Red Hat Bugzilla – Bug 130555
.525 kernel breaks SELinux-strict/enforcing
Last modified: 2007-11-30 17:10:47 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7)
Description of problem:
Doesn't boot with strict enforcing (sorry, but doesn't get far enough
to save the log messages).
After repairing file-system, I booted in strict/permissive mode.
Hordes of messages, but the system boots.
/var/log/messages of permissive boot attached below. I notice a NULL
pointer issue very early in boot process
[It seems that the initrd is about 3.5 x larger than previous
versions. Is initialization now being run off of the initrd (like
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. install .525
Created attachment 102954 [details]
log of strict-permissive boot of .525 kernel
Looks like this is udev related, and udev is not properly supported
yet. Not sure where the kernel oopses are coming from. What is the
boot log when you boot with selinux=0?
Created attachment 102958 [details]
.525 boot with selinux=0
Boot log with selinux=0. Still see the NULL pointer problem.....
that problem should be fixed in 526 which is in rawhide tomorrow
(I'd upload it to people.redhat.com but the machine for that has had a
ups failure ;( )
Created attachment 102970 [details]
boot log of .526 strict/permissive boot
.526 no longer produces NULL pointer issues, but it still fails badly.
Boot up in strict/enforcing mode runs for about 15 seconds, produces scads of
messages (mostly avc messages), and the automagically reboots before the boot
log is saved.
Booting in strict/permissive mode (i.e., enforcing=0) 'works', but produces a
constant stream of messages.
Boot log of strict/permissive mode attached here.
Created attachment 102972 [details]
'ls -l /dev'
.526 strict/permissive seems to be have 'created' a new /dev, with all of the
entries missing SELinux labels. I did a 'setfiles -vv $FC /dev' just prior to
boot this up, so I know there were labels prior to boot.
Also, this 'new' /dev seems to be missing a few entries, like /dev/microcode
I attach an 'ls -l /dev'. (dates are funny 'Aug 22 05:06' for many of them.
Are these coming from the initrd?)
Boots up both in strict/enforcing and strict/permissive.
[Graphical login doesn't quite work with enforcing, but looks to be
not a kernel problem.]
In strict/permissive mode, looks like modules are loaded: sound works
(Realplay app is streaming music :) )