Bug 130555 - .525 kernel breaks SELinux-strict/enforcing
Summary: .525 kernel breaks SELinux-strict/enforcing
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: rawhide
Hardware: i686
OS: Linux
medium
high
Target Milestone: ---
Assignee: Arjan van de Ven
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks: FC3Target
TreeView+ depends on / blocked
 
Reported: 2004-08-21 18:54 UTC by Tom London
Modified: 2007-11-30 22:10 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-08-30 13:53:55 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
log of strict-permissive boot of .525 kernel (150.91 KB, text/plain)
2004-08-21 18:56 UTC, Tom London 		no flags Details
.525 boot with selinux=0 (48.10 KB, text/plain)
2004-08-21 20:34 UTC, Tom London 		no flags Details
boot log of .526 strict/permissive boot (146.53 KB, text/plain)
2004-08-22 19:14 UTC, Tom London 		no flags Details
'ls -l /dev' (9.53 KB, text/plain)
2004-08-22 19:27 UTC, Tom London 		no flags Details
View All

Description Tom London 2004-08-21 18:54:40 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7)
Gecko/20040803 Firefox/0.9.3

Description of problem:
Doesn't boot with strict enforcing (sorry, but doesn't get far enough
to save the log messages).

After repairing file-system, I booted in strict/permissive mode.
Hordes of messages, but the system boots.

/var/log/messages of permissive boot attached below. I notice a NULL
pointer issue very early in boot process

[It seems that the initrd is about 3.5 x larger than previous
versions. Is initialization now being run off of the initrd (like
udev, e.g.)?

Version-Release number of selected component (if applicable):
kernel-2.6.8-1.525

How reproducible:
Always

Steps to Reproduce:
1. install .525
2. boot
3.
    

Additional info:
Comment 1 Tom London 2004-08-21 18:56:29 UTC 
Created attachment 102954 [details]
log of strict-permissive boot of .525 kernel
Comment 2 James Morris 2004-08-21 19:57:39 UTC 
Looks like this is udev related, and udev is not properly supported
yet.  Not sure where the kernel oopses are coming from.  What is the
boot log when you boot with selinux=0?
Comment 3 Tom London 2004-08-21 20:34:01 UTC 
Created attachment 102958 [details]
.525 boot with selinux=0

Boot log with selinux=0.  Still see the NULL pointer problem.....
Comment 4 Arjan van de Ven 2004-08-21 20:41:14 UTC 
that problem should be fixed in 526 which is in rawhide tomorrow
(I'd upload it to people.redhat.com but the machine for that has had a
ups failure ;( )
Comment 5 Tom London 2004-08-22 19:14:43 UTC 
Created attachment 102970 [details]
boot log of .526 strict/permissive boot

.526 no longer produces NULL pointer issues, but it still fails badly.

Boot up in strict/enforcing mode runs for about 15 seconds, produces scads of
messages (mostly avc messages), and the automagically reboots before the boot
log is saved.

Booting in strict/permissive mode (i.e., enforcing=0) 'works', but produces a
constant stream of messages. 

Boot log of strict/permissive mode attached here.
Comment 6 Tom London 2004-08-22 19:27:39 UTC 
Created attachment 102972 [details]
'ls -l /dev'

.526 strict/permissive seems to be have 'created' a new /dev, with all of the
entries missing SELinux labels. I did a 'setfiles -vv $FC /dev' just prior to
boot this up, so I know there were labels prior to boot.

Also, this 'new' /dev seems to be missing a few entries, like /dev/microcode
and /dev/cpu/...

I attach an 'ls -l /dev'.  (dates are funny 'Aug 22 05:06' for many of them.
Are these coming from the initrd?)
Comment 7 Tom London 2004-08-28 17:38:22 UTC 
.532 boots!

Boots up both in strict/enforcing and strict/permissive.

[Graphical login doesn't quite work with enforcing, but looks to be
not a kernel problem.]

In strict/permissive mode, looks like modules are loaded: sound works
(Realplay app is streaming music :) )

Thanks!
Note You need to log in before you can comment on or make changes to this bug.