Polkit.service crashes after selinux installing

[mt190502]

Hello. I installing selinux with this rules. https://wiki.archlinux.org/index.php/SELinux

$ git clone https://github.com/archlinuxhardened/selinux $ cd selinux $ ./recv_gpg_keys.sh $ ./build_and_install_all.sh

But when i booting archlinux, polkit service and some services crashing. And I cannot switch to the TTY screen. How can I solve the problem? Thanks.

[fishilico]

Hello, This issue might be caused by your Desktop Manager not working correctly with SELinux, or with systemd or dbus having encountering some issues, or with PAM being broken, or...

Could you recover some log messages from the failed boot? For example by booting on a live media (live USB/live CD/PXE boot...) and reading logs with journalctl -D ... as described in https://unix.stackexchange.com/questions/199988/how-to-inspect-systemd-journal-files-directly/200107#200107. This would help identifying why your setup is not working.

[mt190502]

Could you recover some log messages from the failed boot?

I deleted Selinux. And now I use apparmor. But the journal files from 9 days ago remain.

[fishilico]

I deleted Selinux. And now I use apparmor. But the journal files from 9 days ago remain.

Without more context, it is very hard to understand what went wrong when you tried to install SELinux. I understand from your message that you do not want to help fixing the issues you have identified. If so, can this issue be closed?

[mt190502]

I deleted Selinux. And now I use apparmor. But the journal files from 9 days ago remain.

Without more context, it is very hard to understand what went wrong when you tried to install SELinux. I understand from your message that you do not want to help fixing the issues you have identified. If so, can this issue be closed?

I would like to help. But that day I had a job with the computer and I deleted SELinux by necessity. And then I installed Apparmor. I will let you know when I will try SELinux again in the future. We can close the issue.

[mt190502]

Hello again. I installed selinux again. And I ran into the same error. I can't get into TTY.

[mt190502]

Journal logs

[fishilico]

Hello, this seems to be a segmentation fault in function polkit_backend_authority_get. Reading the code (https://gitlab.freedesktop.org/polkit/polkit/-/blob/0.119/src/polkitbackend/polkitbackendauthority.c#L1416), the function appears to initialize polkit logging (openlog, syslog...). SELinux might get in the way if it is not configured correctly, but if these functions fail, they are supposed to return errors, not to cause the segfaults you are seeing.

Could you report your issue to polkit's developers? (https://gitlab.freedesktop.org/polkit/polkit/-/issues) This would help gaining more insight about what is going on. At first glance, this seems to be a bug on polkit's side, but if it is caused by some configuration files which are modified by SELinux, the polkit developers might know how to find which file is causing issues.

By the way, in order to try to better understand the issue, it is possible to rebuild the polkit package with debug symbols and analyze the core dumps which are generated.