Re: SELinux is screwing me up!!!! Help!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2005-12-18 at 13:02 -0800, Daniel B. Thurman wrote:
> Folks,
> 
> I believe all of my problems started because I had backup
> and restored my filesystem and and *somehow* all or some
> of the selinux attributes may have been messed up.  Reading
> the selinux manual, it says that you can rebuild it by touching
> a file: /.autorelabel and reboot.  I did that, and I still have
> the same problem as before - nothing has changed.  I checked some
> of the file-permissions such as /bin/su and note that they are
> correct and other files and directory - so at first mini-check it
> all appears to be correct. The restore appears correct throughout
> on precursory checks.
> 
> The following are problem I am having....
> 
> 1) I cannot login as a non-root user!  I have 4 non-root user accounts
> and yet I cannot log into any of them except as root!
> 
> I get the following message when attempting to log in:
> 
>  ==========================================
>  Your session lasted less than 10 seconds. If you have not
>  logged out yourself, this could mean that there is some
>  installation problem or that you may be out of diskspace.
>  Try logging in with one of the failsafe sessions to see if
>  you can fix this problem.
> 
>  [] View details (~/.xsession-errors file)
>  ==========================================
> 
> then I get kicked out of the login session.
> 
> 2) As root user, when I `su - dant', I get this EVERY TIME:
> 
>  ==========================================
>   Your default context is: user_u:system_r:kernel_t.
> 
>   Do you want to want to choose a different one? [n]
>  ==========================================
> 
> chosing the default lets me in as this user.  Choosing 'n'
> gives me a list of context and choosing one lets me in.
> 
> 3) As root, I tried to create a non-root user:
> 
> # useradd joed
> 
> /var/log/message says:
> 
> type=USER_CHAUTHTOK msg=audit(1134936930.895:3557): user pid=19294 uid=0 auid=4294967295 msg='useradd: op=adding user acct=joed res=success'
> type=USER_CHAUTHTOK msg=audit(1134936930.895:3558): user pid=19294 uid=0 auid=4294967295 msg='useradd: op=adding home directory acct=joed res=success'
> type=AVC msg=audit(1134936931.415:3559): avc:  denied  { create } for  pid=19294 comm="useradd" name=".kde" scontext=root:system_r:kernel_t tcontext=user_u:object_r:user_home_t tclass=dir
> type=SYSCALL msg=audit(1134936931.415:3559): arch=40000003 syscall=39 success=no exit=-13 a0=bfde8bf0 a1=1ed a2=92f92ef a3=ffffffff items=1 pid=19294 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="useradd" exe="/usr/sbin/useradd"
> type=CWD msg=audit(1134936931.415:3559):  cwd="/root"
> type=PATH msg=audit(1134936931.415:3559): item=0 name="/home/joed/.kde" flags=10  inode=1245989 dev=03:02 mode=040755 ouid=511 ogid=512 rdev=00:00
> type=AVC msg=audit(1134936931.419:3560): avc:  denied  { create } for  pid=19294 comm="useradd" name="passwd+" scontext=root:system_r:kernel_t tcontext=system_u:object_r:etc_t tclass=file
> type=SYSCALL msg=audit(1134936931.419:3560): arch=40000003 syscall=5 success=no exit=-13 a0=bfde8f64 a1=8241 a2=1b6 a3=92f33b8 items=1 pid=19294 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="useradd" exe="/usr/sbin/useradd"
> type=CWD msg=audit(1134936931.419:3560):  cwd="/root"
> type=PATH msg=audit(1134936931.419:3560): item=0 name="/etc/passwd+" flags=310 inode=1212417 dev=03:02 mode=040755 ouid=0 ogid=0 rdev=00:00
> type=USER_CHAUTHTOK msg=audit(1134936931.419:3561): user pid=19294 uid=0 auid=4294967295 msg='useradd: op=adding user acct=joed res=failed'
> 
> 4) Cannot 'yum update' successfully and these are the errors I see:
> 
> Transaction Test Succeeded
> Running Transaction
>   Installing: arts                         ####################### [ 1/26]
> error: unpacking of archive failed on file /usr/bin/artscat: cpio: lsetfilecon
>   Installing: perl                         ####################### [ 2/26]
> error: unpacking of archive failed on file /usr/bin/a2p: cpio: lsetfilecon
>   Installing: cups-libs                    ####################### [ 3/26]
> error: unpacking of archive failed on file /usr/lib/libcups.so.2: cpio: lsetfilecon
> error: %pre(kdelibs-3.5.0-0.1.fc4.i386) scriptlet failed, exit status 255
> error:   install: %pre scriptlet failed (2), skipping kdelibs-3.5.0-0.1.fc4
>   Installing: kdebase                                              [ 5/26]warning: /etc/X11/xdm/kdmrc saved as /etc/X11/xdm/kdmrc.rpmorig
>   Installing: kdebase                      ####################### [ 5/26]
> error: unpacking of archive failed on file /etc/X11/xdm/kdmrc: cpio: lsetfilecon  Updating  : kdenetwork                   ####################### [ 6/26]
> error: unpacking of archive failed on file /etc/pam.d/kppp: cpio: lsetfilecon
>   Installing: kdebindings                  ####################### [ 7/26]
> error: unpacking of archive failed on file /usr/bin/embedjs: cpio: lsetfilecon
>   Updating  : kdemultimedia                ####################### [ 8/26]
> error: unpacking of archive failed on file /etc/xdg/menus/applications-merged/kde-multimedia-music.menu: cpio: lsetfilecon
>   Updating  : kdegraphics                  ####################### [ 9/26]
> error: unpacking of archive failed on file /usr/bin/kcolorchooser: cpio: lsetfilecon
>   Updating  : kdegames                     ####################### [10/26]
> error: unpacking of archive failed on file /usr/bin/atlantik: cpio: lsetfilecon
>   Installing: arts-devel                   ####################### [11/26]
> error: unpacking of archive failed on file /usr/bin/artsc-config: cpio: lsetfilecon
>   Installing: kdelibs-devel                ####################### [12/26]
> error: unpacking of archive failed on file /usr/bin/dcopidl: cpio: lsetfilecon
>   Updating  : kdeartwork                   ####################### [13/26]
> error: unpacking of archive failed on file /usr/bin/kbanner.kss: cpio: lsetfilecon
>   Updating  : cups                         ####################### [14/26]
> error: unpacking of archive failed on file /etc/cron.daily/cups: cpio: lsetfilecon
>   Updating  : system-config-nfs            ####################### [15/26]
> error: unpacking of archive failed on file /etc/pam.d/system-config-nfs: cpio: lsetfilecon
>   Updating  : kdebindings-devel            ####################### [16/26]
> error: unpacking of archive failed on file /usr/include/kde/kjsembed: cpio: lsetfilecon
>   Updating  : dhcp                         ####################### [17/26]
> error: unpacking of archive failed on file /etc/dhcpd.conf: cpio: lsetfilecon
> error: %preun(kdenetwork-3.4.2-0.fc4.2.i386) scriptlet failed, exit status 255
>   Cleanup   : kdeartwork                   ####################### [18/26]
> error: %postun(kdeartwork-3.4.2-0.fc4.1.i386) scriptlet failed, exit status 255
> error: %trigger(cups-1.1.23-15.1.i386) scriptlet failed, exit status 255
>   Cleanup   : kdemultimedia                ####################### [19/26]
> error: %postun(kdemultimedia-3.4.2-0.fc4.1.i386) scriptlet failed, exit status 255
> error: %preun(system-config-nfs-1.3.11-0.fc4.1.noarch) scriptlet failed, exit status 255
>   Cleanup   : kdebindings-devel            ####################### [20/26]
>   Cleanup   : kdegraphics                  ####################### [21/26]
> error: %postun(kdegraphics-3.4.2-0.fc4.2.i386) scriptlet failed, exit status 25
> 
> 
> I am at loss as to why I see a general "avc: denied {xxxxxxx}" messages
> interpersed in the /var/log/message and /var/log/audit/audit.log files such
> as shown below:
> 
> /var/log/messages:
> ====================
> 
> ===
> No idea what these are:
> 
> Dec 12 21:48:06 linux dbus: avc:  received policyload notice (seqno=3)
> Dec 12 21:48:06 linux dbus: avc:  1 AV entries and 1/512 buckets used, longest chain length 1
> Dec 12 21:48:06 linux dbus: avc:  received policyload notice (seqno=3)
> Dec 12 21:48:06 linux dbus: avc:  0 AV entries and 0/512 buckets used, longest chain length 0
> Dec 12 21:48:06 linux dbus: avc:  received policyload notice (seqno=3)
> Dec 12 21:48:06 linux dbus: avc:  7 AV entries and 7/512 buckets used, longest chain length 1
> 
> ===
> Relabeling problems shown below...
> 
> Dec 17 18:35:50 linux kernel: SELinux: initialized (dev sdb1, type ext3), uses xattr
> Dec 17 18:35:50 linux kernel: audit(1134872391.398:2): avc:  granted  { setenforce } for  pid=379 comm="rc.sysinit" scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:security_t tclass=security
> Dec 17 18:35:50 linux kernel: audit(1134872392.086:3): avc:  denied  { relabelfrom } for  pid=1236 comm="setfiles" name="__db.001" dev=hda2 ino=904713 scontext=system_u:system_r:kernel_t tcontext=root:object_r:file_t tclass=file
> Dec 17 18:35:50 linux kernel: audit(1134872412.527:4): avc:  denied  { relabelto } for  pid=1236 comm="setfiles" name="root" dev=hda2 ino=671745 scontext=system_u:system_r:kernel_t tcontext=root:object_r:user_home_dir_t tclass=dir
> Dec 17 18:35:50 linux kernel: audit(1134872412.547:5): avc:  denied  { relabelto } for  pid=1236 comm="setfiles" name="bin" dev=hda2 ino=671746 scontext=system_u:system_r:kernel_t tcontext=root:object_r:user_home_t tclass=dir
> Dec 17 18:35:50 linux kernel: audit(1134872412.559:6): avc:  denied  { relabelto } for  pid=1236 comm="setfiles" name="doCerts" dev=hda2 ino=671747 scontext=system_u:system_r:kernel_t tcontext=root:object_r:user_home_t tclass=file
> Dec 17 18:35:50 linux kernel: audit(1134872412.951:7): avc:  denied  { relabelfrom } for  pid=1236 comm="setfiles" name="khelpcenter" dev=hda2 ino=672118 scontext=system_u:system_r:kernel_t tcontext=root:object_r:file_t tclass=dir
> Dec 17 18:35:50 linux kernel: audit(1134872412.975:8): avc:  denied  { relabelto } for  pid=1236 comm="setfiles" name="socket-linux.cdkkt.com" dev=hda2 ino=672307 scontext=system_u:system_r:kernel_t tcontext=root:object_r:user_home_t tclass=lnk_file
> Dec 17 18:35:50 linux kernel: audit(1134872413.031:9): avc:  denied  { relabelto } for  pid=1236 comm="setfiles" name="libflashplayer.so" dev=hda2 ino=672362 scontext=system_u:system_r:kernel_t tcontext=root:object_r:lib_t tclass=file
> Dec 17 18:35:50 linux kernel: audit(1134873060.784:10): avc:  denied  { relabelfrom } for  pid=1236 comm="setfiles" name="xterm" dev=hda2 ino=1565515 scontext=system_u:system_r:kernel_t tcontext=root:object_r:file_t tclass=lnk_file
> Dec 17 18:35:50 linux kernel: audit(1134873187.416:11): avc:  denied  { relabelto } for  pid=1236 comm="setfiles" name="dant" dev=hda2 ino=1245501 scontext=system_u:system_r:kernel_t tcontext=user_u:object_r:user_home_dir_t tclass=dir
> Dec 17 18:35:50 linux kernel: audit(1134873187.416:12): avc:  denied  { relabelto } for  pid=1236 comm="setfiles" name=".kde" dev=hda2 ino=1245502 scontext=system_u:system_r:kernel_t tcontext=user_u:object_r:user_home_t tclass=dir
> Dec 17 18:35:50 linux kernel: audit(1134873187.420:13): avc:  denied  { relabelto } for  pid=1236 comm="setfiles" name="Autorun.desktop" dev=hda2 ino=1245504 scontext=system_u:system_r:kernel_t tcontext=user_u:object_r:user_home_t tclass=file
> Dec 17 18:35:50 linux kernel: audit(1134873187.492:14): avc:  denied  { relabelto } for  pid=1236 comm="setfiles" name="socket-linux.cdkkt.com" dev=hda2 ino=1245588 scontext=system_u:system_r:kernel_t tcontext=user_u:object_r:user_home_t tclass=lnk_file
> Dec 17 18:35:50 linux kernel: audit(1134873191.264:15): avc:  denied  { relabelfrom } for  pid=1236 comm="setfiles" name="verifyFS" dev=hdb1 ino=49063 scontext=system_u:system_r:kernel_t tcontext=root:object_r:samba_share_t tclass=file
> Dec 17 18:35:50 linux kernel: audit(1134873191.340:16): avc:  denied  { relabelfrom } for  pid=1236 comm="setfiles" name="DenyHosts-1.1.2-python2.4.noarch.rpm" dev=hdb1 ino=1651599 scontext=system_u:system_r:kernel_t tcontext=root:object_r:default_t tclass=file
> Dec 17 18:35:50 linux kernel: audit(1134873218.749:17): avc:  denied  { relabelfrom } for  pid=1236 comm="setfiles" name="defaults" dev=hdb3 ino=1697393 scontext=system_u:system_r:kernel_t tcontext=root:object_r:default_t tclass=dir
> Dec 17 18:35:50 linux kernel: audit(1134873319.356:18): avc:  granted  { setenforce } for  pid=379 comm="rc.sysinit" scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:security_t tclass=security
> Dec 17 18:35:50 linux kernel: Adding 2289252k swap on /dev/hda3.  Priority:-1 extents:1 across:2289252k
> 
> Any help would be appreciated!
----
I'd probably consider this list to be in reverse order of desirability.

1 - fresh install

2 - turn off selinux (or put into permissive mode until you can get a
more definitive answer from your question on selinux list.

3 - try '/sbin/fixfiles -R * restore'

Craig


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux