Re: Selinux so badly corrupted machine can't start

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Claude Jones wrote:
In a different thread "Re: Package managers gone haywire! yum, apt, rpm: pam is totally borked" I've described a series of failures that occurred with my package management system beginning on Saturday. There were 36 hours+ of attempts to repair this which involved multiple attempted updates that failed with frozen GUI's in Smart, Yumex, and Synaptic and command line errors including multiple segfaults when updates were attempted. Gradually, all the updates were eventually done. Two of the packages that were involved were selinux-policy and selinux-policy-targeted. While most issues seem to be getting resolved, running with selinux enabled is impossible. If I enable it, I get a flood of error messages on boot up and eventually, Fedora drops me to a shell and suggests a file system check or Ctl-D to continue; Ctl-D just reboots the machine with the same results; fsck always returns a clean file system with no reported problems. I've removed and reinstalled selinux-policy and selinux-policy-targeted but that didn't change matters. touch /.autorelabel is impossible, because it never gets to that point. I looked at removing other parts of selinux but they involve dependencies on every other package installed, it seems like. Is there any other tool I can use to repair the selinux installation? As I'm looking closer at last night's log after attempting to start with selinux running, I see that all the failures have to do with /dev entries, hardware -- I noticed during the bootup that the messages flying by seemed to largely associated with udev problems; here's an example of three of the failure messages:
type=AVC msg=audit(1181875931.670:6570): avc: denied { getattr } for pid=9482 comm="rpc.mountd" name="audio" dev=tmpfs ino=6018 scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:sound_device_t:s0 tclass=chr_file type=SYSCALL msg=audit(1181875931.670:6570): arch=40000003 syscall=195 success=no exit=-13 a0=bf852054 a1=bf851f30 a2=873ff4 a3=3 items=0 ppid=1 pid=9482 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="rpc.mountd" exe="/usr/sbin/rpc.mountd" subj=system_u:system_r:nfsd_t:s0 key=(null) 
type=AVC_PATH msg=audit(1181875931.670:6570):  path="/dev/audio"
type=AVC msg=audit(1181875931.670:6571): avc: denied { getattr } for pid=9482 comm="rpc.mountd" name="mixer" dev=tmpfs ino=6006 scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:sound_device_t:s0 tclass=chr_file type=SYSCALL msg=audit(1181875931.670:6571): arch=40000003 syscall=195 success=no exit=-13 a0=bf852054 a1=bf851f30 a2=873ff4 a3=3 items=0 ppid=1 pid=9482 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="rpc.mountd" exe="/usr/sbin/rpc.mountd" subj=system_u:system_r:nfsd_t:s0 key=(null) 
type=AVC_PATH msg=audit(1181875931.670:6571):  path="/dev/mixer"
type=AVC msg=audit(1181875931.670:6572): avc: denied { getattr } for pid=9482 comm="rpc.mountd" name="dsp" dev=tmpfs ino=5980 scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:sound_device_t:s0 tclass=chr_file type=SYSCALL msg=audit(1181875931.670:6572): arch=40000003 syscall=195 success=no exit=-13 a0=bf852054 a1=bf851f30 a2=873ff4 a3=3 items=0 ppid=1 pid=9482 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="rpc.mountd" exe="/usr/sbin/rpc.mountd" subj=system_u:system_r:nfsd_t:s0 key=(null) 
type=AVC_PATH msg=audit(1181875931.670:6572):  path="/dev/dsp"
type=AVC msg=audit(1181875931.670:6573): avc: denied { getattr } for pid=9482 comm="rpc.mountd" name="adsp" dev=tmpfs ino=5946 scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:sound_device_t:s0 tclass=chr_file type=SYSCALL msg=audit(1181875931.670:6573): arch=40000003 syscall=195 success=no exit=-13 a0=bf852054 a1=bf851f30 a2=873ff4 a3=3 items=0 ppid=1 pid=9482 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="rpc.mountd" exe="/usr/sbin/rpc.mountd" subj=system_u:system_r:nfsd_t:s0 key=(null) 
type=AVC_PATH msg=audit(1181875931.670:6573):  path="/dev/adsp"
Does this make sense to anyone? Is this a udev problem, a selinux problem, or something else entirely? With selinux disabled, things seem to back to normal this morning
I don't think I ever mentioned this in all these trouble reports - this is F7 running on a 2.8 GHz P4 with 1 GB of ram - Windows XP is also installed on this box, and it runs perfectly. My F7 installation is about two weeks old. 

Are you sharing /dev via nfs?
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux