Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1107796
Summary: | initial-setup-graphical fails to run when selinux enforcing | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Paul Whalen <pwhalen> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | rawhide | CC: | awilliam, dominick.grift, dwalsh, lvrabec, mgrepl, mkolman, robatino, vpodzime |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | arm | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-06-17 20:09:03 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 245418, 1043119 |
Description
Paul Whalen
2014-06-10 15:59:00 UTC
can you find an AVC anywhere? does the X log provide any useful information? I built an x86_64 Xfce live image with today's anaconda and python-blivet (so it'd be possible to run an install). initial-setup-graphical runs on reboot, but the system seems frozen at that point - can't interact with i-s-g or do a ctrl-alt-f2. odd, but probably not the same bug. this one may be ARM-specific. Hi Adam, AVC: type=AVC msg=audit(1403013537.525:407): avc: denied { connectto } for pid=712 comm="dbus-daemon" path="/run/systemd/journal/stdout" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=unix_stream_socket type=SYSCALL msg=audit(1403013537.525:407): arch=40000028 syscall=283 per=800000 success=no exit=-13 a0=23 a1=be83e69c a2=1d a3=ffffffff items=0 ppid=1 pid=712 auid=4294967295 uid=81 gid=81 euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none) ses=4294967295 comm="dbus-daemon" exe="/usr/bin/dbus-daemon" subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null) ***** Plugin catchall (100. confidence) suggests ************************** If you believe that dbus-daemon should be allowed connectto access on the stdout unix_stream_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep dbus-daemon /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Jun 17 10:05:32 localhost setroubleshoot: SELinux is preventing /usr/bin/dbus-daemon from connectto access on the unix_stream_socket /run/systemd/journal/stdout. For complete SELinux messages. run sealert -l 2baf4b71-f642-4443-a723-beb668f1d141 Jun 17 10:05:32 localhost python: SELinux is preventing /usr/bin/dbus-daemon from connectto access on the unix_stream_socket /run/systemd/journal/stdout. Moving to selinux-policy. Should be fixed in selinux-policy-3.13.1-59.fc21 |