login - Error in service module

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I am running Fedora 8 in  run level 5. SELinux is enabled.

When I <ctl><alt><F[1-6]> to a virtual console I get the text login screen
I enter a username and password (either root or any normal user)
I press enter, and get a message "Error in service module"
The screen clears and returns to login.

If I disable SELinux with setenforce 0 this does not happen.

[root@confianza ~]# uname -a
Linux confianza 2.6.26.5-28.fc8 #1 SMP Sat Sep 20 09:12:30 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux

in /var/log/messages I get
Oct 
6 15:37:21 localhost setroubleshoot: SELinux is preventing login
(local_login_t) "read" to ./limits.conf (var_log_t). For complete
SELinux messages. run sealert -l 5f8baee3-51a7-4c91-bb95-2499cf6e0f6f

So as recommended I ran 
[root@confianza log]# sealert -l 5f8baee3-51a7-4c91-bb95-2499cf6e0f6f

Summary:

SELinux is preventing login (local_login_t) "read" to ./limits.conf (var_log_t).

Detailed Description:

SELinux denied access requested by login. It is not expected that this access is
required by login and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for ./limits.conf,

restorecon -v './limits.conf'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:local_login_t:s0-s0:c0.c1023
Target Context                system_u:object_r:var_log_t:s0
Target Objects                ./limits.conf [ file ]
Source                        login
Source Path                   /bin/login
Port                          <Unknown>
Host                          confianza
Source RPM Packages           util-linux-ng-2.13.1-2.fc8
Target RPM Packages          
Policy RPM                    selinux-policy-3.0.8-117.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall_file
Host Name                     confianza
Platform                      Linux confianza 2.6.26.5-28.fc8 #1 SMP Sat Sep 20
                              09:12:30 EDT 2008 x86_64 x86_64
Alert Count                   1
First Seen                    Mon Oct  6 15:37:21 2008
Last Seen                     Mon Oct  6 15:37:21 2008
Local ID                      5f8baee3-51a7-4c91-bb95-2499cf6e0f6f
Line Numbers                  

Raw Audit Messages            

host=confianza
type=AVC msg=audit(1223325441.857:129): avc:  denied  { read } for 
pid=4909 comm="login" name="limits.conf" dev=sda6 ino=1177254
scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_log_t:s0 tclass=file

host=confianza
type=SYSCALL msg=audit(1223325441.857:129): arch=c000003e syscall=2
success=no exit=-13 a0=7ff9a3aeb786 a1=0 a2=1b6 a3=0 items=0 ppid=1
pid=4909 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=tty2 ses=4294967295 comm="login" exe="/bin/login"
subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 key=(null)



I check /etc/security/limits.conf
[root@confianza security]# ls -Z limits.conf
-rw-r--r--  root root system_u:object_r:var_log_t:s0   limits.conf

I try to relabel
[root@confianza security]# restorecon -v './limits.conf'
restorecon reset ./limits.conf context system_u:object_r:var_log_t:s0->system_u:object_r:etc_t:s0

Doesn't help

I read the FAQ at http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
I read the man page for  audit2allow and I don't get it.

Has anyone run into this before? How do I fix it without having to disable SELinux?

Thanks for your help

Dennis K


      ¡Todo sobre Amor y Sexo!
La guía completa para tu vida en Mujer de Hoy.                       
http://mx.mujer.yahoo.com/

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux