Bug 175529

Summary: selinux causes boot failure
Product: [Fedora] Fedora Reporter: David Woodhouse <dwmw2>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: notting, orion
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-12-22 22:38:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Woodhouse 2005-12-12 13:07:34 UTC 
Clean current rawhide installation needs 'selinux=0' on the kernel command line
to boot. Otherwise...

no fstab.sys, mounting internal defaults
Switching to new root and running init.
unmounting old /dev
unmounting old /proc
unmounting old /sys
Kernel panic - not syncing: Attempted to kill init!
Call Trace:
[C0000000028EBB40] [C00000000002B7C4] .show_stack+0x54/0x1f0 (unreliable)
[C0000000028EBBF0] [C000000000067B20] .panic+0x90/0x230
[C0000000028EBCB0] [C00000000006DCCC] .do_exit+0xb4c/0xdb0
[C0000000028EBD90] [C00000000006DF80] .do_group_exit+0x50/0xd0
[C0000000028EBE30] [C0000000000085F8] syscall_exit+0x0/0x40
Comment 1 Bill Nottingham 2005-12-12 19:06:50 UTC 
What init, and what policy?

I *think* this is because policy is accidentally getting removed.
Comment 2 David Woodhouse 2005-12-12 22:03:31 UTC 
20051211 rawhide -- SysVinit-2.85-42 and selinux-policy-targeted-2.1.2-1

This is uranus.cambridge.redhat.com; talk to me on irc, or dhowells or pnasrat
or one of many others, to find its root password.
Comment 3 David Woodhouse 2005-12-12 22:05:10 UTC 
Same exit happens when booted with init=/bin/bash, btw.
Comment 4 Bill Nottingham 2005-12-12 22:23:48 UTC 
Hm, sounds almost kernel-related then. Do older kernels work?
Comment 5 David Woodhouse 2005-12-12 23:04:07 UTC 
Not sure -- I haven't had selinux enabled on a rawhide machine for some time.
I'll back down to a kernel before the gcc 4.1 switch and see what happens.
Comment 6 Daniel Walsh 2005-12-13 15:17:36 UTC 
Can you boot with enforcing=0?  Is this a fresh install?  If yes, the install
was not builing the policy file successfully and init will blow up if there is
no policy file on disk.  There is a fix to init to output an error when the
policy file does not exist.  You can create a new policy file by executing

semodule -b /usr/share/selinux/targeted/base.pp
Comment 7 Orion Poplawski 2005-12-22 17:21:01 UTC 
I'm seeing this with a fresh install of today's rawhide kernel-2.6.14-1.1777_FC5.

Looks like no policy is installed:

-bash-3.00# rpm -qa selinux\*
-bash-3.00# rpm -qf /etc/selinux/config
file /etc/selinux/config is not owned by any package

This was a kickstart install.  There was no selinux line in the original ks
file, but the installed anaconda-ks.cfg does show "selinux --enforcing".

Perhaps an anaconda issue?
Comment 8 Orion Poplawski 2005-12-22 18:37:33 UTC 
Installing selinux-policy-targeted and running fixfiles relabel has me up and
running normally.
Comment 9 Daniel Walsh 2005-12-22 20:20:31 UTC 
does a /etc/selinux/targeted/policy/policy.20 file exist?

Dan
Comment 10 Orion Poplawski 2005-12-22 20:23:12 UTC 
It does now.  Date is after I installed selinux-policy-targeted.

# ls -l /etc/selinux/targeted/policy/policy.20
-rw-r--r-- 1 root root 653973 Dec 22 12:09 /etc/selinux/targeted/policy/policy.20
Comment 11 Daniel Walsh 2005-12-22 21:43:03 UTC 
So is the system still crashing.  I am not seeing this here.  I know the /home
and /root directories are mislabeled.

restorecon -R -v /home /root 

Should clear that up.

Working to get anaconda fixed.
Comment 12 Orion Poplawski 2005-12-22 21:46:04 UTC 
System is fine now as indicated in comment #8.  Although I am seeing lots of
avc: denied messages.  I'll deal with those separately.