I got hit by something somewhat similar this morning on another
machine. It was also recently updated from F8 to F10 and it had
selinux turned on and in an enforcing mode. Up to now everything
looked like it should but this morning the system got updates to
selinux-policy-3.5.13-38.fc10.noarch
selinux-policy-targeted-3.5.13-38.fc10.noarch
After that every attempt to login was producing
"Unable to get valid context for <whomever>" on every account this
was tried (root only locally).
There are no log traces from failed attempts to log in locally but
for similar tries over ssh one can find in /var/log/secure:
sshd[9945]: Accepted password for .... port 24443 ssh2
sshd[9945]: pam_unix(sshd:session): session opened for user .... by (uid=0)
sshd[9945]: pam_selinux(sshd:session): Security context
unconfined_u:system_r:logrotate_t:s0-s0:c0.c1023 is not allowed for
unconfined_u:system_r:logrotate_t:s0-s0:c0.c1023
sshd[9945]: pam_selinux(sshd:session): Unable to get valid context for ....
sshd[9945]: error: PAM: pam_open_session(): Authentication failure
sshd[9945]: error: ssh_selinux_setup_pty: security_compute_relabel: Invalid argument
Looks familiar?
As this was in an enforcing mode then you just cannot login on a console
or over a network.
Luckily just a reboot via a power switch "fixed" the situation and so far the
whole setup seems to be in a working order. The only "sealert" message
I can find in logs between selinux-policy updates and reboot is of that
sort:
SELinux is preventing rpcbind (rpcbind_t) "search" to ./bin (bin_t).
....
Source Context system_u:system_r:rpcbind_t:s0
Target Context system_u:object_r:bin_t:s0
Target Objects ./bin [ dir ]
Source rpcbind
Source Path /sbin/rpcbind
....
and this was "cured" by a reboot too.
Michal