Denied { search } mingetty and can't log in

Emeric Maschino maschino at jouy.inra.fr
Tue Jan 10 09:49:34 UTC 2006 

Hi,

I've just installed a clean Fedora Core development IA-64 (Itanium
systems) on the second HDD of my hp workstation zx6000. During the
installation of selinux-policy-targeted 2.1.7-3, the following messages
are recorded in the logs. I don't know if they're relevant to my problem
with mingetty however (see below):

libsemanage.dbase_policydb_list: out of memory
libsemanage.semanage_exec_prog: Child process /usr/sbin/genhomedircon
did not exit cleanly.
libsemanage.semanage_install_sandbox: genhomedircon returned error code
-1.
semodule:  Failed!

Forcing reinstall or trying to install a different policy (e.g. selinux-
policy-mls) gives the same result.

At reboot, I can't log in to my system because of something going wrong
with mingetty. The following line is repeated a huge number of times:

avc:  denied  { search } for  pid=553 comm="mingetty" name="/" dev=tmpfs
ino=977 scontext=system_u:system_r:getty_t:s0
tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir

Relabeling the whole file system with touch /.autorelabel or fixfiles
relabel didn't help.

Sure, I can log in in permissive mode. I can't see the message regarding
mingetty, but I'm getting a few other denials. If it can help
understanding what's going wrong, here they are:

avc:  denied  { execmod } for  pid=380 comm="rc.sysinit" name="bash"
dev=dm-0 ino=3371812 scontext=system_u:system_r:initrc_t:s0
tcontext=system_u:object_r:shell_exec_t:s0 tclass=file

avc:  denied  { execmod } for  pid=389 comm="awk" name="gawk" dev=dm-0
ino=3371818 scontext=system_u:system_r:initrc_t:s0
tcontext=system_u:object_r:bin_t:s0 tclass=file

avc:  denied  { execmod } for  pid=409 comm="start_udev" name="bash"
dev=dm-0 ino=3371812 scontext=system_u:system_r:udev_t:s0-s0:c0.c255
tcontext=system_u:object_r:shell_exec_t:s0 tclass=file

avc:  denied  { execmod } for  pid=412 comm="awk" name="gawk" dev=dm-0
ino=3371818 scontext=system_u:system_r:udev_t:s0-s0:c0.c255
tcontext=system_u:object_r:bin_t:s0 tclass=file

avc:  denied  { execmod } for  pid=559 comm="sh" name="bash" dev=dm-0
ino=3371812 scontext=system_u:system_r:insmod_t:s0-s0:c0.c255
tcontext=system_u:object_r:shell_exec_t:s0 tclass=file

avc:  denied  { execmod } for  pid=1519 comm="S10network" name="bash"
dev=dm-0 ino=3371812 scontext=system_u:system_r:initrc_t:s0
tcontext=system_u:object_r:shell_exec_t:s0 tclass=file

avc:  denied  { execmod } for  pid=1607 comm="awk" name="gawk" dev=dm-0
ino=3371818 scontext=system_u:system_r:initrc_t:s0
tcontext=system_u:object_r:bin_t:s0 tclass=file

avc:  denied  { execmod } for  pid=1728 comm="dhclient-script"
name="bash" dev=dm-0 ino=3371812 scontext=system_u:system_r:dhcpc_t:s0
tcontext=system_u:object_r:shell_exec_t:s0 tclass=file

avc:  denied  { execmod } for  pid=1741 comm="awk" name="gawk" dev=dm-0
ino=3371818 scontext=system_u:system_r:dhcpc_t:s0
tcontext=system_u:object_r:bin_t:s0 tclass=file

I'm running kernel 2.6.15-1.1826.2.5_FC5 with the following SELinux
components: checkpolicy 1.28-4, libselinux 1.29.4-1, libsepol 1.11.7-1,
libsetrans 0.1.15-1, selinux-policy 2.1.7-3 and selinux-policy-targeted
2.1.7-3 (hope I don't forget one).

If I can try something to help correct these problems on the IA-64
architecture, just let me know.

Thanks,

   Émeric

More information about the selinux mailing list