Bonjour,
I have just upgraded an f23 to f26, keeping the home partition.
selinux blocks the user log-in: when I try to log in, lightdm shows my login name, but when I enter my password, the process aborts and I go back to the lightdm login screen....
If I disable selinux, I can login.
What to do: permanentely disable selinux?
Thank you.
On 11/08/2017 04:34 PM, François Patte wrote:
Bonjour,
I have just upgraded an f23 to f26, keeping the home partition.
selinux blocks the user log-in: when I try to log in, lightdm shows my login name, but when I enter my password, the process aborts and I go back to the lightdm login screen....
If I disable selinux, I can login.
You jumped for 3 releases. If you do this you should also fix labels on that system. To do that please do follow:
# fixfiles onboot # reboot
And after reboot you should be able to login in Enforcing state.
What to do: permanentely disable selinux?
Of course not. https://stopdisablingselinux.com/
Lukas.
Thank you.
users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org
On Wed, 8 Nov 2017 16:46:09 +0100 Lukas Vrabec wrote:
Of course not. https://stopdisablingselinux.com/
Or, for the devil's advocate viewpoint:
On 11/08/2017 04:34 PM, François Patte wrote:
Bonjour,
I have just upgraded an f23 to f26, keeping the home partition.
selinux blocks the user log-in: when I try to log in, lightdm shows my login name, but when I enter my password, the process aborts and I go back to the lightdm login screen....
Been there, seen that dozens of times.
If I disable selinux, I can login.
What to do: permanentely disable selinux?
Try to initiate relabeling.
The probably easiest way to do so is: 1. Reboot 2. Wait for the grub menu to appear, select the kernel you want to boot and press "e" (edit). 3. Scroll down to the line beginning with linux* (e.g. linux16 or linuxefi) and append "selinux=0" (without the '"') to it. 4. Press Ctrl-x (boot)
Now the machine should boot with selinux being disabled.
When the machine is up, reboot again.
SELinux now should be reenabled and the filesystem be automatically relabeled.
In the cases I encountered this had helped.
Ralf
On 8 November 2017 at 12:23, Ralf Corsepius rc040203@freenet.de wrote:
On 11/08/2017 04:34 PM, François Patte wrote:
Bonjour,
I have just upgraded an f23 to f26, keeping the home partition.
selinux blocks the user log-in: when I try to log in, lightdm shows my login name, but when I enter my password, the process aborts and I go back to the lightdm login screen....
Try touch ./autorelabel
When this happens it means that your SELinux label is incorrect for /etc/shadow
You can try to perform restorecron -R /etc/shadow
On 11/08/2017 07:26 PM, Earl A Ramirez wrote:
On 8 November 2017 at 12:23, Ralf Corsepius <rc040203@freenet.de mailto:rc040203@freenet.de> wrote:
On 11/08/2017 04:34 PM, François Patte wrote: Bonjour, I have just upgraded an f23 to f26, keeping the home partition. selinux blocks the user log-in: when I try to log in, lightdm shows my login name, but when I enter my password, the process aborts and I go back to the lightdm login screen....Try touch ./autorelabel
You can't touch /.autorelabel, when you can't log-in ;)
When this happens it means that your SELinux label is incorrect for /etc/shadow
Or /etc/ssh ;)
You can try to perform restorecron -R /etc/shadow
You also can't do this when you can't log-in.
Ralf
Am 9. November 2017 05:01:44 MEZ schrieb Ralf Corsepius rc040203@freenet.de:
On 11/08/2017 07:26 PM, Earl A Ramirez wrote:
On 8 November 2017 at 12:23, Ralf Corsepius <rc040203@freenet.de mailto:rc040203@freenet.de> wrote:
On 11/08/2017 04:34 PM, François Patte wrote: Bonjour, I have just upgraded an f23 to f26, keeping the homepartition.
selinux blocks the user log-in: when I try to log in, lightdm shows my login name, but when I enter my password, the process abortsand
I go back to the lightdm login screen....Try touch ./autorelabel
You can't touch /.autorelabel, when you can't log-in ;)
When this happens it means that your SELinux label is incorrect for /etc/shadow
Or /etc/ssh ;)
You can try to perform restorecron -R /etc/shadow
You also can't do this when you can't log-in.
Ralf
You should still be able to log in as root an a text console
On 11/09/2017 05:26 AM, Dirk Gottschalk wrote:
Am 9. November 2017 05:01:44 MEZ schrieb Ralf Corsepius rc040203@freenet.de:
On 11/08/2017 07:26 PM, Earl A Ramirez wrote:
On 8 November 2017 at 12:23, Ralf Corsepius <rc040203@freenet.de mailto:rc040203@freenet.de> wrote:
On 11/08/2017 04:34 PM, François Patte wrote: Bonjour, I have just upgraded an f23 to f26, keeping the homepartition.
selinux blocks the user log-in: when I try to log in, lightdm shows my login name, but when I enter my password, the process abortsand
I go back to the lightdm login screen....Try touch ./autorelabel
You can't touch /.autorelabel, when you can't log-in ;)
When this happens it means that your SELinux label is incorrect for /etc/shadow
Or /etc/ssh ;)
You can try to perform restorecron -R /etc/shadow
You also can't do this when you can't log-in.
Ralf
You should still be able to log in as root an a text console
True, in most cases this is still possible - But I've also tripped occasions, when even this wasn't possible anymore.
Ralfl
On 11/09/2017 05:35 AM, Joe Zeff wrote:
On 11/08/2017 08:01 PM, Ralf Corsepius wrote:
You can't touch /.autorelabel, when you can't log-in ;)
You can always boot into rescue mode, touch /.autorelabel and reboot.
Actually, I have never used rescue mode and have never found it useful for anything ;)
Ralf
On 11/08/2017 09:09 PM, Ralf Corsepius wrote:
On 11/09/2017 05:35 AM, Joe Zeff wrote:
On 11/08/2017 08:01 PM, Ralf Corsepius wrote:
You can't touch /.autorelabel, when you can't log-in ;)
You can always boot into rescue mode, touch /.autorelabel and reboot.
Actually, I have never used rescue mode and have never found it useful for anything ;)
I've never had to use it, but I'd certainly give it a try for something like this, or boot into what used to be called runlevel 1. Failing that, I'd boot from a LiveUSB, mount the root partition, cd to it and touch .autorelabel. Then, I'd reboot without the USB in and let it relabel things.
On 11/08/2017 11:06 PM, Joe Zeff wrote:
On 11/08/2017 09:09 PM, Ralf Corsepius wrote:
On 11/09/2017 05:35 AM, Joe Zeff wrote:
On 11/08/2017 08:01 PM, Ralf Corsepius wrote:
You can't touch /.autorelabel, when you can't log-in ;)
You can always boot into rescue mode, touch /.autorelabel and reboot.
Actually, I have never used rescue mode and have never found it useful for anything ;)
I've never had to use it, but I'd certainly give it a try for something like this, or boot into what used to be called runlevel 1. Failing that, I'd boot from a LiveUSB, mount the root partition, cd to it and touch .autorelabel. Then, I'd reboot without the USB in and let it relabel things.
Just boot, bugger the boot line in grub to disable selinux for THIS one boot, and boot it into run level 2. Log in as root at the console, "touch /.autorelabel", reboot again and wait for the autorelabel to complete. Job done. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@alldigital.com - - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - - - - If Windows isn't a virus, then it sure as hell is a carrier! - ----------------------------------------------------------------------
-
Dirk Gottschalk -
Earl A Ramirez -
François Patte -
Joe Zeff -
Lukas Vrabec -
Ralf Corsepius -
Rick Stevens -
Tom Horsley