On Thu, 2014-03-06 at 15:15 +0000, Sven Vermeulen wrote: > Can you check your dmesg or logs? I don't know systemd-remount-fs but > perhaps it's because /run is already mounted and thus it cannot mount it > (without being smart enough to use "-o remount").
Service failed remounting the /run filesystem:
nemesis ~ # journalctl -b -u systemd-remount-fs.service
Mar 08 05:33:23 nemesis systemd[1]: Starting Remount Root and Kernel File
Systems...
Mar 08 05:33:23 nemesis systemd-remount-fs[700]: mount: /run not mounted or bad
option
Mar 08 05:33:23 nemesis systemd-remount-fs[700]: In some cases useful info is
found in syslog - try
Mar 08 05:33:23 nemesis systemd-remount-fs[700]: dmesg | tail or so
Mar 08 05:33:23 nemesis systemd-remount-fs[700]: /bin/mount for /run exited
with exit status 32.
Mar 08 05:33:23 nemesis systemd[1]: systemd-remount-fs.service: main process
exited, code=exited, status=1/FAILURE
Mar 08 05:33:23 nemesis systemd[1]: Failed to start Remount Root and Kernel
File Systems.
Mar 08 05:33:23 nemesis systemd[1]: Unit systemd-remount-fs.service entered
failed state.
> If you do something like the following, does the context then appear?
>
> #v+
> mount -o remount,context=system_u:object_r:var_run_t /run
> #v-
nemesis ~ # mount -o
remount,mode=0755,nosuid,nodev,context=system_u:object_r:var_run_t /run
mount: /run not mounted or bad option
In some cases useful info is found in syslog - try
dmesg | tail or so
nemesis ~ # ls -l /etc/mtab
lrwxrwxrwx. 1 root root 17 Feb 12 11:49 /etc/mtab -> /proc/self/mounts
And the last few lines from dmesg:
[ 166.570640] audit_printk_skb: 117 callbacks suppressed
[ 166.570643] type=1400 audit(1394177766.465:177): avc: denied { read } for
pid=2378 comm="gpg2" name="evolution-pgp.7SCJCX" dev="tmpfs" ino=10027
scontext=staff_u:sysadm_r:gpg_t tcontext=system_u:object_r:tmp_t tclass=file
[ 166.570651] type=1400 audit(1394177766.465:178): avc: denied { open } for
pid=2378 comm="gpg2" path="/tmp/evolution-pgp.7SCJCX" dev="tmpfs" ino=10027
scontext=staff_u:sysadm_r:gpg_t tcontext=system_u:object_r:tmp_t tclass=file
[ 193.766692] type=1400 audit(1394177795.942:179): avc: denied { sigchld }
for pid=1 comm="systemd" scontext=staff_u:sysadm_r:sysadm_dbusd_t
tcontext=system_u:system_r:kernel_t tclass=process
[ 246.306818] SELinux: unable to change security options during remount (dev
tmpfs, type=tmpfs)
I can't help but notice that the output of the remount here is the same
as that during systemd-remount-fs.service failing during boot. Note
also that SELinux is still in permissive mode - I imagine I'd be going
nowhere fast if I tried booting in enforcing mode at this stage. :)
> My system gives the following:
>
> #v+
> $ mount | grep run
> tmpfs on /run type tmpfs
> (rw,rootcontext=system_u:object_r:var_run_t,seclabel,nosuid,nodev,noexec,relatime)
> #v-
nemesis ~ # mount | grep run
tmpfs on /run type tmpfs (rw,nosuid,nodev,seclabel,mode=755)
nemesis ~ # grep run /etc/fstab
tmpfs /run tmpfs
remount,mode=0755,nosuid,nodev,context=system_u:object_r:var_run_t 0 0
I also tried remounting with only the options you specified
("remount,context=...") instead of the full set, with the same result.
I'm not sure how to get more information out of the SELinux subsystem in
order to get more information out of it...
Cheers;
wraeth
signature.asc
Description: This is a digitally signed message part
