Description of problem: The 2.6.7-1.494.2.2 kernel is too new for the shipped checkpolicy: | # make load -C /etc/security/selinux/src/policy | make: Entering directory `/etc/security/selinux/src/policy' | /usr/sbin/load_policy /etc/security/selinux/policy.`cat /selinux/policyvers` | Can't open '/etc/security/selinux/policy.18': No such file or directory | make: *** [tmp/load] Error 2 | make: Leaving directory `/etc/security/selinux/src/policy' | # cat /selinux/policyvers | 18# | # checkpolicy -V | 17 (compatibility range 17-15) With this kernel I am unable to login via ssh as no PTY can be allocated: | Aug 16 14:58:04 arundel sshd[2659]: error: openpty: No such file or directory | Aug 16 14:58:04 arundel sshd[2663]: error: session_pty_req: session 0 alloc failed /var/log/messages shows hundreds of | Aug 16 15:13:07 arundel kernel: audit(1092661987.538:0): avc: denied { read write } for pid=2863 exe=/usr/sbin/sshd name=ptyp0 dev=hda5 ino=68251 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:device_t tclass=chr_file entries. | # ll -Z /dev/pts -d | drwxr-xr-x+ root root (null) /dev/pts | # ll -Z /dev/pts | crw-------+ root tty system_u:object_r:initrc_devpts_t 0 | crw--w----+ root tty root:object_r:sysadm_devpts_t 1 With an older kernel (kernel-2.6.6-1.435.2.3) things are ok. Version-Release number of selected component (if applicable): kernel-2.6.7-1.494.2.2 checkpolicy-1.10-1 policy-1.11.3-3 How reproducible: 100%
Strange thing is that the first ssh connection after reboot succeeds. Then I get | open("/var/log/lastlog", O_RDONLY|O_LARGEFILE) = 9 | _llseek(9, 0, [0], SEEK_SET) = 0 | read(9, "\317\251 Atty5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 292) = 292 | close(9) = 0 | open("/dev/ptmx", O_RDWR) = -1 EIO (Input/output error) | open("/dev/ptyp0", O_RDWR) = -1 ENXIO (No such device or address) | open("/dev/ptyp1", O_RDWR) = -1 ENXIO (No such device or address) | open("/dev/ptyp2", O_RDWR) = -1 ENXIO (No such device or address)
Still with kernel-2.6.8-1.521, and some more information about the tty issue: when the system comes into this state and I execute a program the first time, things are fine: | open("/dev/ptmx", O_RDWR) = 3 Subsequent executions of the program gives | open("/dev/ptmx", O_RDWR) = -1 EIO (Input/output error) After renaming the program, things are fine again. Btw, this solves my ssh-login problem also because the EIO error was given to the testprogram. The used testprogram was a small modification of the code in libc.info, sec 17.8.1 "Allocation Pseudo-Terminals"
I guess, the bug is related to | # ls -Z /dev/pts | crw-------+ root tty system_u:object_r:initrc_devpts_t 0 There does not exist a process on this tty.
I get this error on a newly installed and updated FC2 system. I got the latest SELinux packages from ftp://people.redhat.com/dwalsh/SELinux/Fedora. I created a new user and edited the /etc/security/selinux/src/policy/users file. I tried running "make -C /etc/security/selinux/src/policy load" and get the error listed in this bug report. I'm using kernel 2.6.8-1.521smp.
I backed off to kernel 2.6.5-1.358smp and SELinux seems happier. # make -C /etc/security/selinux/ file_contexts policy.15 policy.16 policy.17 src [root@booboo root]# make -C /etc/security/selinux/src/policy/ make: Entering directory `/etc/security/selinux/src/policy' make: Nothing to be done for `install'. make: Leaving directory `/etc/security/selinux/src/policy' # cat /selinux/policyvers 17 # checkpolicy -V 17 (compatibility range 17-15)
mass update for old bugs: Is this still a problem in the 2.6.9 based kernel update ?