Selinux so badly corrupted machine can't start

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In a different thread "Re: Package managers gone haywire! yum, apt, rpm: pam 
is totally borked" I've described a series of failures that occurred with my 
package management system beginning on Saturday. There were 36 hours+ of 
attempts to repair this which involved multiple attempted updates that failed 
with frozen GUI's in Smart, Yumex, and Synaptic and command line errors 
including multiple segfaults when updates were attempted. Gradually, all the 
updates were eventually done. 

Two of the packages that were involved were selinux-policy and 
selinux-policy-targeted. While most issues seem to be getting resolved, 
running with selinux enabled is impossible. If I enable it, I get a flood of 
error messages on boot up and eventually, Fedora drops me to a shell and 
suggests a file system check or Ctl-D to continue; Ctl-D just reboots the 
machine with the same results; fsck always returns a clean file system with 
no reported problems. I've removed and reinstalled selinux-policy and 
selinux-policy-targeted but that didn't change matters. touch /.autorelabel 
is impossible, because it never gets to that point. I looked at removing 
other parts of selinux but they involve dependencies on every other package 
installed, it seems like. Is there any other tool I can use to repair the 
selinux installation? As I'm looking closer at last night's log after 
attempting to start with selinux running, I see that all the failures have to 
do with /dev entries, hardware -- I noticed during the bootup that the 
messages flying by seemed to largely associated with udev problems; here's an 
example of three of the failure messages:

type=AVC msg=audit(1181875931.670:6570): avc:  denied  { getattr } for  
pid=9482 comm="rpc.mountd" name="audio" dev=tmpfs ino=6018 
scontext=system_u:system_r:nfsd_t:s0 
tcontext=system_u:object_r:sound_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1181875931.670:6570): arch=40000003 syscall=195 
success=no exit=-13 a0=bf852054 a1=bf851f30 a2=873ff4 a3=3 items=0 ppid=1 
pid=9482 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
tty=(none) comm="rpc.mountd" exe="/usr/sbin/rpc.mountd" 
subj=system_u:system_r:nfsd_t:s0 key=(null)
type=AVC_PATH msg=audit(1181875931.670:6570):  path="/dev/audio"

type=AVC msg=audit(1181875931.670:6571): avc:  denied  { getattr } for  
pid=9482 comm="rpc.mountd" name="mixer" dev=tmpfs ino=6006 
scontext=system_u:system_r:nfsd_t:s0 
tcontext=system_u:object_r:sound_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1181875931.670:6571): arch=40000003 syscall=195 
success=no exit=-13 a0=bf852054 a1=bf851f30 a2=873ff4 a3=3 items=0 ppid=1 
pid=9482 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
tty=(none) comm="rpc.mountd" exe="/usr/sbin/rpc.mountd" 
subj=system_u:system_r:nfsd_t:s0 key=(null)
type=AVC_PATH msg=audit(1181875931.670:6571):  path="/dev/mixer"
type=AVC msg=audit(1181875931.670:6572): avc:  denied  { getattr } for  
pid=9482 comm="rpc.mountd" name="dsp" dev=tmpfs ino=5980 
scontext=system_u:system_r:nfsd_t:s0 
tcontext=system_u:object_r:sound_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1181875931.670:6572): arch=40000003 syscall=195 
success=no exit=-13 a0=bf852054 a1=bf851f30 a2=873ff4 a3=3 items=0 ppid=1 
pid=9482 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
tty=(none) comm="rpc.mountd" exe="/usr/sbin/rpc.mountd" 
subj=system_u:system_r:nfsd_t:s0 key=(null)
type=AVC_PATH msg=audit(1181875931.670:6572):  path="/dev/dsp"

type=AVC msg=audit(1181875931.670:6573): avc:  denied  { getattr } for  
pid=9482 comm="rpc.mountd" name="adsp" dev=tmpfs ino=5946 
scontext=system_u:system_r:nfsd_t:s0 
tcontext=system_u:object_r:sound_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1181875931.670:6573): arch=40000003 syscall=195 
success=no exit=-13 a0=bf852054 a1=bf851f30 a2=873ff4 a3=3 items=0 ppid=1 
pid=9482 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
tty=(none) comm="rpc.mountd" exe="/usr/sbin/rpc.mountd" 
subj=system_u:system_r:nfsd_t:s0 key=(null)
type=AVC_PATH msg=audit(1181875931.670:6573):  path="/dev/adsp"

Does this make sense to anyone? Is this a udev problem, a selinux problem, or 
something else entirely? With selinux disabled, things seem to back to normal 
this morning

I don't think I ever mentioned this in all these trouble reports - this is F7 
running on a 2.8 GHz P4 with 1 GB of ram - Windows XP is also installed on 
this box, and it runs perfectly. My F7 installation is about two weeks old. 
-- 
Claude Jones
Brunswick, MD


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux