[Novalug] FC6 SELinux and disk replacement

Fri Apr 6 17:04:02 EDT 2007

Background:

I know diddlesquat about SELinux.

Problem description:

I put a new hard disk in my laptop (another Hitachi which constantly 
load/unloads the heads with that clicking noise under Linux until you 
turn off power management with hdparm).

Anyway, I backed up the partitions with tar, formatted the new disk with 
a couple of partitions, restored the partitions, and reinstalled grub 
after tweaking the configuration a bit to allow for the partitions having 
different numbers than before (e.g. root was hda2 because hda1 had been 
some partition with Dell software on it; I didn't copy that partition, so 
root is now hda1).  In retrospect, I'd have kept the same partition 
numbers.

So, after I boot the first time, nobody can log in - permission denied on 
running the shell.  I reboot into single user, thinking that I forgot to 
set the proper permissions on the new / or /home filesystems, but all was 
fine.  All the same, strace showed that login was failing with EACCES 
when trying to execute /bin/bash at the end of a login sequence.

Eventually, I started syslogd and tried a login in single user mode.  As 
soon as I do, I see:

Apr 5 20:46:43 woody kernel: audit(1175820403.735:9): avc:  denied { 
entrypoint } for pid=1929 comm="sshd" name="bash" dev=hda1 ino=81954 
scontext=user_u:system_r:hotplug_t:s0 
tcontext=system_u:object_r:file_t:s0 tclass=file

The problem was revealed and I realized that I had no clue what to do 
about it.  I used to have a clue, but sold it on Ebay.

I finally "solved" the problem by doing an upgrade of Fedora from the CD. 
If the Internet was slow for you last night, that was me updating my 
laptop and torrenting the FC7t3 DVD.

The box seems to be more or less working now (using it to write this), 
but I'm still seeing messages like the ones below and I haven't given it 
a thorough workout.

1. What happened?  Anybody get the license plate of that truck?

2. Is there a simple way to fix it? I'm inclined to install a new Linux 
(maybe give Ubuntu another try) and just trash the root filesystem.  My 
new hard disk gives me lots of room to play around.

Cheers,
Garrett

Current message sample:

audit(1175889449.336:263): avc:  denied  { append } for  pid=2082 
comm="syslogd" name="spooler" dev=hda1 ino=1016124 
scontext=system_u:system_r:syslogd_t:s0 
tcontext=system_u:object_r:file_t:s0 tclass=file
audit(1175889449.336:264): avc:  denied  { append } for  pid=2082 
comm="syslogd" name="boot.log" dev=hda1 ino=1016125 
scontext=system_u:system_r:syslogd_t:s0 
tcontext=system_u:object_r:file_t:s0 tclass=file
audit(1175889449.511:265): avc:  denied  { read } for  pid=2098 
comm="mcstransd" name="config" dev=hda1 ino=115684 
scontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:file_t:s0 tclass=file
audit(1175889450.921:266): avc:  denied  { read } for  pid=2167 
comm="cupsd" name="libgnutls.so.13" dev=hda1 ino=164759 
scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:file_t:s0 tclass=lnk_file
audit(1175889450.978:267): avc:  denied  { read } for  pid=2167 
comm="cupsd" name="libgnutls.so.13" dev=hda1 ino=164759 
scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:file_t:s0 tclass=lnk_file
audit(1175889466.975:268): user pid=2110 uid=81 auid=4294967295 
subj=system_u:system_r:initrc_t:s0 msg='avc:  denied  { send_msg } for 
msgtype=method_call interface=org.freedesktop.DBus member=Hello 
dest=org.freedesktop.DBus spid=2377 scontext=system_u:system_r:rpm_t:s0 
tcontext=system_u:system_r:initrc_t:s0 tclass=dbus
audit(1175889478.958:269): avc:  denied  { execmod } for  pid=2766 
comm="Xorg" name="r200_dri.so" dev=hda1 ino=298429 
scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:file_t:s0 
tclass=file
audit(1175889520.900:270): avc:  denied  { execheap } for  pid=3027 
comm="mono" scontext=user_u:system_r:initrc_t:s0 
tcontext=user_u:system_r:initrc_t:s0 tclass=process