Bug 119778 - selinux and kernel upgrade
Summary: selinux and kernel upgrade
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: policy   
(Show other bugs)
Version: rawhide
Hardware: i686 Linux
medium
high
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Keywords: SELinux
Depends On:
Blocks: FC2Blocker
TreeView+ depends on / blocked
 
Reported: 2004-04-02 03:46 UTC by Jason
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-04-13 17:55:02 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Jason 2004-04-02 03:46:55 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6)
Gecko/20040113

Description of problem:
I did a fresh clean install of FC2T2 and have selinux enable.  I tried
to update the kernel to 2.6.4-1.300 (rpm -Uvh kernel-2.6.4-1.300.i686)
and got the following selinux related errors.  The grub.conf was not
updated, I had to update it manually.  I was logged on as root when I
did the rpm -Uvh.  After updating grub.conf and rebooting the kernel
boots so the install appears to have completed properly, but just not
updating grub.conf.

Apr  1 20:48:37 excalibur kernel: audit(1080874117.217:0): avc: 
denied  { read } for  pid=1884 exe=/sbin/consoletype path=pipe:[6146]
dev= ino=6146 scontext=root:system_r:consoletype_t
tcontext=root:sysadm_r:rpm_t tclass=fifo_file
Apr  1 20:53:17 excalibur kernel: loop: loaded (max 8 devices)
Apr  1 20:54:14 excalibur kernel: audit(1080874454.047:0): avc: 
denied  { search } for  pid=1952 exe=/bin/bash name=root dev=sdb2
ino=210913 scontext=root:sysadm_r:bootloader_t
tcontext=root:object_r:staff_home_dir_t tclass=dir
Apr  1 20:54:36 excalibur kernel: SELinux: initialized (dev loop0,
type ext2), uses xattr
Apr  1 20:54:43 excalibur kernel: audit(1080874483.785:0): avc: 
denied  { search } for  pid=2302 exe=/sbin/grubby name=root dev=sdb2
ino=210913 scontext=root:sysadm_r:bootloader_t
tcontext=root:object_r:staff_home_dir_t tclass=dir
Apr  1 20:54:43 excalibur kernel: audit(1080874483.807:0): avc: 
denied  { write } for  pid=2302 exe=/sbin/grubby name=dev dev=sdb2
ino=859873 scontext=root:sysadm_r:bootloader_t
tcontext=system_u:object_r:device_t tclass=dir
Apr  1 20:54:43 excalibur kernel: audit(1080874483.827:0): avc: 
denied  { unlink } for  pid=2302 exe=/sbin/grubby name=grub.conf
dev=sdb1 ino=2011 scontext=root:sysadm_r:bootloader_t
tcontext=root:object_r:etc_t tclass=file
Apr  1 20:54:43 excalibur kernel: audit(1080874483.828:0): avc: 
denied  { unlink } for  pid=2302 exe=/sbin/grubby name=grub.conf
dev=sdb1 ino=2011 scontext=root:sysadm_r:bootloader_t
tcontext=root:object_r:etc_t tclass=file
Apr  1 20:55:13 excalibur kernel: audit(1080874513.693:0): avc: 
denied  { search } for  pid=2317 exe=/sbin/grubby name=root dev=sdb2
ino=210913 scontext=root:sysadm_r:bootloader_t
tcontext=root:object_r:staff_home_dir_t tclass=dir
Apr  1 20:55:13 excalibur kernel: audit(1080874513.696:0): avc: 
denied  { unlink } for  pid=2317 exe=/sbin/grubby name=grub.conf
dev=sdb1 ino=2011 scontext=root:sysadm_r:bootloader_t
tcontext=root:object_r:etc_t tclass=file
Apr  1 20:55:13 excalibur kernel: audit(1080874513.696:0): avc: 
denied  { unlink } for  pid=2317 exe=/sbin/grubby name=grub.conf
dev=sdb1 ino=2011 scontext=root:sysadm_r:bootloader_t
tcontext=root:object_r:etc_t tclass=file



Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.  install FC2T2
2.  try to update kernel
3.
    

Actual Results:  grub.conf did not update

Expected Results:  grub.conf should have been updated with the new
kernel information

Additional info:

Comment 1 Jason 2004-04-02 23:15:56 UTC
I just updated to policy-1.9.2-5.noarch.rpm and policy-sources-1.9.2-5
with the same results.

Comment 2 Daniel Walsh 2004-04-06 03:04:02 UTC
Why is your /etc/grub.conf file not a link to ../boot/grub/grub.conf

The problem is being caused because this is not a link

Comment 3 Jason 2004-04-06 15:37:20 UTC
I just checked and /etc/grub.conf is a link to ../boot/grub/grub.conf



Comment 4 Daniel Walsh 2004-04-08 13:43:34 UTC
Can you recreate the problem.

Dan

Comment 5 Jason 2004-04-08 14:51:18 UTC
It happened when I upgraded the kernel to 303.  I will check this
weekend when I upgrade to 305 (or whatever version is avaiable later
today).

Comment 6 Jason 2004-04-13 16:40:01 UTC
The latest policy and kernel did not show this problem.


Note You need to log in before you can comment on or make changes to this bug.