Michael,
I think you best shot for now is to start RHEL in init 1 or Single user mode,
and put SELinux in permissive mode.
If it works, probably RACF is not behaving well with SELinux.
If you need help with that, let me know,
Regards,
Filipe Miranda
Linux on System z
On 21/08/2012, at 09:33 AM, Michael MacIsaac <mike...@us.ibm.com> wrote:
> Hi,
>
> I have a RHEL 6.2 system that I logged into OK yesterday and did some work
> (including installing a number of RPMs). This morning I was unable to
> login through SSH, though I'm sure I used the right password.
>
> So I went to the console which still had root logged on and tried the
> "passwd" command - I got an error about a lacking shared library.
>
> I made the mistake of reIPLing, now can't even login from the console :((
> Here are the pertinent boot messages:
>
> IPL 100
> ... # all normal looking boot messages - then:
> Checking all file systems.
> Ý/sbin/fsck.ext4 (1) -- /¨ fsck.ext4 -a /dev/dasda1
> /dev/dasda1: clean, 5230/32832 files, 46268/131072 blocks
> Ý/sbin/fsck.ext4 (1) -- /opt¨ fsck.ext4 -a /dev/mapper/system_vg-opt_lv
> /dev/mapper/system_vg-opt_lv: recovering journal
> /dev/mapper/system_vg-opt_lv: clean, 11/65536 files, 6190/65536 blocks
> Ý/sbin/fsck.ext4 (1) -- /tmp¨ fsck.ext4 -a /dev/mapper/system_vg-tmp_lv
> /dev/mapper/system_vg-tmp_lv: clean, 13/65536 files, 6192/65536 blocks
> Ý/sbin/fsck.ext4 (1) -- /usr¨ fsck.ext4 -a /dev/mapper/system_vg-usr_lv
> /dev/mapper/system_vg-usr_lv: clean, 40793/131072 files, 290969/524288
> blocks
> Ý/sbin/fsck.ext4 (1) -- /var¨ fsck.ext4 -a /dev/mapper/system_vg-var_lv
> /dev/mapper/system_vg-var_lv: clean, 1695/98304 files, 21102/98304 blocks
> Ý OK ¨
> Remounting root filesystem in read-write mode: Ý OK ¨
> type=1400 audit(1345548478.898:6): avc: denied { add_name } for pid=962
> comm=
> "mount" name="mtab~962" scontext=system_u:system_r:mount_t:s0
> tcontext=unconfine
> d_u:object_r:admin_home_t:s0 tclass=dir
> type=1400 audit(1345548478.898:7): avc: denied { add_name } for pid=963
> comm=
> "mount" name="mtab~963" scontext=system_u:system_r:mount_t:s0
> tcontext=unconfine
> d_u:object_r:admin_home_t:s0 tclass=dir
> type=1400 audit(1345548478.898:8): avc: denied { add_name } for pid=964
> comm=
> "mount" name="mtab~964" scontext=system_u:system_r:mount_t:s0
> tcontext=unconfine
> d_u:object_r:admin_home_t:s0 tclass=dir
> type=1400 audit(1345548478.898:9): avc: denied { add_name } for pid=965
> comm=
> "mount" name="mtab~965" scontext=system_u:system_r:mount_t:s0
> tcontext=unconfine
> d_u:object_r:admin_home_t:s0 tclass=dir
> type=1400 audit(1345548478.908:10): avc: denied { add_name } for pid=967
> comm
> ="mount" name="mtab~967" scontext=system_u:system_r:mount_t:s0
> tcontext=unconfin
> ed_u:object_r:admin_home_t:s0 tclass=dir
> EXT4-fs (dm-3): mounted filesystem with ordered data mode. Opts:
> can't create lock file /etc/mtab~962: Permission denied (use -n flag to
> override
> )
> ... then things go downhill pretty fast
>
> So the "avc: denied" messages smell of SELinux. Has anyone seen this?
> I've never had this problem with RHEL 6.2 before. Perhaps pertinent is
> that this system has RACF customized as in section 18.3 of the new
> Cookbook. Has anyone had issues with RACF and RHEL 6.2/SE Linux
> interaction? Thanks.
>
> "Mike MacIsaac" <mikemac at-sign us.ibm.com>
>
> ----------------------------------------------------------------------
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> ----------------------------------------------------------------------
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
