Bug 180179
Summary: | kernel-2.6.15-1.1830_FC4 gives SELinux errors on boot | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Matthew Saltzman <mjs> |
Component: | kernel | Assignee: | Dave Jones <davej> |
Status: | CLOSED ERRATA | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 5 | CC: | jmorris, pfrields, sdsmall, wtogami |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | NeedsRetesting | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-04-04 21:12:02 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Matthew Saltzman
2006-02-06 16:47:30 UTC
Have verified that these messages are supressed in quiet mode, but in non-quiet mode, they appear with FC4 2.6.14 kernels also. Likely an interleaving of device detection / hotplug execution with the initial setup of SELinux upon the initial policy load by init. Not certain as to the best solution here. Stephen, would your patch from bug 180296 suppress this ? No, different issue. In this case (IIUC), the inodes are labeled correctly on disk, but we are hitting a race between the initial setup of SELinux upon first policy load by /sbin/init and a hotplug execution, so that hotplug is accessing inodes before SELinux gets done setting up their incore labels. This is tricky, as we have to allow execution of usermode helpers prior to initial policy load for any setup prior to /sbin/init (e.g. from initrd), but we want to essentially block them once we initiate a policy load until the entire SELinux setup is finished. [This comment added as part of a mass-update to all open FC4 kernel bugs] FC4 has now transitioned to the Fedora legacy project, which will continue to release security related updates for the kernel. As this bug is not security related, it is unlikely to be fixed in an update for FC4, and has been migrated to FC5. Please retest with Fedora Core 5. Thank you. A new kernel update has been released (Version: 2.6.18-1.2200.fc5) based upon a new upstream kernel release. Please retest against this new kernel, as a large number of patches go into each upstream release, possibly including changes that may address this problem. This bug has been placed in NEEDINFO state. Due to the large volume of inactive bugs in bugzilla, if this bug is still in this state in two weeks time, it will be closed. Should this bug still be relevant after this period, the reporter can reopen the bug at any time. Any other users on the Cc: list of this bug can request that the bug be reopened by adding a comment to the bug. In the last few updates, some users upgrading from FC4->FC5 have reported that installing a kernel update has left their systems unbootable. If you have been affected by this problem please check you only have one version of device-mapper & lvm2 installed. See bug 207474 for further details. If this bug is a problem preventing you from installing the release this version is filed against, please see bug 169613. If this bug has been fixed, but you are now experiencing a different problem, please file a separate bug for the new problem. Thank you. |