Bug 120048 - Recent SELinux package upgrade creates Kernel Panic
Summary: Recent SELinux package upgrade creates Kernel Panic
Status: CLOSED DUPLICATE of bug 119981
Alias: None
Product: Fedora
Classification: Fedora
Component: policycoreutils
Version: 2
Hardware: i386
OS: Linux
medium
high
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-04-05 15:09 UTC by Brandon Petersen
Modified: 2007-11-30 22:10 UTC (History)
2 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2006-02-21 19:02:25 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Brandon Petersen 2004-04-05 15:09:13 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6)
Gecko/20040225 Firefox/0.8

Description of problem:
A very recent yum upgrade of SELinux for Fedora Core2 Test2, possibly
policycoreutils, is causing a Kernel Panic during bootup.  I ran 'yum
upgrade' on the morning of April 5, 2004.  It updated the kernel,
SELinux packages and more.

After I attempted to boot, it says:

Enforcing mode requested but no policy loaded. Halted now.
Kernel Panic: Attempted to kill init!



Version-Release number of selected component (if applicable):
policycoreutils

How reproducible:
Always

Steps to Reproduce:
1.  Run 'yum upgrade' on Fedora Core 2 Test 2
2.  Reboot the machine
    

Actual Results:  During the boot process I get:

Enforcing mode requested but no policy loaded. Halted now.
Kernel Panic: Attempted to kill init!

The computer will go no farther and will not completely boot.

Expected Results:  Ability to boot the computer.

Additional info:

I wish I wrote down all the upgrades that occurred, but it was the
updates available on the morning of April 5, 2004.

I am running a Dell Dimension 2100.  It has 196mb of ram, an Intel
Celeron 800mhz.  It uses the Intel 810 video card.
Comment 1 Konstantin Ryabitsev 2004-04-05 16:25:33 UTC 
Seeing this, too, identical report.

Also, to resolve the situation I set selinux=permissive in
/etc/sysconfig/selinux, and now I get:

idicon@hagrid:[~]$ id -Z
Sorry, --context (-Z) can be used only on a selinux-enabled kernel.

Which doesn't seem to be an expected behavior.
Comment 2 Daniel Walsh 2004-04-05 18:23:27 UTC 
Do you have a selinux=0 in the grub.conf?

This indicates you are booting a kernel with SELinux support turned off.
Of you do not have a policy file installed.

Dan
Comment 3 Konstantin Ryabitsev 2004-04-05 18:25:14 UTC 
I noticed that /etc/security/selinux/policy.16 file was apparently
named /etc/security/selinux/policy. (trailing dot, no 16). After
moving it to .16, it worked.
Comment 4 Brandon Petersen 2004-04-05 18:32:46 UTC 
Thanks for the info about the policy file, the machine now nearly loads.  

When I boot normally, I now get an unending stream of the following
error message:

audit(1081178872.934:0): avc: denied { write } for pid=1063
exe=/sbin/klogd_name=log dev=hda2 ino=762650
scontext=system_u:system_r:klodg_t tcontext=system_u:object_r:file_t
tclass=sock_file

Brandon Petersen
Comment 5 Miloš Komarčević 2004-04-05 18:37:02 UTC 
Me thinks this is a dupe of bug 119981

Boot with enforcing=0, relabel, then reboot normally.
Comment 6 Brandon Petersen 2004-04-05 18:48:11 UTC 

*** This bug has been marked as a duplicate of 119981 ***
Comment 7 Red Hat Bugzilla 2006-02-21 19:02:25 UTC 
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.
Note You need to log in before you can comment on or make changes to this bug.