Login to any user including system user fails at tty and via ssh after today’s update that includes kernel-core-5.14.0-162.12.1.el9_1.0.1.x86_64
Reverting to prior kernel and all is OK.
This is the only log information I could find:
Jan 29 08:43:58 bagend systemd[2925]: user@1007.service: Failed to execute /usr/lib/systemd/systemd: Permission denied
Jan 29 08:43:58 bagend systemd[2925]: user@1007.service: Failed at step EXEC spawning /usr/lib/systemd/systemd: Permission denied
Jan 29 08:43:58 bagend systemd[1]: user@1007.service: Main process exited, code=exited, status=203/EXEC
Jan 29 08:43:58 bagend systemd[1]: user@1007.service: Failed with result 'exit-code'.
Jan 29 08:43:58 bagend systemd[1]: Failed to start User Manager for UID 1007.```
Strange, I don’t seem to have these symptoms. I just updated to the new kernel now, have rebooted and been able to connect as root as well as regular user via ssh.
Can you double-check permissions for systemd:
[root@rocky9 ~]# ls -lha /usr/lib/systemd/systemd
-rwxr-xr-x. 1 root root 1.9M Jan 23 21:07 /usr/lib/systemd/systemd
maybe also check /var/log/audit/audit.log in case of some selinux stuff.
So w/o rebooting yet it does appear to be selinux related, mainly that it is enabled. I have only had one kernel since I installed in December. When I converted my system to UEFI boot I used grub-editenv to add selinux=0 to the kernel parameters. I also edited /etc/default/grub to add the same to the commandline arguments there. I checked the grubenv file there and it contains the kernel option selinux=0 also. There are the two entries under /boot/loader/entries the prior kernel has selinux=0 and omits rhgb and quiet while the new entry adds back rhgb, quiet and omits selinux=0.
So I know how to fix this for now but what is preventing my choices from persisting on new kernel installs?
Usually if I disable selinux its in /etc/selinux/config. Never ever done it via grub. I stopped disabling selinux a long time back and prefer to use it.
The other alternative is check /etc/default/grub and ensure on the GRUB_CMDLINE_LINUX has the selinux=0 entry. Usually though, you don’t need to do that, just edit /etc/selinux/config and change to disabled in there.
just edit /etc/selinux/config and change to disabled in there.
As I understand it that route to disabling selinux is being deprecated in future implementations and the kernel parameter will be the only means to disable. But, that aside we still don’t know why the kernel update scripts did not pick up my defaults. I haven’t scoured all the logs yet so the answer may be there.
So reviewing the dnf logs it appears that the upgrade did not complete as there was an error message and missing information thereafter. I was using Cockpit for managing and I suspect it presented the reboot option prior to package cleanup operations completing. I"m attempting to do a dnf history redo 26 for that last update and I get these errors:
Those look like old rpm’s no longer found locally, so not sure that relates to the last transaction. For example, current Firefox is
[root@rocky9 ~]# dnf info firefox
Last metadata expiration check: 2:39:08 ago on Mon 30 Jan 2023 11:17:08 AM CET.
Available Packages
Name : firefox
Version : 102.7.0
I would expect it to show the later versions if it was the correct transaction to replay.
You’re right. Ugh, had to leave for work so I rushed through and obviously missed the obvious. Also have to reread the man page for dnf to make sure i’m using the syntax correctly.
So I reread man dnf and I did have the syntax correct.
If I enter:
dnf history info 26
I get the last transaction with the kernel distinguished as 12.1
If I enter:
dnf history redo 26
I get this completely erronious listing of the replaced packages in this transaction as well as listing the kernel distinguished as 6.1 for install
I ran a separate reinstall of kernel-core-5.14.0-162.12.1.el9_1.0.1.x86_64
and again the install missed my command line options to remove rhgb and quiet. I had to run grub2-mkconfig to correct the kernel parameters.
So I did a comparison with Fedora 37 grub2 packages and found that I was missing 3.
I don’t have those 3 grub packages. But I have also found that installing kernel, or kernel-core isn’t enough to get grub to generate the config. I simulated this by adding rhgb quiet to my /etc/default/grub. Just trying to figure out now what else could have called it, or a reinstall doesn’t completely run everything like it did during install.
The initial install/upgrade did do everything as intended though or as far as I see.
That is as I understand what the /boot/grub2/grubenv file is for. To populate that file you use the commands grub2-editenv or grubby. Which I did use to set up the initial environment for the 6.1 kernel and supposedly it is read on the next kernel update but is not.
I’ll have to do some comparison with my fedora install by exploring the install scripts as jlehtone has subsequently posted to see if it sheds some light.
The kernel install scripts are here:
/usr/lib/kernel/install.d/
The one of particular interest is 20-grub.install
Comparing that with the one in Fedora37 there are some distinct differences.
RL9.1
if [[ "x${GRUB_ENABLE_BLSCFG}" = "xtrue" ]] || [[ ! -f /sbin/new-kernel-pkg ]]; then
if [[ -f /etc/kernel/cmdline ]]; then
read -r -d '' -a BOOT_OPTIONS < /etc/kernel/cmdline
elif [[ -f /usr/lib/kernel/cmdline ]]; then
read -r -d '' -a BOOT_OPTIONS < /usr/lib/kernel/cmdline
else
declare -a BOOT_OPTIONS
read -r -d '' -a line < /proc/cmdline
for i in "${line[@]}"; do
[[ "${i#initrd=*}" != "$i" ]] && continue
[[ "${i#BOOT_IMAGE=*}" != "$i" ]] && continue
BOOT_OPTIONS+=("$i")
done
fi
Fedora37
if [[ "x${GRUB_ENABLE_BLSCFG}" = "xtrue" ]] || [[ ! -f /sbin/new-kernel-pkg ]]; then
if [[ -f /etc/kernel/cmdline ]]; then
if [[ /etc/kernel/cmdline -ot /etc/default/grub ]]; then
# user modified /etc/default/grub manually; sync
grub2-mkconfig -o /etc/grub2.cfg
fi
read -r -d '' -a BOOT_OPTIONS < /etc/kernel/cmdline
elif [[ -f /usr/lib/kernel/cmdline ]]; then
read -r -d '' -a BOOT_OPTIONS < /usr/lib/kernel/cmdline
else
declare -a BOOT_OPTIONS
read -r -d '' -a line < /proc/cmdline
for i in "${line[@]}"; do
[[ "${i#initrd=*}" != "$i" ]] && continue
[[ "${i#BOOT_IMAGE=*}" != "$i" ]] && continue
BOOT_OPTIONS+=("$i")
done
fi
So RL9 does not recognize /etc/default/grub or the grubenv file, why?
How do I populate /etc/kernel/commandline?
So jlehtone, that was the hint that finally solved it for me. In the end I created /etc/kernel/cmdline by hand and entered the options line parameters from the working kernel .conf in /boot/loader/entries/
I uninstalled the latest kernel and reinstalled it via dnf upgrade and the correct parameters are now present and I can move on.