Please help me in resolving this issue

Daniel J Walsh dwalsh at redhat.com
Tue Aug 18 13:22:09 UTC 2015 

What is the path to the login program?  What is it labeled?  The problem
is login is running with the wrong context.

It should be labeled login_exec_t

grep :login_exec_t /etc/selinux/targeted/contexts/files/file_contexts
/bin/login    --    system_u:object_r:login_exec_t:s0
/usr/bin/login    --    system_u:object_r:login_exec_t:s0
/usr/kerberos/sbin/login\.krb5    --    system_u:object_r:login_exec_t:s0


init_t is supposed to transition to local_login_t when executing the
login program.

On 08/18/2015 06:17 AM, Srinivasa Rao Ragolu wrote:
> Hi Daniel,
>
> Thanks for quick reply. Please find first time boot log with lableling
> and reboot.
>
> Also find second time boot log when I created /.autorelablel.
>
> Somehow I could not able to login as root. 
>
> Your help is really appriciated.
>
> Thanks,
> Srinivas.
>
> On Tue, Aug 18, 2015 at 6:16 PM, Daniel J Walsh <dwalsh at redhat.com
> <mailto:dwalsh at redhat.com>> wrote:
>
>     Looks like you have a labeling issue.
>
>     touch /.autorelabel; reboot
>
>     Should fix the issues.
>
>
>
>     On 08/18/2015 04:53 AM, Srinivasa Rao Ragolu wrote:
>>     Hi All,
>>
>>     I have very new to selinux. Today I have ported selinux to my
>>     embedded platform with targeted policy+enforcing.
>>
>>     When I try to boot, it completes labeling filesystem. But I could
>>     not able to login using root.. See my error log...
>>
>>     /*arm-cortex-a15 login: root*/
>>     /*Last login: Tue Aug 18 11:36:58 UTC 2015 on console*/
>>     /*Would you like to enter a security context? [N]  Y*/
>>     /*role: unconfined_r*/
>>     /*level: s0*/
>>     /*[ 1252.885468] type=1400 audit(1439898856.140:13): avc:  denied
>>      { transition } for  pid=1120 comm="login" path="/bin/bash"
>>     dev="mmcblk0" ino=58115 scontext=system_u:system_r:init_t:s0
>>     tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process*/
>>     /*[ 1252.887219] type=1400 audit(1439898856.140:14): avc:  denied
>>      { transition } for  pid=1120 comm="login" path="/bin/bash"
>>     dev="mmcblk0" ino=58115 scontext=system_u:system_r:init_t:s0
>>     tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process*/
>>     /*Cannot execute /bin/sh: Permission denied*/
>>     /*
>>     */
>>     /*MontaVista Carrier Grade Linux 7.0.0 arm-cortex-a15 /dev/console*/
>>     /*
>>     */
>>     /*arm-cortex-a15 login:*/
>>     /*
>>     */
>>     Please help me.. How can I solve this issue and achieve normal boot.
>>
>>
>>     Thanks,
>>     Srinivas.
>>
>>
>>     --
>>     selinux mailing list
>>     selinux at lists.fedoraproject.org
>>     <mailto:selinux at lists.fedoraproject.org>
>>     https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
>
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20150818/dcb0140f/attachment.html>

More information about the selinux mailing list