On 07/14/2014 01:12 PM, Steve Lawrence wrote: > Ah, interesting. We saw that problem a long time ago, but couldn't > reproduce it and it disappeared. Though I'm still unable to reproduce it > following your steps. I can still login and seusers is labeled > selinux_config_t. I'll keep looking into this. > > I've also rebased/pushed #integration onto #next. # Revert to stock F20 SELinux userspace and policy. yum reinstall checkpolicy* libsepol* libsemanage* libselinux* policycoreutils* selinux-policy-targeted # Clear prior source/CIL policy store. rm -rf /var/lib/selinux # Reboot to ensure systemd and friends are using the new policy. reboot # Reset selinux and cil to latest sources cd selinux git clean -fdx git fetch origin git reset --hard origin/integration cd ../cil git clean -fdx git fetch origin git reset --hard origin/master # Build and install new userspace cd .. ln -sf ../../cil selinux/libsepol/cil make -C selinux LIBDIR=/usr/lib64 SHLIBDIR=/lib64 install install-pywrap relabel # Convert ./selinux/libsemanage/utils/semanage_migrate_etc_to_var.py Try to login on console or via ssh: Unable to get valid context for sds. dmesg | grep systemd [ 343.739985] systemd[1]: SELinux policy denies access. [ 348.256030] systemd[1]: SELinux policy denies access. [ 376.335248] systemd[1]: SELinux policy denies access. [ 376.515343] systemd[1]: SELinux policy denies access. restorecon -R /etc/selinux/targeted Try to login again, hangs for a long time before finally succeeding. reboot Everything is happy. 100% reproducible, every time. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
