On Wed, Jun 01, 2011 at 09:27:44AM -0400, Daniel J Walsh wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 05/31/2011 05:17 PM, Dave Mitchell wrote: > > I just tried to upgrade a F13 system to F14 using preupgrade. > > It seemed to go well, but I was getting a lot of AVC denials for NM > > and polkitd, and NM wasn't working properly. So I tried a 'touch > > /.autorelabel' and reboot. It seemed to work, but now I can't login. Any > > login attempt (via gdm or F2 console) immediately logs me back out again. > > > > /var/log/messages shows, for a console login as root: > > > > SELinux is preventing /bin/login from entrypoint access on the file /bin/bash > > > > and for a GUI-based login: > > > > SELinux is preventing /usr/libexec/gdm-session-worker from entrypoint access on the file /usr/bin/gnome-keyring/daemon > > SELinux is preventing /usr/libexec/gdm-session-worker from entrypoint access on the file /etc/X11/xinit/Xsession > > > > I can boot single user okay. > > > > I ran 'fixfiles restore' to relabel again and rebooted, and it made no > > difference. > > > > By comparing with a similar but un-upgraded (ie F13) working host, I > > found that the following are the same on both hosts: > > > > # ls -lZ /bin/login > > -rwxr-xr-x. root root system_u:object_r:login_exec_t:s0 /bin/login > > > > # ls -lZ /bin/bash > > -rwxr-xr-x. root root system_u:object_r:shell_exec_t:s0 /bin/bash > > > > Policy is the same apart from changes in ethereal and spamd: > > > > # sesearch --allow --neverallow --auditallow --dontaudit --type \ > > --role_allow --role_trans --range_trans \ > > | sort | egrep -v'ethereal|spam[cd]' > > > > # sestatus > > SELinux status: enabled > > SELinuxfs mount: /selinux > > Current mode: enforcing > > Mode from config file: enforcing > > Policy version: 24 > > Policy from config file: targeted > > > > While the two systems give the following: > > > > # rpm -q selinux-policy > > selinux-policy-3.7.19-101.fc13.noarch # F13 host > > selinux-policy-3.9.7-40.fc14.noarch # F14 borked host > > > > At this point I've exhausted my meager understanding of selinux. > > > > Any suggestions? > > Thanks. > > > It is an upgrade bug. > > https://bugzilla.redhat.com/show_bug.cgi?id=702865#c13 > > explains how to fix it. That fixed it, thanks. -- Music lesson: a symbiotic relationship whereby a pupil's embellishments concerning the amount of practice performed since the last lesson are rewarded with embellishments from the teacher concerning the pupil's progress over the corresponding period. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
