F13->F14 upgrade + relabel = logins hosed: entrypoint access denied
by Dave Mitchell
I just tried to upgrade a F13 system to F14 using preupgrade.
It seemed to go well, but I was getting a lot of AVC denials for NM
and polkitd, and NM wasn't working properly. So I tried a 'touch
/.autorelabel' and reboot. It seemed to work, but now I can't login. Any
login attempt (via gdm or F2 console) immediately logs me back out again.
/var/log/messages shows, for a console login as root:
SELinux is preventing /bin/login from entrypoint access on the file /bin/bash
and for a GUI-based login:
SELinux is preventing /usr/libexec/gdm-session-worker from entrypoint access on the file /usr/bin/gnome-keyring/daemon
SELinux is preventing /usr/libexec/gdm-session-worker from entrypoint access on the file /etc/X11/xinit/Xsession
I can boot single user okay.
I ran 'fixfiles restore' to relabel again and rebooted, and it made no
difference.
By comparing with a similar but un-upgraded (ie F13) working host, I
found that the following are the same on both hosts:
# ls -lZ /bin/login
-rwxr-xr-x. root root system_u:object_r:login_exec_t:s0 /bin/login
# ls -lZ /bin/bash
-rwxr-xr-x. root root system_u:object_r:shell_exec_t:s0 /bin/bash
Policy is the same apart from changes in ethereal and spamd:
# sesearch --allow --neverallow --auditallow --dontaudit --type \
--role_allow --role_trans --range_trans \
| sort | egrep -v'ethereal|spam[cd]'
# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
While the two systems give the following:
# rpm -q selinux-policy
selinux-policy-3.7.19-101.fc13.noarch # F13 host
selinux-policy-3.9.7-40.fc14.noarch # F14 borked host
At this point I've exhausted my meager understanding of selinux.
Any suggestions?
Thanks.
--
In economics, the exam questions are the same every year.
They just change the answers.
12 years, 11 months
Login screen, date and time
by Tanguy Eric
At the login screen i can see date and time in us format whereas in f14
i saw the date and time in french format. How can i obtain this ?
Thanks
Eric
12 years, 11 months
Juniper network connect f15 x86_64
by Tanguy Eric
I tried to use juniper network connect java applet to connect to my
university vpn. It worked fine with some tweaks on f14 i686. So i think
the problem come from x86_64. The network connect applet load but never
run.
$ rpm -qa | grep i686
compat-libstdc++-33-3.2.3-68.1.i686
libstdc++-4.6.0-7.fc15.i686
glibc-2.13.90-9.i686
nss-softokn-freebl-3.12.10-1.fc15.i686
compat-libstdc++-296-2.96-143.1.i686
zlib-1.2.5-3.fc15.i686
libgcc-4.6.0-7.fc15.i686
I installed jre-6u25-linux-amd64.rpm and it runs fine on firefox.
Someone could help me ?
Thanks
Eric
12 years, 11 months
Mock and Gnome-Schedule F15 srpm
by Frank Murphy
Hi,
I'm not a packager, currently have no webspace (between hosts)
Have rebuild gnome-schedule for myself using upstream:
gnome-schedule-2.1.3.tar.gz
and a modified spec from the last released F15 srpm version:
gnome-schedule-2.0.2-6.fc15.src.rpm
How do I use mock to create multiple version at the one time
F15\Rawhide?
The single rebuild I did for F15 64bit installs\works fine.
removed require for gnome-python2-applet.
Just pulls in gnome-python2-gconf currently.
--
Regards,
Frank Murphy
UTF_8 Encoded
Friend of Fedora
12 years, 11 months
Is there an IPSEC Gui for FC14?
by Eric B.
Hi,
I was hoping to find a nice GUI utility to setup/create an IPSEC VPN
tunnel in FC14. I looked in the NetworkManager, but there does not seem
to be any configuration options that would allow me to specify any
particulars for Phase 1 and Phase 2 negotations.
I isntalled the NetworkManager-openswan package hoping that would give
me the necessary options, but I need to hand-code the Phase 1 & Phase 2
options (would have been nice to have a GUI to select the options), and
there is no way to specify key files for the connection.
Is there anything else out there that exists, or do I have to do
everything in shell mode?
Thanks,
Eric
12 years, 11 months
Sound input on Fedora 15
by Michael Eager
Sound output through my motherboard's Intel HDA ACL888 works OK.
Sound input does not work.
Alsa lists the ACL888 as well as a video capture card.
Pulseaudio (pacmd list-sources) shows the card and says that it only has
internal audio monitor, not hardware input.
Any suggestions on how to fix this?
# arecord -l
**** List of CAPTURE Hardware Devices ****
card 0: Intel [HDA Intel], device 0: ALC888 Analog [ALC888 Analog]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 0: Intel [HDA Intel], device 2: ALC888 Analog [ALC888 Analog]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 1: Bt878 [Brooktree Bt878], device 0: Bt87x Digital [Bt87x Digital]
Subdevices: 0/1
Subdevice #0: subdevice #0
card 1: Bt878 [Brooktree Bt878], device 1: Bt87x Analog [Bt87x Analog]
Subdevices: 1/1
Subdevice #0: subdevice #0
# pacmd
list-sources
2 source(s) available.
index: 0
name: <alsa_output.pci-0000_00_1b.0.analog-stereo.monitor>
driver: <module-alsa-card.c>
flags: DECIBEL_VOLUME LATENCY DYNAMIC_LATENCY
state: RUNNING
suspend cause:
priority: 1950
volume: 0: 100% 1: 100%
0: 0.00 dB 1: 0.00 dB
balance 0.00
base volume: 100%
0.00 dB
volume steps: 65537
muted: no
current latency: 0.00 ms
max rewind: 344 KiB
sample spec: s16le 2ch 44100Hz
channel map: front-left,front-right
Stereo
used by: 1
linked by: 1
configured latency: 20.00 ms; range is 0.50 .. 1999.82 ms
monitor_of: 0
card: 0 <alsa_card.pci-0000_00_1b.0>
module: 4
properties:
device.description = "Monitor of Internal Audio Analog Stereo"
device.class = "monitor"
alsa.card = "0"
alsa.card_name = "HDA Intel"
alsa.long_card_name = "HDA Intel at 0xf9ff8000 irq 310"
alsa.driver_name = "snd_hda_intel"
device.bus_path = "pci-0000:00:1b.0"
sysfs.path = "/devices/pci0000:00/0000:00:1b.0/sound/card0"
device.bus = "pci"
device.vendor.id = "8086"
device.vendor.name = "Intel Corporation"
device.product.id = "293e"
device.product.name = "82801I (ICH9 Family) HD Audio Controller"
device.form_factor = "internal"
device.string = "0"
module-udev-detect.discovered = "1"
device.icon_name = "audio-card-pci"
--
Michael Eager eager(a)eagercon.com
1960 Park Blvd., Palo Alto, CA 94306 650-325-8077
12 years, 11 months
Another failure
by Beartooth
On an expendable (and thoroughly backed up, fully updated) Athlon
XP 2800+ with 1.9 GB of memory, running F 14, I asked here on April 25
about preupgrade. Having gotten two prompt and helpful replies, I went
ahead, getting an install of F15 Beta.
Starting April 27, I began a thread ("So where are my
workspaces?") which became long and bifurcated, both here and on the
testers' list. There was a lot of floundering on my part, with helpful
specific links to several bugs, which I studied. I also kept updating F15
at least daily.
F15 soon reached a point where its login screen produced only
error messages, which I posted. The bugs meanwhile were gradually
declared fixed, though the fix didn't work on this machine. About that
point I ceased keeping up with the lists, though I kept trying.
With upgrades and "yum install" commands issued over ssh from
other machines on my LAN, I became able to log into KDE4 and Xfce; I
spent some time trying them out, particularly as to workspace switchers
or substitutes. (There were also several other threads, on both lists
iirc, from other users whose needs Gnome 3 seemed not to meet.)
When F15 was declared golden, I waited a couple of days, burned a
DVD, and tried to "upgrade." No change. I tried doing a fresh install,
figuring that some obscure glitch on this machine must be responsible. No
change.
Finally I pulled the big hammer: wiped the whole machine with
DBAN, and did a second fresh install of F15. It still hit the dead bug
with logging into Gnome3.
I couldn't face the effort to enable KDE4 or Xfce via ssh again,
nor the learning curve that would follow. I'm now
managing,unsatisfactorily but adequately, with Scientific Linux 6.0 on
this machine. (I have EPEL, rpmforge, and rpmfusion enabled.)
I'll probably try F16 this fall, and meanwhile stick to F14 on my
other machines.
What I miss most from Fedora are these :
dillo, galeon, epiphany, kazehakase, midori, privoxy, seamonkey, and
gnome-control-center. (SL seems to have the last, but I can't get
anything but "command not found" from it.)
Question: if I forgo yum and PackageKit, and get ahold of actual
Fedora rpms somewhere, can I install and run them in SL? Or is there a
compatible repo I've overlooked??
In theory, according to the EPEL page, they should be available
there; but they don't seem to be.
--
Beartooth Staffwright, Neo-Redneck Not Quite Clueless Power User
I have precious (very precious!) little idea where up is.
12 years, 11 months
14->15 upgrade comments
by Rich Emberson
Last weekend I upgraded (using preupgrade) both my laptop and development
box from 14 to 15. Both are x86_64 machines.
On the laptop, twice now while rebooting the system has crashed with
a stacktrace on the screen. Both times it occurred while the blue, light-
blue and white progress bars were making their way across the screen.
I do not know howto capture the stacktrace. The machine freezes.
Ctl-Alt-Del does not cause a reboot. The offswitch does not work.
After trying both of the above and waiting a couple of minutes, the
machine turns off. Afterwards, I attempt another reboot and it works.
Must be some timing issue. (The first time it happened was during the
reboot at the end of the preupgrade process - needless to say my
stress levels spiked.)
Secondly, on my development machine I have a 4TB drive that I always
mounted manually; its not in the /etc/fstabs file.
Well, while rebooting at the end on the preupgrade process,
I got the following popup:
Dirty File Systems
The following file systems for your Linux system were not
unmounted cleanly. Please boot your Linux installation, let
the file systems be checked and shut down cleanly to upgrade.
/dev/sde1
Clicking OK, I was booted into 14. I then ran fsck on the disk
which took many hours with no errors. Then, had to re-run the
preupgrade script (which was much faster the second time since
things had already been downloaded) and the reboot took me to 15.
You might consider letting folks know on the preupgrade webpage
that all disks, not just those in fstabs, HAVE to have had fsck
run recently (don't know what recent means in this case).
Lastly, the fonts are, well, not what they were before the upgrade.
Others have mentioned this and I will live with them until some
future time.
Other than those issues, great upgrade process.
Many Thanks!
Richard
12 years, 11 months
btrfs advice?
by Michael Wiktowy
I made the leap to a btrfs root partition for my netbook with a fresh
install of F15.
Everything seems to work fine and I have done some fair amount of
Googling for information and come across
https://btrfs.wiki.kernel.org/index.php/Getting_started which offers
some great (incomplete) info but nothing Fedora specific. I have some
questions about how to move forward to take advantage of btrfs:
1) Is there any kind of integration of btrfs with the included apps
(For example: automatic snapshots before yum updates allowing easy
rollbacks, deja dup backing up a btrfs snapshot so that currently
changing data doesn't affect the backup process, a kiosk mode that
rolls back a home directory to a known state after logout, etc.) or is
that the next step to take advantage of all the new bells and whistles
and F15 is just a test-btrfs-as-a-ext4-replacement release?
2) I see (using 'mount') that the root is btrfs along with some (what
appear to be) subvolumes for /tmp, /var/tmp and /home yet 'btrfs
device scan' shows no information. Does 'btrfs device scan' only scan
unmounted devices or is this a bug?
3) I have read at Phoronix that using the transparent compression
offers a fair performance gain (
http://www.phoronix.com/scan.php?page=article&item=btrfs_space_cache&num=1
) with mixed results when combining that with space cache. Has the
space cache+compression degradation seen in some benchmarks been fixed
in F15? Also, is using transparent compression simply a matter of
adding the correct mount flag to /etc/fstab or is there a more complex
conversion process to be followed that needs to be done offline?
4) Since this is a netbook with a modest Atom processor, would
enabling transparent compression just load the CPU such that any
performance is negated or cause significant battery drain?
Thank you for any experience you have to offer.
/Mike
12 years, 11 months