Re: SELinux preventing login (Fedora 16)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 04/11/2012 12:01 PM, Braden McDaniel wrote:
> I have a Fedora 16 box where something seems to have gone sideways with 
> SELinux.  I am unable to log into the box with SELinux enabled.  I see 
> messages in /var/log/messages that look like this:
> 
> Apr 11 02:40:06 rail setroubleshoot: SELinux is preventing
> /usr/libexec/accounts-daemon from name_connect access on the tcp_socket .
> For complete SELinux messages. run sealert -l
> aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:40:06 rail setroubleshoot:
> SELinux is preventing /usr/libexec/accounts-daemon from name_connect access
> on the tcp_socket . For complete SELinux messages. run sealert -l
> aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:40:07 rail setroubleshoot:
> SELinux is preventing /usr/libexec/accounts-daemon from name_connect access
> on the tcp_socket . For complete SELinux messages. run sealert -l
> aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:40:10 rail setroubleshoot:
> SELinux is preventing /usr/libexec/accounts-daemon from name_connect access
> on the tcp_socket . For complete SELinux messages. run sealert -l
> aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:40:26 rail setroubleshoot:
> SELinux is preventing /usr/libexec/accounts-daemon from name_connect access
> on the tcp_socket . For complete SELinux messages. run sealert -l
> aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:40:58 rail setroubleshoot:
> SELinux is preventing /usr/libexec/accounts-daemon from name_connect access
> on the tcp_socket . For complete SELinux messages. run sealert -l
> aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:42:02 rail setroubleshoot:
> SELinux is preventing /usr/libexec/accounts-daemon from name_connect access
> on the tcp_socket . For complete SELinux messages. run sealert -l
> aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:42:02 rail setroubleshoot:
> SELinux is preventing /usr/libexec/accounts-daemon from name_connect access
> on the tcp_socket . For complete SELinux messages. run sealert -l
> aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:42:02 rail setroubleshoot:
> SELinux is preventing /usr/libexec/accounts-daemon from name_connect access
> on the tcp_socket . For complete SELinux messages. run sealert -l
> aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:42:06 rail setroubleshoot:
> SELinux is preventing /usr/libexec/accounts-daemon from name_connect access
> on the tcp_socket . For complete SELinux messages. run sealert -l
> aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:42:14 rail setroubleshoot:
> SELinux is preventing /usr/libexec/accounts-daemon from name_connect access
> on the tcp_socket . For complete SELinux messages. run sealert -l
> aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:42:30 rail setroubleshoot:
> SELinux is preventing /usr/libexec/accounts-daemon from name_connect access
> on the tcp_socket . For complete SELinux messages. run sealert -l
> aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:43:02 rail setroubleshoot:
> SELinux is preventing /usr/libexec/accounts-daemon from name_connect access
> on the tcp_socket . For complete SELinux messages. run sealert -l
> aeded892-dec1-4e6d-87ce-7c10a4e42e2b
> 
> I tried doing a full relabel; but that had no noticeable effect.  If I boot
> to single user mode and disable SELinux (via /etc/selinux/config), I'm able
> to log in and things appear to be functional.  Well, with the caveat that
> the suggestion in the message to run sealert yields this:
> 
> # sealert -l aeded892-dec1-4e6d-87ce-7c10a4e42e2b Opps, sealert hit an
> error!
> 
> Traceback (most recent call last): File "/usr/bin/sealert", line 668, in
> <module> proxy_obj = bus.get_object(dbus_system_bus_name,
> dbus_system_object_path) File
> "/usr/lib/python2.7/site-packages/dbus/bus.py", line 244, in get_object 
> follow_name_owner_changes=follow_name_owner_changes) File
> "/usr/lib/python2.7/site-packages/dbus/proxies.py", line 241, in __init__ 
> self._named_service = conn.activate_name_owner(bus_name) File
> "/usr/lib/python2.7/site-packages/dbus/bus.py", line 183, in
> activate_name_owner self.start_service_by_name(bus_name) File
> "/usr/lib/python2.7/site-packages/dbus/bus.py", line 281, in
> start_service_by_name 'su', (bus_name, flags))) File
> "/usr/lib/python2.7/site-packages/dbus/connection.py", line 630, in
> call_blocking message, timeout) DBusException:
> org.freedesktop.DBus.Error.Spawn.ChildExited: Launch helper exited with
> unknown return code 3
> 
> Any idea what happened here and how I might actually fix it?
> 

What does
ausearch -m avc -ts recent
show?
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux