login - Error in service module
Dennis Kaptain
dkaptain at yahoo.com.mx
Mon Oct 6 21:17:34 UTC 2008
I am running Fedora 8 in run level 5. SELinux is enabled.
When I <ctl><alt><F[1-6]> to a virtual console I get the text login screen
I enter a username and password (either root or any normal user)
I press enter, and get a message "Error in service module"
The screen clears and returns to login.
If I disable SELinux with setenforce 0 this does not happen.
[root at confianza ~]# uname -a
Linux confianza 2.6.26.5-28.fc8 #1 SMP Sat Sep 20 09:12:30 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux
in /var/log/messages I get
Oct
6 15:37:21 localhost setroubleshoot: SELinux is preventing login
(local_login_t) "read" to ./limits.conf (var_log_t). For complete
SELinux messages. run sealert -l 5f8baee3-51a7-4c91-bb95-2499cf6e0f6f
So as recommended I ran
[root at confianza log]# sealert -l 5f8baee3-51a7-4c91-bb95-2499cf6e0f6f
Summary:
SELinux is preventing login (local_login_t) "read" to ./limits.conf (var_log_t).
Detailed Description:
SELinux denied access requested by login. It is not expected that this access is
required by login and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.
Allowing Access:
Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for ./limits.conf,
restorecon -v './limits.conf'
If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context system_u:system_r:local_login_t:s0-s0:c0.c1023
Target Context system_u:object_r:var_log_t:s0
Target Objects ./limits.conf [ file ]
Source login
Source Path /bin/login
Port <Unknown>
Host confianza
Source RPM Packages util-linux-ng-2.13.1-2.fc8
Target RPM Packages
Policy RPM selinux-policy-3.0.8-117.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall_file
Host Name confianza
Platform Linux confianza 2.6.26.5-28.fc8 #1 SMP Sat Sep 20
09:12:30 EDT 2008 x86_64 x86_64
Alert Count 1
First Seen Mon Oct 6 15:37:21 2008
Last Seen Mon Oct 6 15:37:21 2008
Local ID 5f8baee3-51a7-4c91-bb95-2499cf6e0f6f
Line Numbers
Raw Audit Messages
host=confianza
type=AVC msg=audit(1223325441.857:129): avc: denied { read } for
pid=4909 comm="login" name="limits.conf" dev=sda6 ino=1177254
scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_log_t:s0 tclass=file
host=confianza
type=SYSCALL msg=audit(1223325441.857:129): arch=c000003e syscall=2
success=no exit=-13 a0=7ff9a3aeb786 a1=0 a2=1b6 a3=0 items=0 ppid=1
pid=4909 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=tty2 ses=4294967295 comm="login" exe="/bin/login"
subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 key=(null)
I check /etc/security/limits.conf
[root at confianza security]# ls -Z limits.conf
-rw-r--r-- root root system_u:object_r:var_log_t:s0 limits.conf
I try to relabel
[root at confianza security]# restorecon -v './limits.conf'
restorecon reset ./limits.conf context system_u:object_r:var_log_t:s0->system_u:object_r:etc_t:s0
Doesn't help
I read the FAQ at http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
I read the man page for audit2allow and I don't get it.
Has anyone run into this before? How do I fix it without having to disable SELinux?
Thanks for your help
Dennis K
¡Todo sobre Amor y Sexo!
La guía completa para tu vida en Mujer de Hoy.
http://mx.mujer.yahoo.com/
More information about the fedora-list
mailing list