Bug 178125
Summary: | rc.sysinit complaining after selinux policy rebuild | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Nicolas Mailhot <nicolas.mailhot> | ||||||
Component: | initscripts | Assignee: | Bill Nottingham <notting> | ||||||
Status: | CLOSED RAWHIDE | QA Contact: | Brock Organ <borgan> | ||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | rawhide | CC: | dwalsh, rvokal | ||||||
Target Milestone: | --- | Keywords: | SELinux | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2006-01-27 06:20:48 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 150221 | ||||||||
Attachments: |
|
Description
Nicolas Mailhot
2006-01-17 21:32:31 UTC
What error messages are you seeing? Are you seeing any AVC messages in /var/log/audit/audit.log or /var/log/messages? Well, I don't know if it's relevant or not - I usually ignore the avcs during the policy relabel boot. Anyway, my dmesg says has a lot of things in it (luckily I haven't rebooted yet) This is using policy 2.1.12-2, I think the problem is older Could you attach those avc messages? Created attachment 123336 [details]
system dmesg after relabel boot
Created attachment 123337 [details]
audit.log on the same system, starting with last auditd start
The actual sysinit error deos not seem to have been logged anywhere (sorry about the lag, network is fluctuating wildly there) Hm, line 73 is where it resets the SELinux mode (enforcing, permissive, etc.) So this would imply that before it started relabeling, it's running in the wrong domain, and can't change the mode back? I suppose we would need to catch that and then reboot, but without the error message, not sure what we'd check for. :/ It Should be running in initrc_t. Many fixes in policy for fetchmail problems. if id -Z not = initrc_t reboot. Or if it could tell init to start the rc script again? Of course init needs to be running as init_t... The test at the moment is: REBOOTFLAG=`restorecon -v /sbin/init` (i.e., if init has the wrong context on the file, then reboot.) Should we just check for initrc_t instead? No that is fine. |