SELinux is preventing /bin/login...access on the file /bin/bash
David Quigley
selinux at davequigley.com
Mon Dec 12 12:30:30 UTC 2011
It looks like your backup didn't backup the security labels. How did
you make the back up? The way to get labels set back properly would be
to book the kernel in permissive by adding enforcing=0 to the kernel
command line. Note that this is different from selinux=0 which disables
selinux completely. Then once you're in touch /.autorelabel and reboot.
You might want to reboot with enforcing=0 once more just to make sure
that it can relabel all of the files properly. If you're still having
problems after that feel free to contact the fedora-selinux list and
we'll work on figuring out your problem.
Dave
On 12/11/2011 16:40, jackson byers wrote:
> A new thread, was "F14 login fails on backup copy; gdm error?"
>
> Symptoms still same:
> I have a working F14 [call it F14usb8] on sda8 on my external usb.
>
> I made a backup copy onto my 2nd scsi disk, seen as sdc7 [call it
> F14sdc7]
> This was preparation for using it for preupgrade to F16.
>
> Booting F14sdc7 at first looks normal.
> But I am unable to log in.
>
>
> new data, re selinux, from /mnt/sdc7/var/log/messages
>
> Dec 10 10:49:45 f14 kernel: [ 99.305929] Xorg:1655 freeing invalid
> memtype f88e8000-f88f8000
> Dec 10 10:49:45 f14 kernel: [ 99.305954] Xorg:1655 freeing invalid
> memtype f88f8000-f8908000
>
> Dec 10 10:49:47 f14 setroubleshoot: SELinux is preventing /bin/login
> from entrypoint access on the file /usr/bin/gnome-keyring-da
> emon. For complete SELinux messages. run sealert -l
> 78e20e61-45c0-47c7-a7e5-760752d2ae93
> Dec 10 10:49:50 f14 setroubleshoot: SELinux is preventing /bin/login
> from entrypoint access on the file /etc/X11/xinit/Xsession.
> For complete SELinux messages. run sealert -l
> 78e20e61-45c0-47c7-a7e5-760752d2ae93
>
>
> Dec 10 10:49:51 f14 kernel: [ 105.540513] agpgart-intel
> 0000:00:00.0:
> AGP 2.0 bridge
> Dec 10 10:49:51 f14 kernel: [ 105.540538] agpgart-intel
> 0000:00:00.0:
> putting AGP V2 device into 1x mode
> Dec 10 10:49:51 f14 kernel: [ 105.540575] pci 0000:01:00.0: putting
> AGP V2 device into 1x mode
> Dec 10 10:49:51 f14 kernel: [ 105.565791] [drm] Initialized card for
> AGP DMA.
> Dec 10 10:49:54 f14 gdm-simple-greeter[1807]: Gtk-WARNING:
> gtkwidget.c:5691: widget not within a GtkWindow
> Dec 10 10:49:55 f14 gdm-simple-greeter[1807]: WARNING: Unable to load
> CK history: no seat-id found
> Dec 10 10:50:25 f14 init[1]: getty at tty2.service holdoff time over,
> scheduling restart.
> Dec 10 10:50:34 f14 setroubleshoot: SELinux is preventing /bin/login
> from entrypoint access on the file /bin/bash. For complete S
> ELinux messages. run sealert -l 78e20e61-45c0-47c7-a7e5-760752d2ae93
> Dec 10 10:50:39 f14 init[1]: getty at tty2.service holdoff time over,
> scheduling restart.
> Dec 10 10:50:40 f14 setroubleshoot: SELinux is preventing /bin/login
> from entrypoint access on the file /bin/bash. For complete SELinux
> messages. run sealert -l 78e20e61-45c0-47c7-a7e5-760752d2ae93
> Dec 10 10:51:00 f14 init[1]: getty at tty2.service holdoff time over,
> scheduling restart.
> Dec 10 10:51:08 f14 setroubleshoot: SELinux is preventing /bin/login
> from entrypoint access on the file /bin/bash. For complete SELinux
> messages. run sealert -l 78e20e61-45c0-47c7-a7e5-760752d2ae93
> Dec 10 10:51:16 f14 init[1]: getty at tty2.service holdoff time over,
> scheduling restart.
> Dec 10 10:51:18 f14 setroubleshoot: SELinux is preventing /bin/login
> from entrypoint access on the file /bin/bash. For complete SELinux
> messages. run sealert -l 78e20e61-45c0-47c7-a7e5-760752d2ae93
>
> Since I can't login I can't run sealert
>
> reboot next day
> Dec 11 11:45:48 f14 kernel: imklog 4.6.3, log source = /proc/kmsg
> started.
>
> again, same messages on this attempt,
> again, can't login
>
> dec 11 boot:
> Some avc: denied
> root at f14 audit]# pwd
> /mnt/sdc7/var/log/audit
> root at f14 audit]# tail -40 audit.log |grep -i avc
> type=AVC msg=audit(1323632980.320:84): avc: denied { entrypoint }
> for pid=1891 comm="gdm-session-wor"
> path="/usr/bin/gnome-keyring-daemon" dev=sdc7 ino=1025156
> scontext=unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023
> tcontext=unconfined_u:object_r:file_t:s0 tclass=file
> type=AVC msg=audit(1323632980.726:87): avc: denied { entrypoint }
> for pid=1898 comm="gdm-session-wor" path="/etc/X11/xinit/Xsession"
> dev=sdc7 ino=801827
> scontext=unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023
> tcontext=unconfined_u:object_r:file_t:s0 tclass=file
> type=AVC msg=audit(1323633022.407:98): avc: denied { entrypoint }
> for pid=1998 comm="login" path="/bin/bash" dev=sdc7 ino=817623
> scontext=unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023
> tcontext=unconfined_u:object_r:file_t:s0 tclass=file
> type=AVC msg=audit(1323633059.916:110): avc: denied { entrypoint }
> for pid=2020 comm="login" path="/bin/bash" dev=sdc7 ino=817623
> scontext=unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023
> tcontext=unconfined_u:object_r:file_t:s0 tclass=file
> [root at f14 audit]#
>
> I don't know how to interpret any of selinux messages.
> Is it possible selinux is preventing login?
>
> Jack
More information about the users
mailing list