> On 06/22/2011 02:05 PM, Daniel J Walsh wrote:
>
>> Boot with enforcing=0 Should allow you to complete the relabel and
>> remove /.autorelabel
>>
>> I would then login and yum -y update
>>
>> And also run restorecon -R -v /var
>>
>> To make sure everything is ok.
>>
>>
>>
>
> Hi Dan and thanks for your comments.
>
> I tried enforcing=0 selinux=0 (and rhgb removed)
>
> But systemd made life very difficult getting in the luks passwords. I
> can't remember now if the /run read-only error was there or not doing
> that but I think so.
>
> I suspect systemd needs to not use plymouth in multiuser target with no
> rhgb to retrieve luks password info.
>
> I can try again this eve - with enforcing = 0 the relabel will still be
> done ? Machine is already fully updated (and now has 3.0 kernel + some
> other bits).
>
> I logged this epistle here:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=715313
>
>
> Thanks again ... will report back
>
>
>
>
>
Do just enforcing=0 and not selinux=0, Without rhgb it just waits for
you to enter the password.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk4CMlMACgkQrlYvE4MpobOzXQCfemX1cjDafR 5A0jJYdkgVW/kT
Dg4An0bUsKBAFWzS0MF/9IMg2cyiIBZH
=MHU9
-----END PGP SIGNATURE-----
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-22-2011, 06:25 PM
Genes MailLists
 
Default Serious problem: boot + systemd + luks + selinux + autorelabel = poop

On 06/22/2011 02:20 PM, Daniel J Walsh wrote:

>
>
> Do just enforcing=0 and not selinux=0,

Okidok - will do.

> Without rhgb it just waits for
> you to enter the password.
>
>
>

No it doesn't actually - it keeps prompting several times without
stopping in the textual terminal - and then starts plymouth anyway -

typing in the text window is completely or partly ignored (or missed)
and in my case plymouth starts but shows balloon not the luks password
unlock graphic - pressing ESC a few times toggles and if you're very
lucky you can get a plymouth password graphic - however - I was only
able to do this in single user - multi user seems systemd got busy with
other things and hangs eventually.

Things may be better now with 3.0 kernel .. I'll let you know this eve!

I'm mighty glad root is not encrypted or this machine would be toast.

Thanks

gene
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-27-2011, 02:52 AM
Genes MailLists
 
Default Serious problem: boot + systemd + luks + selinux + autorelabel = poop

On 06/22/2011 02:05 PM, Daniel J Walsh wrote:

>> gene
> Boot with enforcing=0 Should allow you to complete the relabel and
> remove /.autorelabel
>
> I would then login and yum -y update
>
> And also run restorecon -R -v /var
>
> To make sure everything is ok.
>
>

Thanks Dan - sorry took a while to get back - just found time to do this:

Ok this seems to have worked - I was still dropped into emergency mode
after relabel finished - at least I assume it finished as the
.autorelable file was removed.

Now there is one quirk - I assume this has to be unrelated to relabel
(am still in permissive mode) and rather due to update - sealert is
failing to run now:

% sealatert

Opps, sealert hit an error!

Traceback (most recent call last):
File "/usr/bin/sealert", line 692, in <module>
run_as_dbus_service(username)
File "/usr/bin/sealert", line 112, in run_as_dbus_service
app = SEAlert(user, dbus_service.presentation_manager,
watch_setroubleshootd=True)
File "/usr/bin/sealert", line 326, in __init__
from setroubleshoot.browser import BrowserApplet
File "/usr/lib64/python2.7/site-packages/setroubleshoot/browser.py",
line 46, in <module>
import report.io.GTKIO
ImportError: No module named GTKIO


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-27-2011, 03:08 AM
Genes MailLists
 
Default Serious problem: boot + systemd + luks + selinux + autorelabel = poop

On 06/26/2011 10:52 PM, Genes MailLists wrote:
> No module named GTKIO

Seems to be this bug:


https://bugzilla.redhat.com/show_bug.cgi?id=715373

However that is talking about rawhide - and I am on F15

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-27-2011, 10:20 AM
Daniel J Walsh
 
Default Serious problem: boot + systemd + luks + selinux + autorelabel = poop

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/26/2011 11:08 PM, Genes MailLists wrote:
> On 06/26/2011 10:52 PM, Genes MailLists wrote:
>> No module named GTKIO
>
> Seems to be this bug:
>
>
> https://bugzilla.redhat.com/show_bug.cgi?id=715373
>
> However that is talking about rawhide - and I am on F15
>
This is a bug, introduced by a new version of libreport which took away
functionality required by setroubleshoot and python-meh. Unrelated to
your other problem, and I will refrain from commenting on my frustration
with this bug. :^( But this should never happen in a released OS.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk4IWWYACgkQrlYvE4MpobML7ACeJK3UefDY3c XaM+Kj3zMbfjJD
/W8AoOfn/L8qoMtsPf6A0KQgq0H7Rygd
=bp47
-----END PGP SIGNATURE-----
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-27-2011, 11:48 AM
Genes MailLists
 
Default Serious problem: boot + systemd + luks + selinux + autorelabel = poop

On 06/27/2011 06:20 AM, Daniel J Walsh wrote:
> On 06/26/2011 11:08 PM, Genes MailLists wrote:
>> On 06/26/2011 10:52 PM, Genes MailLists wrote:
>>> No module named GTKIO
>
>> Seems to be this bug:
>
>
>> https://bugzilla.redhat.com/show_bug.cgi?id=715373
>
>> However that is talking about rawhide - and I am on F15
>
> This is a bug, introduced by a new version of libreport which took away
> functionality required by setroubleshoot and python-meh. Unrelated to
> your other problem, and I will refrain from commenting on my frustration
> with this bug. :^( But this should never happen in a released OS.

Understood - and sorry - I know how that feels. Hopefully will get
sorted out :-)

FYI - miroslav is commenting on my original bz:


https://bugzilla.redhat.com/show_bug.cgi?id=715313


Just to keep things connected.

Gene/


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 05:24 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org