Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 19/20 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 16th June 2008, 12:00 AM
jak56 Offline
Registered User
 
Join Date: Jun 2008
Posts: 2
SELinux prevents login after FC9 upgrade

I recently upgraded to FC9, and now I can't log in when in ENFORCED mode. After I try logging in through gdm, the display resets and bounces me back to gdm. Running in permissive mode works, but generated tons of avc warnings.

This is some of what I get out of /var/log/messages in enforced mode:

kernel: type=1400 audit(1213566724.606:74): avc: denied { getattr } for pid=2371 comm="unix_chkpwd" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:system_chkpwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=filesystem
kernel: type=1400 audit(1213566727.162:75): avc: denied { getattr } for pid=2373 comm="unix_chkpwd" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:system_chkpwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=filesystem
kernel: type=1400 audit(1213566727.173:76): avc: denied { getattr } for pid=2374 comm="unix_chkpwd" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:system_chkpwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=filesystem
kernel: type=1400 audit(1213566727.515:80): avc: denied { entrypoint } for pid=2382 comm="gdm-session-wor" path="/usr/bin/gnome-keyring-daemon" dev=dm-0 ino=4983698 scontext=user_u:system_r:system_chkpwd_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
kernel: type=1400 audit(1213566727.664:81): avc: denied { entrypoint } for pid=2383 comm="gdm-session-wor" path="/etc/X11/xinit/Xsession" dev=dm-0 ino=7692962 scontext=user_u:system_r:system_chkpwd_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
kernel: type=1400 audit(1213566759.896:92): avc: denied { getattr } for pid=2458 comm="unix_chkpwd" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:system_chkpwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=filesystem
Reply With Quote
  #2  
Old 17th June 2008, 10:08 AM
SlowJet Offline
Registered User
 
Join Date: Jan 2005
Posts: 5,048
In a root term
# leave as permissive then do
touch /.autorelabel
reboot

After rebott apply updates with yum
yum update

After update relabel again
touch /.autorelabel
reboot

Check the avc messages.
Are they significantly reduced, different?
yes, try enforcing for awhile
setenforce 1

logout, logon
check avc ...

When things clear up change to enforcing vis semanage.

SJ
__________________
Do the Math
Reply With Quote
  #3  
Old 20th June 2008, 12:04 AM
jak56 Offline
Registered User
 
Join Date: Jun 2008
Posts: 2
Good idea, but I've already relabeled and updated twice ...

Is there any way I can blow away the policy files and re-install the FC9 default?
Reply With Quote
Reply

Tags
fc9, login, prevents, selinux, upgrade

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Selinux prevents wireless connection relayer Servers & Networking 0 24th January 2009 08:18 PM
selinux prevents change cron user jaynvt Security and Privacy 1 14th June 2008 12:25 PM
SELinux prevents logwatch email cwebster Security and Privacy 4 3rd June 2008 07:44 PM
SELinux prevents Squirrelmail from sending termdex Security and Privacy 1 2nd August 2006 12:21 PM


Current GMT-time: 18:49 (Wednesday, 23-04-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat