Anaconda version of 4/3/04 won't enable SELinux

Gregory Woodbury ggw at wolves.durham.nc.us
Sun Apr 4 10:25:12 UTC 2004 

On Sun, Apr 04, 2004 at 12:01:00AM -0800, George Garvey wrote:
> On Sun, Apr 04, 2004 at 03:43:27AM -0400, Gregory Woodbury wrote:
> > I took the snapshot (via mirror.hiwaay.net - thanks Chris!) 4/3/04 about
> > 11:00am EST, and did a "fresh install" via images/boot.iso (HTTP against
> > my snapshot).
> > Anaconda displayed the SELinux options selector menu as a grayed-out box
> > indicating that SELinux was "disabled".  Sure enough,
> > /etc/sysconfig/selinux shows "disabled".
> > Even so, I am getting login failures for any user other than root via
> > any method [console gdm kdm etc....].  There are also avc's appearing in
> > /var/log/messages!
> 
>    Just did the same thing, same mirror, except used NFS. Suprised by
> SELinux being disable in anaconda, too.
>    No problems logging in at all. Lots of avcs from rpm, that's about it.

After loading policy and relabeling, the user errors sort of eased up.
Su'ing to a user worked, and ssh to the user made via the
system-config-users works.  The user made by firstboot still won't login
from any method. (Ssh just reports connection closed by remote host,
/var/log/secure reports as follows:

Apr  4 06:17:19 tembo sshd[5699]: Accepted password for ggw from ::ffff:10.11.12.3 port 1154 ssh2
Apr  4 06:17:51 tembo sshd[5737]: Accepted password for greg from ::ffff:10.11.12.3 port 1155 ssh2
Apr  4 06:17:51 tembo sshd[5745]: Unable to get valid context for greg, No valid tty
Apr  4 06:17:51 tembo sshd[5745]: fatal: PAM session setup failed[7]: Authentication failure
Apr  4 06:19:44 tembo sshd[5790]: Accepted password for ggw from ::ffff:10.11.12.3 port 1156 ssh2

where ggw is the s-c-u added user, and greg is the firstboot added user.

Obviously a policy/labeling conflict.  Bugzilla will be informed later
in the day. (After I wake up again. :-)

-- 
Gregory G. "Wolfe" Woodbury      `-_-'    Owner/Admin: wolves.durham.nc.us
ggw at wolves.durham.nc.us         U     RHCT August 2003
"The Line Eater is a boojum snark."     Hug your wolf.

More information about the fedora-test-list mailing list