Re: SELinux preventing login (Fedora 16)



On 04/11/2012 12:01 PM, Braden McDaniel wrote:
I have a Fedora 16 box where something seems to have gone sideways with
SELinux. I am unable to log into the box with SELinux enabled. I see
messages in /var/log/messages that look like this:

Apr 11 02:40:06 rail setroubleshoot: SELinux is preventing
/usr/libexec/accounts-daemon from name_connect access on the tcp_socket .
For complete SELinux messages. run sealert -l
aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:40:06 rail setroubleshoot:
SELinux is preventing /usr/libexec/accounts-daemon from name_connect access
on the tcp_socket . For complete SELinux messages. run sealert -l
aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:40:07 rail setroubleshoot:
SELinux is preventing /usr/libexec/accounts-daemon from name_connect access
on the tcp_socket . For complete SELinux messages. run sealert -l
aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:40:10 rail setroubleshoot:
SELinux is preventing /usr/libexec/accounts-daemon from name_connect access
on the tcp_socket . For complete SELinux messages. run sealert -l
aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:40:26 rail setroubleshoot:
SELinux is preventing /usr/libexec/accounts-daemon from name_connect access
on the tcp_socket . For complete SELinux messages. run sealert -l
aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:40:58 rail setroubleshoot:
SELinux is preventing /usr/libexec/accounts-daemon from name_connect access
on the tcp_socket . For complete SELinux messages. run sealert -l
aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:42:02 rail setroubleshoot:
SELinux is preventing /usr/libexec/accounts-daemon from name_connect access
on the tcp_socket . For complete SELinux messages. run sealert -l
aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:42:02 rail setroubleshoot:
SELinux is preventing /usr/libexec/accounts-daemon from name_connect access
on the tcp_socket . For complete SELinux messages. run sealert -l
aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:42:02 rail setroubleshoot:
SELinux is preventing /usr/libexec/accounts-daemon from name_connect access
on the tcp_socket . For complete SELinux messages. run sealert -l
aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:42:06 rail setroubleshoot:
SELinux is preventing /usr/libexec/accounts-daemon from name_connect access
on the tcp_socket . For complete SELinux messages. run sealert -l
aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:42:14 rail setroubleshoot:
SELinux is preventing /usr/libexec/accounts-daemon from name_connect access
on the tcp_socket . For complete SELinux messages. run sealert -l
aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:42:30 rail setroubleshoot:
SELinux is preventing /usr/libexec/accounts-daemon from name_connect access
on the tcp_socket . For complete SELinux messages. run sealert -l
aeded892-dec1-4e6d-87ce-7c10a4e42e2b Apr 11 02:43:02 rail setroubleshoot:
SELinux is preventing /usr/libexec/accounts-daemon from name_connect access
on the tcp_socket . For complete SELinux messages. run sealert -l
aeded892-dec1-4e6d-87ce-7c10a4e42e2b

I tried doing a full relabel; but that had no noticeable effect. If I boot
to single user mode and disable SELinux (via /etc/selinux/config), I'm able
to log in and things appear to be functional. Well, with the caveat that
the suggestion in the message to run sealert yields this:

# sealert -l aeded892-dec1-4e6d-87ce-7c10a4e42e2b Opps, sealert hit an
error!

Traceback (most recent call last): File "/usr/bin/sealert", line 668, in
<module> proxy_obj = bus.get_object(dbus_system_bus_name,
dbus_system_object_path) File
"/usr/lib/python2.7/site-packages/dbus/bus.py", line 244, in get_object
follow_name_owner_changes=follow_name_owner_changes) File
"/usr/lib/python2.7/site-packages/dbus/proxies.py", line 241, in __init__
self._named_service = conn.activate_name_owner(bus_name) File
"/usr/lib/python2.7/site-packages/dbus/bus.py", line 183, in
activate_name_owner self.start_service_by_name(bus_name) File
"/usr/lib/python2.7/site-packages/dbus/bus.py", line 281, in
start_service_by_name 'su', (bus_name, flags))) File
"/usr/lib/python2.7/site-packages/dbus/connection.py", line 630, in
call_blocking message, timeout) DBusException:
org.freedesktop.DBus.Error.Spawn.ChildExited: Launch helper exited with
unknown return code 3

Any idea what happened here and how I might actually fix it?


What does
ausearch -m avc -ts recent
show?
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org


Relevant Pages

  • Re: SELinux and named
    ... For complete SELinux messages. ... run sealert -l ... This is the standard logrotate. ... Ok I put a patch into Rawhide, and I believe the next F10 policy will have a fix for this. ...
    (Fedora)
  • Re: SELinux and named
    ... Running restorecon, as suggested by the troubleshooter, doesn't help. ... For complete SELinux messages. ... run sealert -l ... Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org ...
    (Fedora)
  • Re: SELinux is preventing /bin/login...access on the file /bin/bash
    ... Dec 12 09:21:45 f14 setroubleshoot: SELinux is preventing ... For complete SELinux messages. ... run sealert -l ...
    (Fedora)
  • Re: FC19
    ... complete SELinux messages. ... run sealert -l ... Basically, on the latter, whatever mission-control is (and on the GUI ...
    (RedHat)
  • Re: SELinux and named
    ... Running restorecon, as suggested by the troubleshooter, doesn't ... For complete SELinux messages. ... run sealert -l ... This is the standard logrotate. ...
    (Fedora)