My Fedora 27 x64 fails to boot after hard reset. It shows:
Failed to mount POSIX Message Queue File System,
Failed to start Remount and Kernel File Systems,
Failed to mount Kernel Debug File System,
Failed to mount Huge Pages File System [3]
and lots of other failures comes after these. See https://photos.app.goo.gl/qBUxT40zA2MTLTwO2
In all these cases
Failed at step EXEC spawning /usr/bin/mount: Permission denied
is given as a reason. How can it be? Doesn't it recognize it's own filesystems?
I have 3 kernels:
vmlinuz-4.14.16-300.fc27.x86_64
vmlinuz-4.15.13-300.fc27.x86_64
vmlinuz-4.15.14-300.fc27.x86_64
no matter which one I try to boot the same happens.
So far I have:
Followed suggestions and:
Performed fsck -f on /dev/mapper/fedora-home
, got:
tree extents for i-node 524820 (on level 2) could be narrower. Fix?<y>Y
Allowed to fix this.
And the same for /dev/mapper/fedora-root, /dev/sda1 (boot partition) confirmed they are clean. One more error of the same kind was found for an extra partition for data files.
rpm -V --all | grep -v " [cg] "
returned as follows:.M....... /run/libgpod
..5....T. /var/lib/selinux/targeted/active/commit_num
.......T. /var/lib/selinux/targeted/active/file_contexts
.......T. /var/lib/selinux/targeted/active/homedir_template
S.5....T. /var/lib/selinux/targeted/active/policy.kern
.M.....T. /var/lib/selinux/targeted/active/seusers
.M.....T. /var/lib/selinux/targeted/active/users_extra
.M....... /var/run/pluto
not exists /var/run/abrt
.M....... /var/log/audit
not exists /usr/lib/systemd/system-preset/85-display-manager.preset
S.5....T. /usr/share/icons/Crux/icon-theme.cache
S.5....T. /usr/share/icons/Mist/icon-theme.cache
rpm -V "$(rpm -q --whatprovides /usr/bin/mount)"
.M....G.. g /var/log/lastlog
fixfiles check /usr
libsemanage.semanage_make_sandbox: Error removing old sandbox directory /var/lib/selinux/targeted/tmp. (Read only file system).
genhomedircon: Could not begin transaction: Read only file system
Among many lines similar to to the one below:
Would relabel /usr/src/handbrake/trunk/build/contrib/lib from unconfined_u:object_r:usr_t:s0 to unconfined_u:object_r:lib_t:s0
a few interesting ones are:
Would relabel /usr/sbin/mount.nilfs2 from unconfined_u:object_r:bin_t:s0 to unconfined_u:object_r:mount_exec_t:s0
Would relabel /usr/sbin/umount.nilfs2 from unconfined_u:object_r:bin_t:s0 to unconfined_u:object_r:mount_exec_t:s0
Would relabel /usr/sbin/mkfs.nilfs2 from unconfined_u:object_r:bin_t:s0 to unconfined_u:object_r:fsadm_exec_t:s0
Proved RAM works fine - memtest86 didn't find any errors during 3.5 passes and over 8h test time.
9. Disabled SELinux (SELinux=disabled in /etc/selinux/config) and restarted. System started without any error! This proves problem is in SELinux policies. I believe I should start with checking those 6 top SELinux policies that have been changed somehow (see p. 5). The question is how to do it wisely.
Checked local modifications to SELinux config files and file_contexts:
semanage module -C -l
Module name Priority Language
semanage fcontext -C -l
fcontext SELinux type Context
/usr/bin/mount all files system_u:object_r:samba_share_t:s0
/usr/share/dnfdaemon/dnfdaemon-system all files system_u:object_r:rpm_exec_t:s0
/var/run/media/przemek/extra(/.*)? all files system_u:object_r:samba_share_t:s0
/var/www/html/photo all files system_u:object_r:httpd_sys_rw_content_t:s0
/var/www/html/photo/_cache all files system_u:object_r:httpd_sys_rw_content_t:s0
/var/www/html/photo/config all files system_u:object_r:httpd_sys_rw_content_t:s0
/var/www/html/photo/content all files system_u:object_r:httpd_sys_rw_content_t:s0
/var/www/html/photo/content/folders.json all files system_u:object_r:httpd_sys_rw_content_t:s0
/var/www/html/photo/iv-config/language all files system_u:object_r:httpd_sys_rw_content_t:s0
Interestingly fcontext of the /usr/bin/mount has changed.
The system runs 24h/day as a simple home server (www, mail, etc.). From time to time (say once a few weeks) it freezes completely. HDD keeps writing something (repetitive, although irregular sound). No reaction to keyboard, mouse, remote SSH access. Many times I have tried to leave it overnight, but it does not recover, so I am forced to hard reset it each time this happens. This time I haven't waited, but hard reset it after just a few minutes. Unfortunately since then it cannot boot.
I remembered that a minute or less before the system froze Firefox message box appeared telling me that some script became irresponsive. I don't remember my choice (kill it/wait).
Hardware: Gigabyte GB-BACE-3160 Brix PC with Hitachi HTS725032A9A364 2.5" HDD and 4GB LPDDR3 RAM (default clock).
More details [here]
The problem was caused by improper file context of the /usr/bin/mount
file: samba_share_t
.
The file context change wasn't caused by some error due to hard reset, but... by my imprudent decision to follow the first suggestion of SELinux Alert Browser. See the screenshot below.
This first suggestion was to change /usr/bin/mount
file context to samba_share_t
to allow smbd to access getattr.
The solution was:
[root@atlas ~]# ls -Z /usr/bin/mount
system_u:object_r:samba_share_t:s0 /usr/bin/mount
[root@atlas ~]# semanage fcontext -d /usr/bin/mount
[root@atlas ~]# restorecon -v /usr/bin/mount
Relabeled /usr/bin/mount from system_u:object_r:samba_share_t:s0 to system_u:object_r:mount_exec_t:s0
[root@atlas ~]# ls -Z /usr/bin/mount
system_u:object_r:mount_exec_t:s0 /usr/bin/mount
It could be done in emergency console, but I have used the console to put SELinux into permissive mode, boot system and then change the file context as described above.
When I have checked modified SELinux contexts of files (see p. 10 of my initial post) I have noticed that context of the mount looked suspicious. At the moment I realized that shortly before the problem started I have imprudently followed the first suggestion of SELinux Alert Browser to change mount file context. The same suggestion appeared now, after system repair and restart, so I was able to attach the screenshot below.
Credit for @sourcejedi for pointing SELinux may be causing the problem and for his kind help!
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments