Bug 268241

Summary: fc8t1 hangs while booting up with default selinux setup
Product: [Fedora] Fedora Reporter: IBM Bug Proxy <bugproxy>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: medium    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: ppc64   
OS: All   
URL: ARRAY(0x8bbc90)
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-09-10 14:20:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
screenshot
none
var-log-message
none
audit-log none

Description IBM Bug Proxy 2007-08-30 18:05:23 UTC 
After installation of fc8test1, during the first boot , system hangs by saying 
  " no more process in this runlevel". It is due to default selinux enabled.
When I rebooted the system with "selinux=0" parameter, It worked fine.

---uname -a------------
Linux p55lp1.in.ibm.com 2.6.23-0.61.rc1.git9.fc8 #1 SMP Tue Jul 31 17:10:34 EDT
2007 ppc64 ppc64 ppc64 GNU/Linux


--machine info------
p520,js21,p55..  (ppc64)



--message while booting---------
-
>>>>>>>>>>>>>>>some SELINUX messages <<<<<<<<<<<<<<
-


INIT: id 3 respawning too fast : disabled for 5 minutes
INIT: id 4 respawning too fast : disabled for 5 minutes
..
INIT: no process in this runlevel....................


and hanged



Reproducable? yes (will update the complete log soon)


thanks
Comment 1 IBM Bug Proxy 2007-08-31 04:35:37 UTC 
Created attachment 182681 [details]
screenshot

Hi,
(In reply to comment #2)
> Hi Omar, are you seeing any AVC messages? Please attach
>var/log/audit/audit.log and /var/log/messages.
I could see some "avc:denied" messages , while booting up the system with
selinux=1 as boot parameter .Attaching screenshot,


> You said this is the first boot but I want to make sure - was the machine
> installed or booted with SELinux disabled before the hang occured? 

yes machine installed with selinux disabled.
>If so, you  may need to relabel the filesystem (touch /.autorelabel and
reboot).


I did what u said, I got booted up into the system and got some avc messages in
var-log

------/var/log/messages-----------
Aug 31 09:41:16 p520b kernel: audit(1188533451.349:3): avc:  denied  { execmem
} for  pid=582 comm="rc.sysinit" scontext=system_u:system_r:init_t:s0
tcontext=system_u:system_r:init_t:s0 tclass=process
Aug 31 09:41:16 p520b kernel: audit(1188533451.464:4): avc:  denied  { execmem
} for  pid=584 comm="uname" scontext=system_u:system_r:initrc_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=process
Aug 31 09:41:16 p520b kernel: audit(1188533461.519:5): avc:  denied  { execmem
} for  pid=1153 comm="sh" scontext=system_u:system_r:loadkeys_t:s0
tcontext=system_u:system_r:loadkeys_t:s0 tclass=process
Aug 31 09:41:16 p520b kernel: audit(1188533462.610:6): avc:  denied  { execmem
} for  pid=1182 comm="fsck.ext3" scontext=system_u:system_r:fsadm_t:s0
tcontext=system_u:system_r:fsadm_t:s0 tclass=process
Aug 31 09:41:16 p520b kernel: audit(1188533467.085:7): avc:  denied  { execmem
} for  pid=1302 comm="true" scontext=system_u:system_r:initrc_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=process

After restarting it has come to original back to the same stage saying

---" no more processes in runlevel "
and got hanged




--thanks
omar
Comment 2 IBM Bug Proxy 2007-08-31 05:05:55 UTC 
Created attachment 182701 [details]
var-log-message
Comment 3 IBM Bug Proxy 2007-08-31 05:05:57 UTC 
Created attachment 182721 [details]
audit-log
Comment 4 Daniel Walsh 2007-08-31 10:06:23 UTC 
This is a known problem with the ppc architecture.  Basically the build
environment/tool chain is setup wrong.  Every executable requires execmem.  You
can turn on the boolean 

setsebool -P allow_execmem=1

Which will help, but they are working on a rebuild of ppc.

You might have to run in permissive mode until the next test release.
Comment 5 Daniel Walsh 2007-09-10 14:20:25 UTC 
All of the ppc packages have been rebuilt correctly in rawhide, so this bug
should be fixed.
Comment 6 IBM Bug Proxy 2007-09-19 06:05:49 UTC 
------- Comment From mohd.omar.com 2007-09-19 02:00 EDT-------
Hi all,

fc8test2 doesn't throw any AVC messages with default boot.

--thanks
omar
Comment 7 IBM Bug Proxy 2007-09-25 13:32:55 UTC 
------- Comment From amitarora.com 2007-09-25 05:57 EDT-------
Closing the bug at IBM side.