On Wed, Jun 01, 2011 at 09:27:44AM -0400, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 05/31/2011 05:17 PM, Dave Mitchell wrote:
I just tried to upgrade a F13 system to F14 using preupgrade. It seemed to go well, but I was getting a lot of AVC denials for NM and polkitd, and NM wasn't working properly. So I tried a 'touch /.autorelabel' and reboot. It seemed to work, but now I can't login. Any login attempt (via gdm or F2 console) immediately logs me back out again.
/var/log/messages shows, for a console login as root:
SELinux is preventing /bin/login from entrypoint access on the file /bin/bash
and for a GUI-based login:
SELinux is preventing /usr/libexec/gdm-session-worker from entrypoint access on the file /usr/bin/gnome-keyring/daemon SELinux is preventing /usr/libexec/gdm-session-worker from entrypoint access on the file /etc/X11/xinit/Xsession
I can boot single user okay.
I ran 'fixfiles restore' to relabel again and rebooted, and it made no difference.
By comparing with a similar but un-upgraded (ie F13) working host, I found that the following are the same on both hosts:
# ls -lZ /bin/login -rwxr-xr-x. root root system_u:object_r:login_exec_t:s0 /bin/login
# ls -lZ /bin/bash -rwxr-xr-x. root root system_u:object_r:shell_exec_t:s0 /bin/bash
Policy is the same apart from changes in ethereal and spamd:
# sesearch --allow --neverallow --auditallow --dontaudit --type \ --role_allow --role_trans --range_trans \ | sort | egrep -v'ethereal|spam[cd]'
# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 24 Policy from config file: targeted
While the two systems give the following:
# rpm -q selinux-policy selinux-policy-3.7.19-101.fc13.noarch # F13 host selinux-policy-3.9.7-40.fc14.noarch # F14 borked host
At this point I've exhausted my meager understanding of selinux.
Any suggestions? Thanks.
It is an upgrade bug.
https://bugzilla.redhat.com/show_bug.cgi?id=702865#c13
explains how to fix it.
That fixed it, thanks.