Bug 856332

Summary: RHEL6.4 build panic after dracut FATAL: Initial SELinux policy load failed
Product: Red Hat Enterprise Linux 6 Reporter: Scott Poore <spoore>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED WORKSFORME QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.4CC: bili, dracut-maint-list, dwalsh, salim.talamas
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1101967 (view as bug list) Environment:
Last Closed: 2012-10-09 11:12:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
print screen none

Description Scott Poore 2012-09-11 19:35:15 UTC 
Description of problem:

Panic during RHEL 6.4 nightly build kickstart in beaker:

dracut: Mounted root filesystem /dev/sda3 
dracut: Loading SELinux policy 
type=1404 audit(1347361672.118:2): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 
dracut: SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.24: No such file or directory /sbin/load_policy: Can't load policy and enforcing mode requested: No such file or directory 
dracut Warning: Initial SELinux policy load failed. 
dracut: FATAL: Initial SELinux policy load failed. Machine in enforcing mode. To disable selinux, add selinux=0 to the kernel command line. 
dracut: Refusing to continue 
dracut Warning: Signal caught! 
  
  
 %G  
  
dracut Warning: dracut: FATAL: Initial SELinux policy load failed. Machine in enforcing mode. To disable selinux, add selinux=0 to the kernel command line. 
dracut Warning: dracut: Refusing to continue 
Kernel panic - not syncing: Attempted to kill init! 


Version-Release number of selected component (if applicable):

RHEL6.4-20120910.n.0 Server x86_64

How reproducible:
Unknown

Steps to Reproduce:
1. RHEL 6.4 build in beaker
  
Actual results:

panic

Expected results:

install OS without panic

Additional info:
Comment 2 Scott Poore 2012-09-18 17:49:51 UTC 
Any word on this one?

Here's a little more info from the failure I saw:

Kernel panic - not syncing: Attempted to kill init! 
Pid: 1, comm: init Not tainted 2.6.32-306.el6.x86_64 #1 
Call Trace: 
 [<ffffffff81503dff>] ? panic+0xa0/0x168 
 [<ffffffff81070eb2>] ? do_exit+0x862/0x870 
 [<ffffffff8117f365>] ? fput+0x25/0x30 
 [<ffffffff81070f18>] ? do_group_exit+0x58/0xd0 
 [<ffffffff81070fa7>] ? sys_exit_group+0x17/0x20 
 [<ffffffff8100b0f2>] ? system_call_fastpath+0x16/0x1b 

This was also seen on a different RHEL6.4 install attempt in sys.log:

17:09:46,735 INFO kernel:semodule[2533]: segfault at 1246c7e2cba ip 00007f19c450b6e1 sp 00007fff7baad210 error 4 in libsepol.so.1[7f19c44fe000+3b000]
17:13:16,604 INFO kernel:yum[10816]: segfault at 19619ec54b7 ip 00007f6d99cb6629 sp 00007fff2375c780 error 4 in libpython2.6.so.1.0[7f6d99bab000+171000]
Comment 3 Harald Hoyer 2012-09-20 09:20:32 UTC 
(In reply to comment #2)
> Any word on this one?
> 
> Here's a little more info from the failure I saw:
> 
> Kernel panic - not syncing: Attempted to kill init! 
> Pid: 1, comm: init Not tainted 2.6.32-306.el6.x86_64 #1 
> Call Trace: 
>  [<ffffffff81503dff>] ? panic+0xa0/0x168 
>  [<ffffffff81070eb2>] ? do_exit+0x862/0x870 
>  [<ffffffff8117f365>] ? fput+0x25/0x30 
>  [<ffffffff81070f18>] ? do_group_exit+0x58/0xd0 
>  [<ffffffff81070fa7>] ? sys_exit_group+0x17/0x20 
>  [<ffffffff8100b0f2>] ? system_call_fastpath+0x16/0x1b 


This happens, when dracut (process 1) stops. In this case because of:
dracut Warning: dracut: FATAL: Initial SELinux policy load failed. Machine in enforcing mode. To disable selinux, add selinux=0 to the kernel command line. 
dracut Warning: dracut: Refusing to continue

> 
> This was also seen on a different RHEL6.4 install attempt in sys.log:
> 
> 17:09:46,735 INFO kernel:semodule[2533]: segfault at 1246c7e2cba ip
> 00007f19c450b6e1 sp 00007fff7baad210 error 4 in
> libsepol.so.1[7f19c44fe000+3b000]
> 17:13:16,604 INFO kernel:yum[10816]: segfault at 19619ec54b7 ip
> 00007f6d99cb6629 sp 00007fff2375c780 error 4 in
> libpython2.6.so.1.0[7f6d99bab000+171000]

Well, seems like selinux is broken! Dracut cannot do anything about it.
Comment 4 Daniel Walsh 2012-09-26 21:12:03 UTC 
Is selinux-policy package installed?
Comment 5 Scott Poore 2012-10-04 19:16:59 UTC 
I'm guessing it was included in the image used for that phase of the kickstart boot/build.  I guess I don't know that for sure though.

This may be resolved now though.  I was able to successfully build a RHEL6.4 test with the latest build and it seems fine.
Comment 6 EricLee 2013-05-29 06:35:19 UTC 
Hi All,

I got the same error when I install VMs, the strange thing is that: I use the same profile to install two guests which with different disk format(one is qcow2, the other one is raw), only raw format disk will get the error after installed and can not boot up normally. Please see the attachment.

Can somebody tell me what's the problem?

Thanks,
Ericlee
Comment 7 EricLee 2013-05-29 06:36:33 UTC 
Created attachment 754199 [details]
print screen
Comment 8 Salim Talamas 2014-05-14 16:43:07 UTC 
We also had experienced the same issue as noted above on rhel 6.4.  To resolve the issue we did the following:

Problem: after disabling selinux, we encountered the following kernel panic -not syncing: Attempting to kill init!

Solution: 
Step1 - boot into rescue mode via rhel ISO image
Step2: navigate to the filesystem: /mnt/sysimage/etc/selinux/config 
Step3 - modify selinux=0 then reboot
Step4 - boot normally to rhel OS
Step5 - from CLI getenforce will display "Permissive"
Step6 - navigate to /etc/selinux/config and modify selinux=disabled
Step7 - reboot normally to rhel OS. Kernel panic should not occur
Step 8 - confirm getenforce displays "Disabled"