-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/31/2011 05:17 PM, Dave Mitchell wrote: > I just tried to upgrade a F13 system to F14 using preupgrade. > It seemed to go well, but I was getting a lot of AVC denials for NM > and polkitd, and NM wasn't working properly. So I tried a 'touch > /.autorelabel' and reboot. It seemed to work, but now I can't login. Any > login attempt (via gdm or F2 console) immediately logs me back out again. > > /var/log/messages shows, for a console login as root: > > SELinux is preventing /bin/login from entrypoint access on the file /bin/bash > > and for a GUI-based login: > > SELinux is preventing /usr/libexec/gdm-session-worker from entrypoint access on the file /usr/bin/gnome-keyring/daemon > SELinux is preventing /usr/libexec/gdm-session-worker from entrypoint access on the file /etc/X11/xinit/Xsession > > I can boot single user okay. > > I ran 'fixfiles restore' to relabel again and rebooted, and it made no > difference. > > By comparing with a similar but un-upgraded (ie F13) working host, I > found that the following are the same on both hosts: > > # ls -lZ /bin/login > -rwxr-xr-x. root root system_u:object_r:login_exec_t:s0 /bin/login > > # ls -lZ /bin/bash > -rwxr-xr-x. root root system_u:object_r:shell_exec_t:s0 /bin/bash > > Policy is the same apart from changes in ethereal and spamd: > > # sesearch --allow --neverallow --auditallow --dontaudit --type \ > --role_allow --role_trans --range_trans \ > | sort | egrep -v'ethereal|spam[cd]' > > # sestatus > SELinux status: enabled > SELinuxfs mount: /selinux > Current mode: enforcing > Mode from config file: enforcing > Policy version: 24 > Policy from config file: targeted > > While the two systems give the following: > > # rpm -q selinux-policy > selinux-policy-3.7.19-101.fc13.noarch # F13 host > selinux-policy-3.9.7-40.fc14.noarch # F14 borked host > > At this point I've exhausted my meager understanding of selinux. > > Any suggestions? > Thanks. > It is an upgrade bug. https://bugzilla.redhat.com/show_bug.cgi?id=702865#c13 explains how to fix it. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk3mPk8ACgkQrlYvE4MpobOiIQCggCBOdDhAJSfF6VQcNHBV/jK9 t/0An3HukI2lrdRG9F1BRec1X2+tVw4t =vF+e -----END PGP SIGNATURE----- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines