On 04/11/2012 12:01 PM, Braden McDaniel wrote: > I have a Fedora 16 box where something seems to have gone sideways with > SELinux. I am unable to log into the box with SELinux enabled. I see > messages in /var/log/messages that look like this: > > Apr 11 02:40:06 rail setroubleshoot: SELinux is preventing > /usr/libexec/accounts-daemon from name_connect access on the tcp_socket . > For complete SELinux messages. run sealert -l > aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:40:06 rail setroubleshoot: > SELinux is preventing /usr/libexec/accounts-daemon from name_connect access > on the tcp_socket . For complete SELinux messages. run sealert -l > aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:40:07 rail setroubleshoot: > SELinux is preventing /usr/libexec/accounts-daemon from name_connect access > on the tcp_socket . For complete SELinux messages. run sealert -l > aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:40:10 rail setroubleshoot: > SELinux is preventing /usr/libexec/accounts-daemon from name_connect access > on the tcp_socket . For complete SELinux messages. run sealert -l > aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:40:26 rail setroubleshoot: > SELinux is preventing /usr/libexec/accounts-daemon from name_connect access > on the tcp_socket . For complete SELinux messages. run sealert -l > aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:40:58 rail setroubleshoot: > SELinux is preventing /usr/libexec/accounts-daemon from name_connect access > on the tcp_socket . For complete SELinux messages. run sealert -l > aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:42:02 rail setroubleshoot: > SELinux is preventing /usr/libexec/accounts-daemon from name_connect access > on the tcp_socket . For complete SELinux messages. run sealert -l > aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:42:02 rail setroubleshoot: > SELinux is preventing /usr/libexec/accounts-daemon from name_connect access > on the tcp_socket . For complete SELinux messages. run sealert -l > aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:42:02 rail setroubleshoot: > SELinux is preventing /usr/libexec/accounts-daemon from name_connect access > on the tcp_socket . For complete SELinux messages. run sealert -l > aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:42:06 rail setroubleshoot: > SELinux is preventing /usr/libexec/accounts-daemon from name_connect access > on the tcp_socket . For complete SELinux messages. run sealert -l > aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:42:14 rail setroubleshoot: > SELinux is preventing /usr/libexec/accounts-daemon from name_connect access > on the tcp_socket . For complete SELinux messages. run sealert -l > aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:42:30 rail setroubleshoot: > SELinux is preventing /usr/libexec/accounts-daemon from name_connect access > on the tcp_socket . For complete SELinux messages. run sealert -l > aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:43:02 rail setroubleshoot: > SELinux is preventing /usr/libexec/accounts-daemon from name_connect access > on the tcp_socket . For complete SELinux messages. run sealert -l > aeded892-dec1-4e6d-87ce-7c10a4e42e2b > > I tried doing a full relabel; but that had no noticeable effect. If I boot > to single user mode and disable SELinux (via /etc/selinux/config), I'm able > to log in and things appear to be functional. Well, with the caveat that > the suggestion in the message to run sealert yields this: > > # sealert -l aeded892-dec1-4e6d-87ce-7c10a4e42e2b Opps, sealert hit an > error! > > Traceback (most recent call last): File "/usr/bin/sealert", line 668, in > <module> proxy_obj = bus.get_object(dbus_system_bus_name, > dbus_system_object_path) File > "/usr/lib/python2.7/site-packages/dbus/bus.py", line 244, in get_object > follow_name_owner_changes=follow_name_owner_changes) File > "/usr/lib/python2.7/site-packages/dbus/proxies.py", line 241, in __init__ > self._named_service = conn.activate_name_owner(bus_name) File > "/usr/lib/python2.7/site-packages/dbus/bus.py", line 183, in > activate_name_owner self.start_service_by_name(bus_name) File > "/usr/lib/python2.7/site-packages/dbus/bus.py", line 281, in > start_service_by_name 'su', (bus_name, flags))) File > "/usr/lib/python2.7/site-packages/dbus/connection.py", line 630, in > call_blocking message, timeout) DBusException: > org.freedesktop.DBus.Error.Spawn.ChildExited: Launch helper exited with > unknown return code 3 > > Any idea what happened here and how I might actually fix it? > What does ausearch -m avc -ts recent show? -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org