Rawhide install report - 20080414 (selinux too tight again)
G.Wolfe Woodbury
ggw at wolves.durham.nc.us
Tue Apr 15 19:10:58 UTC 2008
G.Wolfe Woodbury wrote:
> Daniel J Walsh wrote:
>> G.Wolfe Woodbury wrote:
>>> Daniel J Walsh wrote:
>>>> G.Wolfe Woodbury wrote:
>>>>> Today's rawhide (20080414) installs just fine (my problem before seems
>>>>> to have been a read error on the boot.iso).
>>>>> However, the post-firstboot system won't allow any logins (with a
>>>>> briefly flashed "no shell" notice on text console) until enforcing=0 is
>>>>> set on the boot command line and SELinux is set to permissive mode.
>>>>> it's starting to shape up to a decent release.
>>>> What avc's are you seeing? Please attach the audit.log.
>>> Here is the audit.log from the affected system, from firstboot to today.
>>> --
>>> G. Wolfe Woodbury
>> You are logging in as hotplug_t? Which is a mistake. Could you run
>> fixfiles restore on your machine to see if it is badly mislabeled?
>>
>> # rpm -q selinux-policy
>> # semanage user -l
>> # semanage login -l
>
> There are some strange contexts in /home - relabeling, will check after
> reboot on testbed machine.
Relabeling seems to have cured the incessant AVC reports. I suspect
that something changed in the SELinux package between the initial setup
of /home and the re-installation (preserving home) that made the system
think that the context was something else.
Does system-config-users need an enhancement to relabel" when a
pre-existing user is re-added to the system?
--
G.Wolfe Woodbury
More information about the fedora-test-list
mailing list