Bug 119778

Summary: selinux and kernel upgrade
Product: [Fedora] Fedora Reporter: Jason <dravet>
Component: policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact: Ben Levenson <benl>
Severity: high Docs Contact:
Priority: medium    
Version: rawhideCC: pgraner
Target Milestone: ---Keywords: SELinux
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-04-13 17:55:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 114961    

Description Jason 2004-04-02 03:46:55 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6)
Gecko/20040113

Description of problem:
I did a fresh clean install of FC2T2 and have selinux enable.  I tried
to update the kernel to 2.6.4-1.300 (rpm -Uvh kernel-2.6.4-1.300.i686)
and got the following selinux related errors.  The grub.conf was not
updated, I had to update it manually.  I was logged on as root when I
did the rpm -Uvh.  After updating grub.conf and rebooting the kernel
boots so the install appears to have completed properly, but just not
updating grub.conf.

Apr  1 20:48:37 excalibur kernel: audit(1080874117.217:0): avc: 
denied  { read } for  pid=1884 exe=/sbin/consoletype path=pipe:[6146]
dev= ino=6146 scontext=root:system_r:consoletype_t
tcontext=root:sysadm_r:rpm_t tclass=fifo_file
Apr  1 20:53:17 excalibur kernel: loop: loaded (max 8 devices)
Apr  1 20:54:14 excalibur kernel: audit(1080874454.047:0): avc: 
denied  { search } for  pid=1952 exe=/bin/bash name=root dev=sdb2
ino=210913 scontext=root:sysadm_r:bootloader_t
tcontext=root:object_r:staff_home_dir_t tclass=dir
Apr  1 20:54:36 excalibur kernel: SELinux: initialized (dev loop0,
type ext2), uses xattr
Apr  1 20:54:43 excalibur kernel: audit(1080874483.785:0): avc: 
denied  { search } for  pid=2302 exe=/sbin/grubby name=root dev=sdb2
ino=210913 scontext=root:sysadm_r:bootloader_t
tcontext=root:object_r:staff_home_dir_t tclass=dir
Apr  1 20:54:43 excalibur kernel: audit(1080874483.807:0): avc: 
denied  { write } for  pid=2302 exe=/sbin/grubby name=dev dev=sdb2
ino=859873 scontext=root:sysadm_r:bootloader_t
tcontext=system_u:object_r:device_t tclass=dir
Apr  1 20:54:43 excalibur kernel: audit(1080874483.827:0): avc: 
denied  { unlink } for  pid=2302 exe=/sbin/grubby name=grub.conf
dev=sdb1 ino=2011 scontext=root:sysadm_r:bootloader_t
tcontext=root:object_r:etc_t tclass=file
Apr  1 20:54:43 excalibur kernel: audit(1080874483.828:0): avc: 
denied  { unlink } for  pid=2302 exe=/sbin/grubby name=grub.conf
dev=sdb1 ino=2011 scontext=root:sysadm_r:bootloader_t
tcontext=root:object_r:etc_t tclass=file
Apr  1 20:55:13 excalibur kernel: audit(1080874513.693:0): avc: 
denied  { search } for  pid=2317 exe=/sbin/grubby name=root dev=sdb2
ino=210913 scontext=root:sysadm_r:bootloader_t
tcontext=root:object_r:staff_home_dir_t tclass=dir
Apr  1 20:55:13 excalibur kernel: audit(1080874513.696:0): avc: 
denied  { unlink } for  pid=2317 exe=/sbin/grubby name=grub.conf
dev=sdb1 ino=2011 scontext=root:sysadm_r:bootloader_t
tcontext=root:object_r:etc_t tclass=file
Apr  1 20:55:13 excalibur kernel: audit(1080874513.696:0): avc: 
denied  { unlink } for  pid=2317 exe=/sbin/grubby name=grub.conf
dev=sdb1 ino=2011 scontext=root:sysadm_r:bootloader_t
tcontext=root:object_r:etc_t tclass=file



Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.  install FC2T2
2.  try to update kernel
3.
    

Actual Results:  grub.conf did not update

Expected Results:  grub.conf should have been updated with the new
kernel information

Additional info:
Comment 1 Jason 2004-04-02 23:15:56 UTC 
I just updated to policy-1.9.2-5.noarch.rpm and policy-sources-1.9.2-5
with the same results.
Comment 2 Daniel Walsh 2004-04-06 03:04:02 UTC 
Why is your /etc/grub.conf file not a link to ../boot/grub/grub.conf

The problem is being caused because this is not a link
Comment 3 Jason 2004-04-06 15:37:20 UTC 
I just checked and /etc/grub.conf is a link to ../boot/grub/grub.conf
Comment 4 Daniel Walsh 2004-04-08 13:43:34 UTC 
Can you recreate the problem.

Dan
Comment 5 Jason 2004-04-08 14:51:18 UTC 
It happened when I upgraded the kernel to 303.  I will check this
weekend when I upgrade to 305 (or whatever version is avaiable later
today).
Comment 6 Jason 2004-04-13 16:40:01 UTC 
The latest policy and kernel did not show this problem.