Bug 426523

Summary: kernel-2.6.24-0.118.rc5.git6.fc9 fails to install, AVCs + nash segv
Product: [Fedora] Fedora Reporter: Tom London <selinux>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: valdis.kletnieks
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-12-27 17:39:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tom London 2007-12-21 19:45:46 UTC 
Description of problem:
'yum update' of kernel-2.6.24-0.118.rc5.git6.fc9 results in:
  Installing: kernel                       ####################### [25/96] 
/sbin/new-kernel-pkg: line 254: /sbin/depmod: Permission denied
nash received SIGSEGV!  Backtrace (11):
/sbin/nash[0x805315a]
[0x110440]
/lib/libglib-2.0.so.0[0x1c01a3]
/usr/lib/libbdevid.so.6.0.24(bdevid_module_unload_all+0x31)[0x528e37]
/usr/lib/libbdevid.so.6.0.24(bdevid_destroy+0x2d)[0x52857c]
/usr/lib/libnash.so.6.0.24[0x5a0198]
/usr/lib/libnash.so.6.0.24(nash_vitals_destroy_probes+0x3f)[0x5a0810]
/usr/lib/libnash.so.6.0.24(_nashFreeContext+0x1c)[0x590fd6]
/sbin/nash[0x80536f4]
/lib/libc.so.6(__libc_start_main+0xe0)[0x72a4a0]
/sbin/nash[0x804ae71]

/var/log/audit/audit.log shows:


type=USER_ACCT msg=audit(1198263661.337:32): user pid=5841 uid=0 auid=4294967295
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct=root
exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
type=USER_START msg=audit(1198264653.970:33): user pid=7025 uid=0
auid=4294967295 subj=system_u:system_r:system_crond_t:s0
msg='op=PAM:session_open acct=beaglidx exe="/sbin/runuser" (hostname=?, addr=?,
terminal=? res=success)'
type=CRED_ACQ msg=audit(1198264653.970:34): user pid=7025 uid=0 auid=4294967295
subj=system_u:system_r:system_crond_t:s0 msg='op=PAM:setcred acct=beaglidx
exe="/sbin/runuser" (hostname=?, addr=?, terminal=? res=success)'
type=CRED_DISP msg=audit(1198264684.518:35): user pid=7025 uid=0 auid=4294967295
subj=system_u:system_r:system_crond_t:s0 msg='op=PAM:setcred acct=beaglidx
exe="/sbin/runuser" (hostname=?, addr=?, terminal=? res=success)'
type=USER_END msg=audit(1198264684.521:36): user pid=7025 uid=0 auid=4294967295
subj=system_u:system_r:system_crond_t:s0 msg='op=PAM:session_close acct=beaglidx
exe="/sbin/runuser" (hostname=?, addr=?, terminal=? res=success)'
type=USER_START msg=audit(1198264684.707:37): user pid=7073 uid=0
auid=4294967295 subj=system_u:system_r:system_crond_t:s0
msg='op=PAM:session_open acct=beaglidx exe="/sbin/runuser" (hostname=?, addr=?,
terminal=? res=success)'
type=CRED_ACQ msg=audit(1198264684.707:38): user pid=7073 uid=0 auid=4294967295
subj=system_u:system_r:system_crond_t:s0 msg='op=PAM:setcred acct=beaglidx
exe="/sbin/runuser" (hostname=?, addr=?, terminal=? res=success)'
type=CRED_DISP msg=audit(1198264685.187:39): user pid=7073 uid=0 auid=4294967295
subj=system_u:system_r:system_crond_t:s0 msg='op=PAM:setcred acct=beaglidx
exe="/sbin/runuser" (hostname=?, addr=?, terminal=? res=success)'
type=USER_END msg=audit(1198264685.188:40): user pid=7073 uid=0 auid=4294967295
subj=system_u:system_r:system_crond_t:s0 msg='op=PAM:session_close acct=beaglidx
exe="/sbin/runuser" (hostname=?, addr=?, terminal=? res=success)'
type=SELINUX_ERR msg=audit(1198265254.956:41): security_compute_sid:  invalid
context unconfined_u:unconfined_r:depmod_t:s0 for
scontext=unconfined_u:unconfined_r:rpm_script_t:s0
tcontext=system_u:object_r:depmod_exec_t:s0 tclass=process
type=SYSCALL msg=audit(1198265254.956:41): arch=40000003 syscall=11 success=no
exit=-13 a0=8aa6d40 a1=8a98cd8 a2=8a98e58 a3=0 items=0 ppid=8304 pid=8312
auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0
comm="new-kernel-pkg" exe="/bin/bash"
subj=unconfined_u:unconfined_r:rpm_script_t:s0 key=(null)


Version-Release number of selected component (if applicable):
selinux-policy-3.2.5-4.fc9

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Tom London 2007-12-21 19:51:34 UTC 
I reran the update in permissive mode, and it still fails.

So, looks like 2 issues, the denial of depmod and the nash crash.

I'll file a kernel 'zilla for the nash crash.
Comment 2 Valdis Kletnieks 2007-12-22 06:37:48 UTC 
What bug number got assigned for the nash issue?  The bugzilla query is wonky at
the moment and isn't showing an entry for 'component = nash', so searching for
"all nash bugs" doesn't work...
Comment 3 Daniel Walsh 2007-12-26 16:36:50 UTC 
Selinux issue is fixed in selinux-policy-3.2.5-5.fc9
Comment 4 Tom London 2007-12-26 16:42:12 UTC 
nash issue BZ'ed here: https://bugzilla.redhat.com/show_bug.cgi?id=426524

nash is a sub-component of mkinitrd, so it is BZ'ed there.
Comment 5 Tom London 2007-12-27 17:39:17 UTC 
Confirmed: 'rpm -ivh kernel-2.6.24-0.127.rc6.git3.fc9*' while in permissive mode
produced no AVCs, and depmod worked.

Closing.