Login looping after timeshift restore

phalkon · October 7, 2019, 5:36pm

Hi,

since sytem restoral from timeshift backup, I’m not able to login to my system. I tried to login without graphical environment by switching to different tty, but the screen just reset after successful login, both for normal user as for root. If i give incorrect password it does present me with incorrect password message, but if the password is correct, it just resets the screen back to login without any error message.

Syntax of /etc/passwd and /etc/shadow seems ok.
Permissions:

# ls -l /etc/passwd /etc/shadow
-rw-r--r--. 1 root root 2857 Jun  9 22:17 /etc/passwd
----------. 1 root root 1463 Jun  9 22:17 /etc/shadow

I also tried to boot into the Fedora recovery option, but for some reason, that failed even more. It completely failed to mount the filesystems, but i’m not sure if that’s related.

I tried multiple snapshots, just to see if there could be some corrupted files, but all of them have the same exact issue. I also tried to chroot into the system from livecd and reinstall every installed package to check if it’ll fix corrupted files or something, but it didn’t help.

Here’s log from trying to login as root on tty2.

Oct 07 15:47:06 aerie systemd[1]: Started Getty on tty2.
Oct 07 15:47:06 aerie audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 msg='unit=getty@tty2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Oct 07 15:47:06 aerie kernel: fbcon: Taking over console
Oct 07 15:47:06 aerie kernel: Console: switching to colour frame buffer device 240x67
Oct 07 15:47:09 aerie audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res>
Oct 07 15:47:14 aerie audit[1930]: USER_AUTH pid=1930 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 msg='op=PAM:authentication grantors=pam_unix acct="root" exe="/usr/bin/login" hostname=aerie addr=? terminal=tt>
Oct 07 15:47:14 aerie audit[1930]: USER_ACCT pid=1930 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="root" exe="/usr/bin/login" hostname=aerie addr=? t>
Oct 07 15:47:14 aerie audit[1930]: CRED_ACQ pid=1930 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/login" hostname=aerie addr=? terminal=tty2 res=s>
Oct 07 15:47:14 aerie audit[1930]: USER_ROLE_CHANGE pid=1930 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0 selected-context=unconfined_u:unconfined_r:unconfined_>
Oct 07 15:47:14 aerie systemd[1]: Created slice User Slice of UID 0.
Oct 07 15:47:14 aerie systemd[1]: Starting User Runtime Directory /run/user/0...
Oct 07 15:47:14 aerie systemd-logind[1466]: New session 5 of user root.
Oct 07 15:47:14 aerie systemd[1]: Started User Runtime Directory /run/user/0.
Oct 07 15:47:14 aerie audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 msg='unit=user-runtime-dir@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=succe>
Oct 07 15:47:14 aerie systemd[1]: Starting User Manager for UID 0...
Oct 07 15:47:14 aerie audit[1951]: USER_ACCT pid=1951 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="root" exe="/usr/lib/systemd/systemd" hostname=? ad>
Oct 07 15:47:14 aerie audit[1951]: USER_ROLE_CHANGE pid=1951 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0 selected-context=unconfined_u:unconf>
Oct 07 15:47:14 aerie systemd[1951]: pam_unix(systemd-user:session): session opened for user root by (uid=0)
Oct 07 15:47:14 aerie audit[1951]: USER_START pid=1951 uid=0 auid=0 ses=6 subj=system_u:system_r:kernel_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" e>
Oct 07 15:47:14 aerie audit[1951]: AVC avc:  denied  { transition } for  pid=1951 comm="(systemd)" path="/usr/lib/systemd/systemd" dev="dm-2" ino=550406 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:unconfined_r:unconfined>
Oct 07 15:47:14 aerie systemd[1951]: user@0.service: Failed to execute command: Permission denied
Oct 07 15:47:14 aerie systemd[1951]: user@0.service: Failed at step EXEC spawning /usr/lib/systemd/systemd: Permission denied
Oct 07 15:47:14 aerie systemd[1]: user@0.service: Failed with result 'protocol'.
Oct 07 15:47:14 aerie systemd[1]: Failed to start User Manager for UID 0.
Oct 07 15:47:14 aerie audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 msg='unit=user@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Oct 07 15:47:14 aerie systemd[1]: Started Session 5 of user root.
Oct 07 15:47:14 aerie login[1930]: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
Oct 07 15:47:14 aerie audit[1930]: USER_START pid=1930 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_console,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_lim>
Oct 07 15:47:14 aerie audit[1930]: CRED_REFR pid=1930 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/login" hostname=aerie addr=? terminal=tty2 res=success'
Oct 07 15:47:14 aerie audit[1930]: USER_LOGIN pid=1930 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 msg='op=login id=0 exe="/usr/bin/login" hostname=aerie addr=? terminal=tty2 res=success'
Oct 07 15:47:14 aerie login[1930]: ROOT LOGIN ON tty2
Oct 07 15:47:14 aerie audit[1964]: AVC avc:  denied  { transition } for  pid=1964 comm="login" path="/usr/bin/bash" dev="dm-2" ino=524922 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=pr>
Oct 07 15:47:14 aerie audit[1930]: CRED_DISP pid=1930 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/login" hostname=aerie addr=? terminal=tty2 res=success'
Oct 07 15:47:14 aerie login[1930]: pam_unix(login:session): session closed for user root
Oct 07 15:47:14 aerie audit[1930]: USER_END pid=1930 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_console,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limi>
Oct 07 15:47:14 aerie audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 msg='unit=getty@tty2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Oct 07 15:47:14 aerie systemd-logind[1466]: Session 5 logged out. Waiting for processes to exit.
Oct 07 15:47:14 aerie systemd[1]: getty@tty2.service: Service has no hold-off time (RestartSec=0), scheduling restart.
Oct 07 15:47:14 aerie systemd[1]: getty@tty2.service: Scheduled restart job, restart counter is at 1.
Oct 07 15:47:14 aerie systemd[1]: Stopped Getty on tty2.

And there errors caught my eye.

Oct 07 15:47:14 aerie systemd[1951]: user@0.service: Failed to execute command: Permission denied
Oct 07 15:47:14 aerie systemd[1951]: user@0.service: Failed at step EXEC spawning /usr/lib/systemd/systemd: Permission denied
Oct 07 15:47:14 aerie systemd[1]: user@0.service: Failed with result 'protocol'.
Oct 07 15:47:14 aerie systemd[1]: Failed to start User Manager for UID 0.

This is the service file.

# cat user@.service 
#  SPDX-License-Identifier: LGPL-2.1+
#
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

[Unit]
Description=User Manager for UID %i
Documentation=man:user@.service(5)
After=systemd-user-sessions.service
After=user-runtime-dir@%i.service
Requires=user-runtime-dir@%i.service
IgnoreOnIsolate=yes

[Service]
User=%i
PAMName=systemd-user
Type=notify
ExecStart=-/usr/lib/systemd/systemd --user
Slice=user-%i.slice
KillMode=mixed
Delegate=pids memory
TasksMax=infinity
TimeoutStopSec=120s

I’m not exactly sure what it does, but it looks to me like it’s running an instance of systemd on user level? So it might not be connected, because of course it would fail if i didn’t actually manage to login? Or is it connected? Not sure. :]

As i don’t know where else to investigate, here are complete logs from boot.

Normal boot: Oct 07 15:46:29 aerie kernel: microcode: microcode updated early to revision 0xb - Pastebin.com

Rescue boot: Oct 07 15:47:54 localhost kernel: microcode: microcode updated early to revision - Pastebin.com

Thanks for any help. :]

qulogic · October 7, 2019, 7:58pm

What exactly did you restore using timeshift?

phalkon · October 7, 2019, 8:21pm

Everything, except /home.
I upgraded to Fedora 30, but few things didn’t work as I had it setup on F29. I thought it’s fine and restored backup of F29.

Even if there was an issue with the home folder though, i still should be able to login as root. I looked into the logs of timeshift, but couldn’t find any errors. I could share the logs, but it’s just list of files and it’s it’s quite long (more than 50MB).

qulogic · October 7, 2019, 10:50pm

phalkon:

Oct 07 15:47:14 aerie audit[1964]: AVC avc: denied { transition } for pid=1964 comm="login" path="/usr/bin/bash" dev="dm-2" ino=524922 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=pr>

There’s an SELinux denial here. I would guess that when timeshift restored everything, it didn’t correctly re-label everything. We could go through which files may or may not be wrong, but the easiest fix is to re-label the entire filesystem.

You can do that by starting the LiveCD/LiveUSB, mounting your root filesystem somewhere and running touch /path/to/root/.autorelabel. Then when you reboot, it should re-label everything on that filesystem (it might take some time.)

phalkon · October 8, 2019, 10:11am

Thanks, that was it.
I didn’t know much about SELinux and this would probably take me ages to figure out by myself, so thank you very much.

Also if anybody stumbles upon this thread and would like to read a bit more about this: HowTos/SELinux - CentOS Wiki

hhlp · October 8, 2019, 11:49am

Timeshift should back up SELinux context too, to prevent this issues, please read this POST.

https://github.com/teejee2008/timeshift/issues/285

Regards.,

system · November 5, 2019, 11:49am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.