I got hit by something somewhat similar this morning on another machine. It was also recently updated from F8 to F10 and it had selinux turned on and in an enforcing mode. Up to now everything looked like it should but this morning the system got updates to selinux-policy-3.5.13-38.fc10.noarch selinux-policy-targeted-3.5.13-38.fc10.noarch After that every attempt to login was producing "Unable to get valid context for <whomever>" on every account this was tried (root only locally). There are no log traces from failed attempts to log in locally but for similar tries over ssh one can find in /var/log/secure: sshd[9945]: Accepted password for .... port 24443 ssh2 sshd[9945]: pam_unix(sshd:session): session opened for user .... by (uid=0) sshd[9945]: pam_selinux(sshd:session): Security context unconfined_u:system_r:logrotate_t:s0-s0:c0.c1023 is not allowed for unconfined_u:system_r:logrotate_t:s0-s0:c0.c1023 sshd[9945]: pam_selinux(sshd:session): Unable to get valid context for .... sshd[9945]: error: PAM: pam_open_session(): Authentication failure sshd[9945]: error: ssh_selinux_setup_pty: security_compute_relabel: Invalid argument Looks familiar? As this was in an enforcing mode then you just cannot login on a console or over a network. Luckily just a reboot via a power switch "fixed" the situation and so far the whole setup seems to be in a working order. The only "sealert" message I can find in logs between selinux-policy updates and reboot is of that sort: SELinux is preventing rpcbind (rpcbind_t) "search" to ./bin (bin_t). .... Source Context system_u:system_r:rpcbind_t:s0 Target Context system_u:object_r:bin_t:s0 Target Objects ./bin [ dir ] Source rpcbind Source Path /sbin/rpcbind .... and this was "cured" by a reboot too. Michal -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
