Bug 130555 - .525 kernel breaks SELinux-strict/enforcing
.525 kernel breaks SELinux-strict/enforcing
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
rawhide
i686 Linux
medium Severity high
: ---
: ---
Assigned To: Arjan van de Ven
Brian Brock
:
Depends On:
Blocks: FC3Target
  Show dependency treegraph
 
Reported: 2004-08-21 14:54 EDT by Tom London
Modified: 2007-11-30 17:10 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-08-30 09:53:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
log of strict-permissive boot of .525 kernel (150.91 KB, text/plain)
2004-08-21 14:56 EDT, Tom London
no flags Details
.525 boot with selinux=0 (48.10 KB, text/plain)
2004-08-21 16:34 EDT, Tom London
no flags Details
boot log of .526 strict/permissive boot (146.53 KB, text/plain)
2004-08-22 15:14 EDT, Tom London
no flags Details
'ls -l /dev' (9.53 KB, text/plain)
2004-08-22 15:27 EDT, Tom London
no flags Details

  None (edit)
Description Tom London 2004-08-21 14:54:40 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7)
Gecko/20040803 Firefox/0.9.3

Description of problem:
Doesn't boot with strict enforcing (sorry, but doesn't get far enough
to save the log messages).

After repairing file-system, I booted in strict/permissive mode.
Hordes of messages, but the system boots.

/var/log/messages of permissive boot attached below. I notice a NULL
pointer issue very early in boot process

[It seems that the initrd is about 3.5 x larger than previous
versions. Is initialization now being run off of the initrd (like
udev, e.g.)?

Version-Release number of selected component (if applicable):
kernel-2.6.8-1.525

How reproducible:
Always

Steps to Reproduce:
1. install .525
2. boot
3.
    

Additional info:
Comment 1 Tom London 2004-08-21 14:56:29 EDT
Created attachment 102954 [details]
log of strict-permissive boot of .525 kernel
Comment 2 James Morris 2004-08-21 15:57:39 EDT
Looks like this is udev related, and udev is not properly supported
yet.  Not sure where the kernel oopses are coming from.  What is the
boot log when you boot with selinux=0?
Comment 3 Tom London 2004-08-21 16:34:01 EDT
Created attachment 102958 [details]
.525 boot with selinux=0

Boot log with selinux=0.  Still see the NULL pointer problem.....
Comment 4 Arjan van de Ven 2004-08-21 16:41:14 EDT
that problem should be fixed in 526 which is in rawhide tomorrow
(I'd upload it to people.redhat.com but the machine for that has had a
ups failure ;( )
Comment 5 Tom London 2004-08-22 15:14:43 EDT
Created attachment 102970 [details]
boot log of .526 strict/permissive boot

.526 no longer produces NULL pointer issues, but it still fails badly.

Boot up in strict/enforcing mode runs for about 15 seconds, produces scads of
messages (mostly avc messages), and the automagically reboots before the boot
log is saved.

Booting in strict/permissive mode (i.e., enforcing=0) 'works', but produces a
constant stream of messages. 

Boot log of strict/permissive mode attached here.
Comment 6 Tom London 2004-08-22 15:27:39 EDT
Created attachment 102972 [details]
'ls -l /dev'

.526 strict/permissive seems to be have 'created' a new /dev, with all of the
entries missing SELinux labels. I did a 'setfiles -vv $FC /dev' just prior to
boot this up, so I know there were labels prior to boot.

Also, this 'new' /dev seems to be missing a few entries, like /dev/microcode
and /dev/cpu/...

I attach an 'ls -l /dev'.  (dates are funny 'Aug 22 05:06' for many of them.
Are these coming from the initrd?)
Comment 7 Tom London 2004-08-28 13:38:22 EDT
.532 boots!

Boots up both in strict/enforcing and strict/permissive.

[Graphical login doesn't quite work with enforcing, but looks to be
not a kernel problem.]

In strict/permissive mode, looks like modules are loaded: sound works
(Realplay app is streaming music :) )

Thanks!

Note You need to log in before you can comment on or make changes to this bug.