SELinux is preventing /bin/login...access on the file /bin/bash
by Jackson Byers
A new thread, was "F14 login fails on backup copy; gdm error?"
Symptoms still same:
I have a working F14 [call it F14usb8] on sda8 on my external usb.
I made a backup copy onto my 2nd scsi disk, seen as sdc7 [call it F14sdc7]
This was preparation for using it for preupgrade to F16.
Booting F14sdc7 at first looks normal.
But I am unable to log in.
new data, re selinux, from /mnt/sdc7/var/log/messages
Dec 10 10:49:45 f14 kernel: [ 99.305929] Xorg:1655 freeing invalid
memtype f88e8000-f88f8000
Dec 10 10:49:45 f14 kernel: [ 99.305954] Xorg:1655 freeing invalid
memtype f88f8000-f8908000
Dec 10 10:49:47 f14 setroubleshoot: SELinux is preventing /bin/login
from entrypoint access on the file /usr/bin/gnome-keyring-da
emon. For complete SELinux messages. run sealert -l
78e20e61-45c0-47c7-a7e5-760752d2ae93
Dec 10 10:49:50 f14 setroubleshoot: SELinux is preventing /bin/login
from entrypoint access on the file /etc/X11/xinit/Xsession.
For complete SELinux messages. run sealert -l
78e20e61-45c0-47c7-a7e5-760752d2ae93
Dec 10 10:49:51 f14 kernel: [ 105.540513] agpgart-intel 0000:00:00.0:
AGP 2.0 bridge
Dec 10 10:49:51 f14 kernel: [ 105.540538] agpgart-intel 0000:00:00.0:
putting AGP V2 device into 1x mode
Dec 10 10:49:51 f14 kernel: [ 105.540575] pci 0000:01:00.0: putting
AGP V2 device into 1x mode
Dec 10 10:49:51 f14 kernel: [ 105.565791] [drm] Initialized card for AGP DMA.
Dec 10 10:49:54 f14 gdm-simple-greeter[1807]: Gtk-WARNING:
gtkwidget.c:5691: widget not within a GtkWindow
Dec 10 10:49:55 f14 gdm-simple-greeter[1807]: WARNING: Unable to load
CK history: no seat-id found
Dec 10 10:50:25 f14 init[1]: getty(a)tty2.service holdoff time over,
scheduling restart.
Dec 10 10:50:34 f14 setroubleshoot: SELinux is preventing /bin/login
from entrypoint access on the file /bin/bash. For complete S
ELinux messages. run sealert -l 78e20e61-45c0-47c7-a7e5-760752d2ae93
Dec 10 10:50:39 f14 init[1]: getty(a)tty2.service holdoff time over,
scheduling restart.
Dec 10 10:50:40 f14 setroubleshoot: SELinux is preventing /bin/login
from entrypoint access on the file /bin/bash. For complete SELinux
messages. run sealert -l 78e20e61-45c0-47c7-a7e5-760752d2ae93
Dec 10 10:51:00 f14 init[1]: getty(a)tty2.service holdoff time over,
scheduling restart.
Dec 10 10:51:08 f14 setroubleshoot: SELinux is preventing /bin/login
from entrypoint access on the file /bin/bash. For complete SELinux
messages. run sealert -l 78e20e61-45c0-47c7-a7e5-760752d2ae93
Dec 10 10:51:16 f14 init[1]: getty(a)tty2.service holdoff time over,
scheduling restart.
Dec 10 10:51:18 f14 setroubleshoot: SELinux is preventing /bin/login
from entrypoint access on the file /bin/bash. For complete SELinux
messages. run sealert -l 78e20e61-45c0-47c7-a7e5-760752d2ae93
Since I can't login I can't run sealert
reboot next day
Dec 11 11:45:48 f14 kernel: imklog 4.6.3, log source = /proc/kmsg started.
again, same messages on this attempt,
again, can't login
dec 11 boot:
Some avc: denied
root@f14 audit]# pwd
/mnt/sdc7/var/log/audit
root@f14 audit]# tail -40 audit.log |grep -i avc
type=AVC msg=audit(1323632980.320:84): avc: denied { entrypoint }
for pid=1891 comm="gdm-session-wor"
path="/usr/bin/gnome-keyring-daemon" dev=sdc7 ino=1025156
scontext=unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:file_t:s0 tclass=file
type=AVC msg=audit(1323632980.726:87): avc: denied { entrypoint }
for pid=1898 comm="gdm-session-wor" path="/etc/X11/xinit/Xsession"
dev=sdc7 ino=801827
scontext=unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:file_t:s0 tclass=file
type=AVC msg=audit(1323633022.407:98): avc: denied { entrypoint }
for pid=1998 comm="login" path="/bin/bash" dev=sdc7 ino=817623
scontext=unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:file_t:s0 tclass=file
type=AVC msg=audit(1323633059.916:110): avc: denied { entrypoint }
for pid=2020 comm="login" path="/bin/bash" dev=sdc7 ino=817623
scontext=unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:file_t:s0 tclass=file
[root@f14 audit]#
I don't know how to interpret any of selinux messages.
Is it possible selinux is preventing login?
Jack
12 years, 5 months
Bluecurve Icon Theme
by Smith, Herb
Is it possible to get the Bluecurve Icon theme working on FC16? I did the yum install bluecurve* and it seemed to install everything. When I run the Advanced Settings (alacarte) the bluecurve icon theme does not appear in the menu.
Is there a way to get it to be recognized, or another way to implement it?
Thanks in advance,
Herb
12 years, 5 months
F16 Recent updates? - googleearth problem
by Dr J Austin
Hi
Has anyone seen this problem with googleearth after recent "yum update"?
ja@minix ~ 5$ uname -a
Linux minix 3.1.4-1.fc16.x86_64 #1 SMP Tue Nov 29 11:37:53 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
--------------------------------
Graphics Config
Fails on nvidia graphics driver machine and catalyst driver machine
ja@minix ~ 1$ cat /etc/X11/xorg.conf
Section "Device"
Identifier "aticonfig-Device[0]-0"
Driver "fglrx"
BusID "PCI:1:5:0"
EndSection
ja@avon ~ 1$ cat /etc/X11/xorg.conf
...
# RPM Fusion - nvidia-xorg.conf
#
Section "Device"
Identifier "Videocard0"
Driver "nvidia"
EndSection
--------------------------------
Installed from here
wget http://dl.google.com/earth/client/current/GoogleEarthLinux.bin
-rwxr--r--. 1 ja sysadmin 33688483 May 19 2011 GoogleEarthLinux.bin
--------------------------------
Google search has not helped me so far
ja@minix ~ 3$ googleearth
Google Earth has caught signal 11.
We apologize for the inconvenience, but Google Earth has crashed.
This is a bug in the program, and should never happen under normal
circumstances. A bug report and debugging data have been written
to this text file:
/home/ja/.googleearth/crashlogs/crashlog-4ee638da.txt
Please include this file if you submit a bug report to Google.
ja@minix ~ 4$ cat /home/ja/.googleearth/crashlogs/crashlog-4ee638da.txt
Major Version 6
Minor Version 0
Build Number 0003
Build Date May 17 2011
Build Time 00:40:40
OS Type 3
OS Major Version 3
OS Minor Version 1
OS Build Version 4
OS Patch Version 0
Crash Signal 11
Crash Time 1323710682
Up Time 0.879047
Stacktrace from glibc:
./libgoogleearth_free.so(+0xab953)[0xb41953]
./libgoogleearth_free.so(+0xabad3)[0xb41ad3]
[0x8f2400]
Thanks
John
12 years, 5 months
Stateless IPv6 questions
by nullv@gmx.com
Hi,
I'm kinda new to IPv6 and have a few questions on setting it up.
I've set up an IPv6 tunnel on sit1 and I have radvd broadcasting a prefix on em1. My clients are able to generate global IPv6 addresses and ping & browse other sites on the internet. However, I noticed that I have to enter DNS servers manually. Is there a way to set up dns servers for clients automatically without using DHCPv6? I know there are extensions that support rDNS servers & DNS search domains via the stateless protocol but is there a way I can also send DNS server info?
And also, I noticed that while the clients are generating properly prefixed global addresses, the gateway address (2001:...) is still a link-local address (fe80:...). Although things seem to be working will that be a problem for other applications or services?
Lastly, before (in IPv4) I had been using iptables NAT rules to filter client access to the internet. Can anyone confirm that in IPv6 I can use the ip6tables FORWARD chain for similar purposes? My research on it seems to confirm this but I just want someone else whi has had real world experience with this.
Thanks
Sent via my BlackBerry from Vodacom - let your email find you!
12 years, 5 months
Re: [ds6] Stateless IPv6 Configuration
by nullv@gmx.com
Thanks for answers Peter. I think I have an idea which direction is north now :D
------Original Message------
From: Peter Bieringer
To: nullv(a)gmx.com
Cc: ds6(a)lists.deepspace6.net
Cc: users(a)lists.fedoraproject.org
Subject: Re: [ds6] Stateless IPv6 Configuration
Sent: Dec 12, 2011 12:02 PM
Hi,
Am 11.12.2011 09:48, schrieb nullv(a)gmx.com:
> Thanks for clearing that up for me. One last question: I noticed that
when left on autoconfig my windows 7 clients automatically add dns
addresses fec0:0:0:ffff::1 to 3.
I saw this already on my old Nokia 9300i phone longer time ago, looks
like even Windows 7 clients working like defined here:
https://tools.ietf.org/id/draft-ietf-ipngwg-dns-discovery-03.txt
http://technet.microsoft.com/en-us/library/cc783049%28WS.10%29.aspx
fec0:: addresses are deprecated since longer time (but still useful
sometimes), but I'm wondering that Microsoft still uses them.
> I'm assuming these are anycast addresses for auto dns config?
These are not anycast addresses, this are site-local addresses with SLA
ffff.
> So if I add the addresses to my servers I'm set? These (auto dns
config) behaviour has not occurred with my linux (Fedora16) clients. How
can I enable this feature?
- store them in /etc/resolv.conf permanently
- distribute also fec0::/something prefix via router advertisement
daemons (because otherwise, your Linux client can't connect to such
addresses at all because of scope mismatch)
- verify, that routing works fine from client to your site-local DNS
servers.
Regards,
Peter
Sent via my BlackBerry from Vodacom - let your email find you!
12 years, 5 months
VNCViewer not starting anymore
by Robert Moskowitz
When I first installed f16, I tried out VNCViewer and it started up, but
the address I was using was blocked from my VNCServer; no problem really....
So I move my new notebook to the proper VLAN and copied all the files
from the old notebook, including .ssh, .subversion, and .vnc
Now when I started VNCViewer, it showed on the top bar, but no dialog
for entering the server name and port.
I quited VNCViewer, moved .vnc to vnc-old and tried again, but no dice.
I don't know if there was a .vnc prior from the install, or the problem
is elsewhere. I really need VNC to manage a couple local servers, so
help would be great...
12 years, 5 months
Virtualization Documentation
by Gene Poole
The last official piece of documentation on virtualization was written for
Fedora 13. I've found a unofficial document on 'How To Forge' about KVM
virtualization and Fedora 14. Hasn't there been enough changes and
additions to KVM virtualization by Fedora 16 that makes that older
documentation obsolete?
I'm familiar with VMware ESXi and VMware Server, so can I take that
knowledge and the available documentation and proceed to implement KVM?
Thanks,
Gene Poole
+ It's impossible for everything to be true. +
12 years, 5 months
Fedora 16 boot problem
by Swapnil Bhartiya
Hi,
I once again got stuck with Fedora16. After install I activates livable and rpmfusion repo. Then ran the suggested updates. Then I installed nvidia drivers. -- by running 'yum install kmod-nvidia'. When rebooted I was stuck at [15
588002] systems[1]: startup finished in 2s 221ms 176 us (kernel)
Swapnil
12 years, 5 months
