SELinux is preventing /bin/login...access on the file /bin/bash

jackson byers byersjab at gmail.com
Mon Dec 12 19:59:50 UTC 2011 

David Quiqley responded
> It looks like your backup didn't backup the security labels. How did
> you make the back up? The way to get labels set back properly would be
> to book the kernel in permissive by adding enforcing=0 to the kernel
> command line. Note that this is different from selinux=0 which disables
> selinux completely. Then once you're in touch /.autorelabel and reboot.
> You might want to reboot with enforcing=0 once more just to make sure
> that it can relabel all of the files properly. If you're still having
> problems after that feel free to contact the fedora-selinux list and
> we'll work on figuring out your problem.


I used: [rbu, a rsync-based backup tool,by Vincent Stemen]
I have used this many times in the past few years,
but I have no idea as to how it treats security labels.

using enforcing=0 on kernel line first actually
allowed me a console login!
the first time I have been able to get this far on sdc7.
But still no graphical login.

did
"touch /.autorelabel and reboot"

I think I had to hit power button to get me out of the hung "reboot".
Then on a fresh boot, got the relabeling message,
but shortly thereafter gobs of errors
something like:
   I/O error  dev sdc, sector ....
   Buffer I/O error on device sdc7, logical block .....

relabeling did not finish.

powered off, retried, same thing.

Is it worth retrying with "selinux=0" ?

selinux=0 might get me beyond some of the SELinux messages seeing now
in /mnt/sdc7/var/log/messages
on the enforcing=0 relabel attempt:

Dec 12 09:21:45 f14 setroubleshoot: SELinux is preventing
/usr/bin/gnome-keyring-daemon from execute access on the file
/usr/lib/libgp11.so.0.0.0. For complete SELinux messages. run sealert
-l 002238c6-caee-47cc-9171-e386f12e4835
Dec 12 09:21:46 f14 setroubleshoot: SELinux is preventing
/usr/bin/gnome-keyring-daemon from write access on the directory /tmp.
For complete SELinux messages. run sealert -l
378e7a2f-1049-4c45-866d-0b6a31ab5389
Dec 12 09:21:46 f14 setroubleshoot: SELinux is preventing
/usr/bin/gnome-keyring-daemon from write access on the directory /tmp.
For complete SELinux messages. run sealert -l
378e7a2f-1049-4c45-866d-0b6a31ab5389
Dec 12 09:21:48 f14 setroubleshoot: SELinux is preventing
/usr/bin/gnome-keyring-daemon from write access on the directory /tmp.
For complete SELinux messages. run sealert -l
378e7a2f-1049-4c45-866d-0b6a31ab5389
Dec 12 09:21:50 f14 setroubleshoot: SELinux is preventing
/usr/bin/gnome-keyring-daemon from write access on the directory
keyring-mE977h. For complete SELinux messages. run sealert -l
cdbe2e62-2d9b-4d1c-837c-9c72bd525589
Dec 12 09:21:52 f14 setroubleshoot: SELinux is preventing
/usr/bin/gnome-keyring-daemon from write access on the directory
keyring-mE977h. For complete SELinux messages. run sealert -l
cdbe2e62-2d9b-4d1c-837c-9c72bd525589
Dec 12 09:21:54 f14 setroubleshoot: SELinux is preventing
/usr/bin/gnome-keyring-daemon from write access on the directory
keyring-mE977h. For complete SELinux messages. run sealert -l
cdbe2e62-2d9b-4d1c-837c-9c72bd525589
Dec 12 09:21:58 f14 setroubleshoot: SELinux is preventing /bin/bash
from open access on the file meminfo. For complete SELinux messages.
run sealert -l 1aed83e0-d742-4d8d-9c9b-bfcfd5b86af4
Dec 12 09:22:07 f14 setroubleshoot: [avc.ERROR] Plugin Exception
catchall_labels #012Traceback (most recent call last):#012  File
"/usr/lib/python2.7/site-packages/setroubleshoot/analyze.py", line
191, in analyze_avc#012    report = plugin.analyze(avc)#012  File
"/usr/share/setroubleshoot/plugins/catchall_labels.py", line 53, in
analyze#012    return self.report(avc.allowed_target_types())#012
File "/usr/lib/python2.7/site-packages/setroubleshoot/audit_data.py",
line 669, in allowed_target_types#012    return map(lambda x:
x[TCONTEXT], sesearch([ALLOW], {SCONTEXT: self.scontext.type, CLASS:
self.tclass, PERMS: self.access}))#012  File
"/usr/lib/python2.7/site-packages/setroubleshoot/sesearch/__init__.py",
line 30, in sesearch#012    dict_list =
_sesearch.search(info)#012SystemError: NULL object passed to
Py_BuildValue
Dec 12 09:22:07 f14 setroubleshoot: SELinux is preventing
/usr/bin/xrdb from execute_no_trans access on the file /usr/bin/xrdb.
For complete SELinux messages. run sealert -l
f44e6e2e-db92-483b-92aa-004f142d938c
Dec 12 09:22:08 f14 setroubleshoot: SELinux is preventing
/usr/bin/xrdb from connectto access on the unix_stream_socket
@/tmp/.X11-unix/X0. For complete SELinux messages. run sealert -l
c216a0c9-4075-47e9-b43d-829d3c02a318
Dec 12 09:22:08 f14 setroubleshoot: SELinux is preventing
/usr/bin/xrdb from open access on the file database. For complete
SELinux messages. run sealert -l 45bc9443-60ff-4797-9ea8-6f3f7700d179
Dec 12 09:22:10 f14 setroubleshoot: SELinux is preventing /bin/bash
from read access on the directory /etc/X11/xinit/xinitrc.d. For
complete SELinux messages. run sealert -l
a8f67e30-0144-4b5a-942a-f02e398e381f
Dec 12 09:22:11 f14 setroubleshoot: SELinux is preventing
/bin/dbus-daemon from create access on the netlink_selinux_socket
Unknown. For complete SELinux messages. run sealert -l
bfa2016d-ce06-4c83-bd7f-a8a40a3405f9


...more of similar



Jack

More information about the users mailing list