Re: FYI: new rawhide boot failure
Daniel J Walsh wrote: > On 01/13/2012 01:17 PM, Jim Meyering wrote: >> Daniel J Walsh wrote: >>> On 01/13/2012 11:42 AM, Daniel J Walsh wrote: On 01/13/2012 06:59 AM, Frank Murphy wrote: > On 13/01/12 11:46, Jim Meyering wrote: >> Just a heads up. > Ran into it yesterday: > https://lists.fedoraproject.org/pipermail/test/2012-January/105084.html > > > Thought it was systemd update from day before, but maybe it's > the selinux\policy update. It is caused by the systemd update, we are building an SELinux policy to fix the problems. >>> selinux-policy-3.10.0-74.2.fc17 is in Koji if anyone wants to try >>> it out and see if they can successfully boot in enforcing mode. >> >> Hi Dan, Thanks for the quick work. I've just done the following in >> an empty directory: >> >> koji download-build selinux-policy-3.10.0-74.2.fc17 yum install >> *.rpm >> >> I like the "Complete!" message at the end, but wonder if I should >> worry about the intermediate "/usr/sbin/semodule: Failed!" >> message. I went ahead and rebooted. It worked like a charm. Thanks again. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: FYI: new rawhide boot failure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/13/2012 01:17 PM, Jim Meyering wrote: > Daniel J Walsh wrote: >> On 01/13/2012 11:42 AM, Daniel J Walsh wrote: >>> On 01/13/2012 06:59 AM, Frank Murphy wrote: On 13/01/12 11:46, Jim Meyering wrote: > Just a heads up. >>> Ran into it yesterday: https://lists.fedoraproject.org/pipermail/test/2012-January/105084.html >>> Thought it was systemd update from day before, but maybe it's the selinux\policy update. >>> >>> >>> It is caused by the systemd update, we are building an SELinux >>> policy to fix the problems. >> selinux-policy-3.10.0-74.2.fc17 is in Koji if anyone wants to try >> it out and see if they can successfully boot in enforcing mode. > > Hi Dan, Thanks for the quick work. I've just done the following in > an empty directory: > > koji download-build selinux-policy-3.10.0-74.2.fc17 yum install > *.rpm > > I like the "Complete!" message at the end, but wonder if I should > worry about the intermediate "/usr/sbin/semodule: Failed!" > message. > > Here's the complete output: > > - Loaded plugins: > auto-update-debuginfo, langpacks, presto, refresh-packagekit > Setting up Install Process Examining > selinux-policy-3.10.0-74.2.fc17.noarch.rpm: > selinux-policy-3.10.0-74.2.fc17.noarch Marking > selinux-policy-3.10.0-74.2.fc17.noarch.rpm as an update to > selinux-policy-3.10.0-74.fc17.noarch Examining > selinux-policy-3.10.0-74.2.fc17.src.rpm: > selinux-policy-3.10.0-74.2.fc17.src Cannot add package > selinux-policy-3.10.0-74.2.fc17.src.rpm to transaction. Not a > compatible architecture: src Examining > selinux-policy-doc-3.10.0-74.2.fc17.noarch.rpm: > selinux-policy-doc-3.10.0-74.2.fc17.noarch Marking > selinux-policy-doc-3.10.0-74.2.fc17.noarch.rpm to be installed > Examining selinux-policy-minimum-3.10.0-74.2.fc17.noarch.rpm: > selinux-policy-minimum-3.10.0-74.2.fc17.noarch Marking > selinux-policy-minimum-3.10.0-74.2.fc17.noarch.rpm to be installed > Examining selinux-policy-mls-3.10.0-74.2.fc17.noarch.rpm: > selinux-policy-mls-3.10.0-74.2.fc17.noarch Marking > selinux-policy-mls-3.10.0-74.2.fc17.noarch.rpm to be installed > Examining selinux-policy-targeted-3.10.0-74.2.fc17.noarch.rpm: > selinux-policy-targeted-3.10.0-74.2.fc17.noarch Marking > selinux-policy-targeted-3.10.0-74.2.fc17.noarch.rpm as an update to > selinux-policy-targeted-3.10.0-74.fc17.noarch Resolving > Dependencies --> Running transaction check ---> Package > selinux-policy.noarch 0:3.10.0-74.fc17 will be updated ---> Package > selinux-policy.noarch 0:3.10.0-74.2.fc17 will be an update ---> > Package selinux-policy-doc.noarch 0:3.10.0-74.2.fc17 will be > installed ---> Package selinux-policy-minimum.noarch > 0:3.10.0-74.2.fc17 will be installed ---> Package > selinux-policy-mls.noarch 0:3.10.0-74.2.fc17 will be installed --> > Processing Dependency: policycoreutils-newrole >= 2.1.9-4 for > package: selinux-policy-mls-3.10.0-74.2.fc17.noarch --> Processing > Dependency: setransd for package: > selinux-policy-mls-3.10.0-74.2.fc17.noarch ---> Package > selinux-policy-targeted.noarch 0:3.10.0-74.fc17 will be updated > ---> Package selinux-policy-targeted.noarch 0:3.10.0-74.2.fc17 will > be an update --> Running transaction check ---> Package > mcstrans.x86_64 0:0.3.2-1.fc15 will be installed ---> Package > policycoreutils-newrole.x86_64 0:2.1.10-5.fc17 will be installed > --> Finished Dependency Resolution > > Dependencies Resolved > > = > > Package Arch Version Repository Size > = > > Installing: > selinux-policy-doc noarch 3.10.0-74.2.fc17 > /selinux-policy-doc-3.10.0-74.2.fc17.noarch 14 M > selinux-policy-minimum noarch 3.10.0-74.2.fc17 > /selinux-policy-minimum-3.10.0-74.2.fc17.noarch 8.1 M > selinux-policy-mls noarch 3.10.0-74.2.fc17 > /selinux-policy-mls-3.10.0-74.2.fc17.noarch 7.8 M Updating: > selinux-policy noarch 3.10.0-74.2.fc17 > /selinux-policy-3.10.0-74.2.fc17.noarch 8.9 M > selinux-policy-targeted noarch 3.10.0-74.2.fc17 > /selinux-policy-targeted-3.10.0-74.2.fc17.noarch 8.1 M Installing > for dependencies: mcstransx86_64 0.3.2-1.fc15 > rawhide98 k policycoreutils-newrole x86_64 > 2.1.10-5.fc17rawhide 122 k > > Transaction Summary > = > > Install 3 Packages (+2 Dependent packages) > Upgrade 2 Packages > > Total size: 47 M Total download size: 220 k Is this ok [y/N]: y > Downloading Packages: (1/2): mcstrans-0.3.2-1.fc15.x86_64.rpm > | 98 kB 00:00 (2/2): > policycoreutils-newrole-2.1.10-5.fc17.x86_64.rpm | 122 kB > 00:00 > - > > Total
Re: FYI: new rawhide boot failure
Daniel J Walsh wrote: > On 01/13/2012 11:42 AM, Daniel J Walsh wrote: >> On 01/13/2012 06:59 AM, Frank Murphy wrote: >>> On 13/01/12 11:46, Jim Meyering wrote: Just a heads up. >> >>> Ran into it yesterday: >>> https://lists.fedoraproject.org/pipermail/test/2012-January/105084.html >> >>> Thought it was systemd update from day before, but maybe it's >>> the selinux\policy update. >> >> >> It is caused by the systemd update, we are building an SELinux >> policy to fix the problems. > selinux-policy-3.10.0-74.2.fc17 is in Koji if anyone wants to try it > out and see if they can successfully boot in enforcing mode. Hi Dan, Thanks for the quick work. I've just done the following in an empty directory: koji download-build selinux-policy-3.10.0-74.2.fc17 yum install *.rpm I like the "Complete!" message at the end, but wonder if I should worry about the intermediate "/usr/sbin/semodule: Failed!" message. Here's the complete output: - Loaded plugins: auto-update-debuginfo, langpacks, presto, refresh-packagekit Setting up Install Process Examining selinux-policy-3.10.0-74.2.fc17.noarch.rpm: selinux-policy-3.10.0-74.2.fc17.noarch Marking selinux-policy-3.10.0-74.2.fc17.noarch.rpm as an update to selinux-policy-3.10.0-74.fc17.noarch Examining selinux-policy-3.10.0-74.2.fc17.src.rpm: selinux-policy-3.10.0-74.2.fc17.src Cannot add package selinux-policy-3.10.0-74.2.fc17.src.rpm to transaction. Not a compatible architecture: src Examining selinux-policy-doc-3.10.0-74.2.fc17.noarch.rpm: selinux-policy-doc-3.10.0-74.2.fc17.noarch Marking selinux-policy-doc-3.10.0-74.2.fc17.noarch.rpm to be installed Examining selinux-policy-minimum-3.10.0-74.2.fc17.noarch.rpm: selinux-policy-minimum-3.10.0-74.2.fc17.noarch Marking selinux-policy-minimum-3.10.0-74.2.fc17.noarch.rpm to be installed Examining selinux-policy-mls-3.10.0-74.2.fc17.noarch.rpm: selinux-policy-mls-3.10.0-74.2.fc17.noarch Marking selinux-policy-mls-3.10.0-74.2.fc17.noarch.rpm to be installed Examining selinux-policy-targeted-3.10.0-74.2.fc17.noarch.rpm: selinux-policy-targeted-3.10.0-74.2.fc17.noarch Marking selinux-policy-targeted-3.10.0-74.2.fc17.noarch.rpm as an update to selinux-policy-targeted-3.10.0-74.fc17.noarch Resolving Dependencies --> Running transaction check ---> Package selinux-policy.noarch 0:3.10.0-74.fc17 will be updated ---> Package selinux-policy.noarch 0:3.10.0-74.2.fc17 will be an update ---> Package selinux-policy-doc.noarch 0:3.10.0-74.2.fc17 will be installed ---> Package selinux-policy-minimum.noarch 0:3.10.0-74.2.fc17 will be installed ---> Package selinux-policy-mls.noarch 0:3.10.0-74.2.fc17 will be installed --> Processing Dependency: policycoreutils-newrole >= 2.1.9-4 for package: selinux-policy-mls-3.10.0-74.2.fc17.noarch --> Processing Dependency: setransd for package: selinux-policy-mls-3.10.0-74.2.fc17.noarch ---> Package selinux-policy-targeted.noarch 0:3.10.0-74.fc17 will be updated ---> Package selinux-policy-targeted.noarch 0:3.10.0-74.2.fc17 will be an update --> Running transaction check ---> Package mcstrans.x86_64 0:0.3.2-1.fc15 will be installed ---> Package policycoreutils-newrole.x86_64 0:2.1.10-5.fc17 will be installed --> Finished Dependency Resolution Dependencies Resolved = Package Arch Version Repository Size = Installing: selinux-policy-doc noarch 3.10.0-74.2.fc17 /selinux-policy-doc-3.10.0-74.2.fc17.noarch 14 M selinux-policy-minimum noarch 3.10.0-74.2.fc17 /selinux-policy-minimum-3.10.0-74.2.fc17.noarch 8.1 M selinux-policy-mls noarch 3.10.0-74.2.fc17 /selinux-policy-mls-3.10.0-74.2.fc17.noarch 7.8 M Updating: selinux-policy noarch 3.10.0-74.2.fc17 /selinux-policy-3.10.0-74.2.fc17.noarch 8.9 M selinux-policy-targeted noarch 3.10.0-74.2.fc17 /selinux-policy-targeted-3.10.0-74.2.fc17.noarch 8.1 M Installing for dependencies: mcstransx86_64 0.3.2-1.fc15 rawhide98 k policycoreutils-newrole x86_64 2.1.10-5.fc17rawhide 122 k Transaction Summary = Install 3 Packages (+2 Dependent packages) Upgrade 2 Packages Total size: 47 M Total download size: 220 k Is this ok [y/N]: y Downloading Packages: (1/2): mcstrans-0.3.2-1.fc15.x86_64.rpm | 98 kB 00:00 (2/2): policycoreutils-newrole-2.1.10-5.fc17.x86_6
Re: FYI: new rawhide boot failure
On 13/01/12 18:03, Daniel J Walsh wrote: policy to fix the problems. selinux-policy-3.10.0-74.2.fc17 is in Koji if anyone wants to try it out and see if they can successfully boot in enforcing mode. works with enforcing. -- Regards, Frank Murphy UTF_8 Encoded Friend of fedoraproject.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: FYI: new rawhide boot failure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/13/2012 11:42 AM, Daniel J Walsh wrote: > On 01/13/2012 06:59 AM, Frank Murphy wrote: >> On 13/01/12 11:46, Jim Meyering wrote: >>> Just a heads up. > >> Ran into it yesterday: >> https://lists.fedoraproject.org/pipermail/test/2012-January/105084.html > >> Thought it was systemd update from day before, but maybe it's >> the selinux\policy update. > > > It is caused by the systemd update, we are building an SELinux > policy to fix the problems. selinux-policy-3.10.0-74.2.fc17 is in Koji if anyone wants to try it out and see if they can successfully boot in enforcing mode. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8QcegACgkQrlYvE4MpobMd1gCfQMlkPXVuAjkUe1xX47UWnkTp 7KYAn14is+k4AkVP6u8Fwf+GwfpY10PM =RIjs -END PGP SIGNATURE- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: FYI: new rawhide boot failure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/13/2012 06:59 AM, Frank Murphy wrote: > On 13/01/12 11:46, Jim Meyering wrote: >> Just a heads up. > > Ran into it yesterday: > https://lists.fedoraproject.org/pipermail/test/2012-January/105084.html > > Thought it was systemd update from day before, but maybe it's the > selinux\policy update. > > It is caused by the systemd update, we are building an SELinux policy to fix the problems. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8QXxAACgkQrlYvE4MpobOW5QCgyPKwRwivWGsw1O5Ksb78e02S RlAAoN0udwiTFoYccfZGtxmocB7Axr1l =ySmu -END PGP SIGNATURE- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: FYI: new rawhide boot failure
On 13/01/12 11:46, Jim Meyering wrote: Just a heads up. Ran into it yesterday: https://lists.fedoraproject.org/pipermail/test/2012-January/105084.html Thought it was systemd update from day before, but maybe it's the selinux\policy update. -- Regards, Frank Murphy UTF_8 Encoded Friend of fedoraproject.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
FYI: new rawhide boot failure
Just a heads up. I usually update a rawhide VM daily and reboot at least once or twice a week. Today space was getting a little low on the parent partition, so I stopped the VM in order to run virt-sparsify on its image. Nice: that saved 3GB. Booting again, however, there were numerous service-start failures and it never reached a point where I could get into it. I tried again, using the original image, just in case, but it failed the same way. Finally, I resorted to adding enforcing=0 on the boot command line. With that, it started. There are a bunch of AVCs in /var/log/audit/audit.log. The first three were these: type=AVC msg=audit(1326440396.499:393): avc: denied { syslog_mod } for pid=415 comm="systemd-journal" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system type=AVC msg=audit(1326440397.097:394): avc: denied { sendto } for pid=1146 comm="dbus-daemon" path="/dev/log" scontext=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:init_t:s0 tclass=unix_dgram_socket type=AVC msg=audit(1326440397.097:395): avc: denied { sendto } for pid=939 comm="dbus-daemon" path="/dev/log" scontext=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:init_t:s0 tclass=unix_dgram_socket followed by 14 like this: type=AVC msg=audit(1326444676.387:32): avc: denied { setuid } for pid=382 comm="systemd-journal" capability=7 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tclass=capability -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel