Bug 119778 - selinux and kernel upgrade
selinux and kernel upgrade
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: policy (Show other bugs)
rawhide
i686 Linux
medium Severity high
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
: SELinux
Depends On:
Blocks: FC2Blocker
  Show dependency treegraph
 
Reported: 2004-04-01 22:46 EST by Jason
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-04-13 13:55:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jason 2004-04-01 22:46:55 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6)
Gecko/20040113

Description of problem:
I did a fresh clean install of FC2T2 and have selinux enable.  I tried
to update the kernel to 2.6.4-1.300 (rpm -Uvh kernel-2.6.4-1.300.i686)
and got the following selinux related errors.  The grub.conf was not
updated, I had to update it manually.  I was logged on as root when I
did the rpm -Uvh.  After updating grub.conf and rebooting the kernel
boots so the install appears to have completed properly, but just not
updating grub.conf.

Apr  1 20:48:37 excalibur kernel: audit(1080874117.217:0): avc: 
denied  { read } for  pid=1884 exe=/sbin/consoletype path=pipe:[6146]
dev= ino=6146 scontext=root:system_r:consoletype_t
tcontext=root:sysadm_r:rpm_t tclass=fifo_file
Apr  1 20:53:17 excalibur kernel: loop: loaded (max 8 devices)
Apr  1 20:54:14 excalibur kernel: audit(1080874454.047:0): avc: 
denied  { search } for  pid=1952 exe=/bin/bash name=root dev=sdb2
ino=210913 scontext=root:sysadm_r:bootloader_t
tcontext=root:object_r:staff_home_dir_t tclass=dir
Apr  1 20:54:36 excalibur kernel: SELinux: initialized (dev loop0,
type ext2), uses xattr
Apr  1 20:54:43 excalibur kernel: audit(1080874483.785:0): avc: 
denied  { search } for  pid=2302 exe=/sbin/grubby name=root dev=sdb2
ino=210913 scontext=root:sysadm_r:bootloader_t
tcontext=root:object_r:staff_home_dir_t tclass=dir
Apr  1 20:54:43 excalibur kernel: audit(1080874483.807:0): avc: 
denied  { write } for  pid=2302 exe=/sbin/grubby name=dev dev=sdb2
ino=859873 scontext=root:sysadm_r:bootloader_t
tcontext=system_u:object_r:device_t tclass=dir
Apr  1 20:54:43 excalibur kernel: audit(1080874483.827:0): avc: 
denied  { unlink } for  pid=2302 exe=/sbin/grubby name=grub.conf
dev=sdb1 ino=2011 scontext=root:sysadm_r:bootloader_t
tcontext=root:object_r:etc_t tclass=file
Apr  1 20:54:43 excalibur kernel: audit(1080874483.828:0): avc: 
denied  { unlink } for  pid=2302 exe=/sbin/grubby name=grub.conf
dev=sdb1 ino=2011 scontext=root:sysadm_r:bootloader_t
tcontext=root:object_r:etc_t tclass=file
Apr  1 20:55:13 excalibur kernel: audit(1080874513.693:0): avc: 
denied  { search } for  pid=2317 exe=/sbin/grubby name=root dev=sdb2
ino=210913 scontext=root:sysadm_r:bootloader_t
tcontext=root:object_r:staff_home_dir_t tclass=dir
Apr  1 20:55:13 excalibur kernel: audit(1080874513.696:0): avc: 
denied  { unlink } for  pid=2317 exe=/sbin/grubby name=grub.conf
dev=sdb1 ino=2011 scontext=root:sysadm_r:bootloader_t
tcontext=root:object_r:etc_t tclass=file
Apr  1 20:55:13 excalibur kernel: audit(1080874513.696:0): avc: 
denied  { unlink } for  pid=2317 exe=/sbin/grubby name=grub.conf
dev=sdb1 ino=2011 scontext=root:sysadm_r:bootloader_t
tcontext=root:object_r:etc_t tclass=file



Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.  install FC2T2
2.  try to update kernel
3.
    

Actual Results:  grub.conf did not update

Expected Results:  grub.conf should have been updated with the new
kernel information

Additional info:
Comment 1 Jason 2004-04-02 18:15:56 EST
I just updated to policy-1.9.2-5.noarch.rpm and policy-sources-1.9.2-5
with the same results.
Comment 2 Daniel Walsh 2004-04-05 23:04:02 EDT
Why is your /etc/grub.conf file not a link to ../boot/grub/grub.conf

The problem is being caused because this is not a link
Comment 3 Jason 2004-04-06 11:37:20 EDT
I just checked and /etc/grub.conf is a link to ../boot/grub/grub.conf

Comment 4 Daniel Walsh 2004-04-08 09:43:34 EDT
Can you recreate the problem.

Dan
Comment 5 Jason 2004-04-08 10:51:18 EDT
It happened when I upgraded the kernel to 303.  I will check this
weekend when I upgrade to 305 (or whatever version is avaiable later
today).
Comment 6 Jason 2004-04-13 12:40:01 EDT
The latest policy and kernel did not show this problem.

Note You need to log in before you can comment on or make changes to this bug.