Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 132458 - avc: denied {execute} for pid=1
avc: denied {execute} for pid=1
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Depends On:
Blocks: FC3Blocker FC3BugWeekQA
  Show dependency treegraph
Reported: 2004-09-13 13:15 EDT by Leonard den Ottolander
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version: 1.17.26-3
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-10-05 15:58:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Leonard den Ottolander 2004-09-13 13:15:38 EDT
FC3t1 updated a few days ago. Booting doesn't get me very far:

avc: denied {execute} for pid=1 path=/lib/tls/i486/libc-2.3.3.so
dev=hda6 ino=137734 scontext=system_u:system_r:init_t
tcontext=system_u:object_r:lib_t tclass=file

And what follows is obviously a kernel panic.

This is a K6-450.
Comment 1 Leonard den Ottolander 2004-09-13 14:09:27 EDT
fixfiles relabel did *not* fix this issue.
Comment 2 Daniel Walsh 2004-09-15 11:34:11 EDT
Try selinux-policy-strict-1.17.16-3

Or just patch
--- nsapolicy/file_contexts/types.fc	2004-09-14 09:18:10.000000000 -0400
+++ policy-1.17.16/file_contexts/types.fc	2004-09-15
11:25:43.459813532 -0400
@@ -298,6 +298,7 @@
 /lib(64)?/[^/]*/lib[^/]*\.so(\.[^/]*)*	--	system_u:object_r:shlib_t
 /lib(64)?/security/[^/]*\.so(\.[^/]*)*	--	system_u:object_r:shlib_t
 /lib(64)?/tls/i686/cmov/[^/]*\.so(\.[^/]*)* --	system_u:object_r:shlib_t
+/lib(64)?/tls/i486/[^/]*\.so(\.[^/]*)* --	system_u:object_r:shlib_t
 # /sbin

And restorecon on the shared library
Comment 3 Leonard den Ottolander 2004-09-19 12:14:17 EDT
I'd love to try selinux-policy-strict-1.17.16-3, but RawHide is still
at  1.17.16-2. Why is that?
Comment 4 Daniel Walsh 2004-09-20 06:25:41 EDT
Rawhide is frozen until FC3Test2 is released.  Policy is available via
my people page for now.

Comment 5 Leonard den Ottolander 2004-09-20 06:31:18 EDT
Let's hope not too many people start testing the strict policy on
FC3t2 on i586s then ;-) . Or is this issue mentioned in the release notes?
Comment 6 Ben Levenson 2004-10-05 15:58:41 EDT
I don't have an i586 up and running to verify this, but I see the
following in /etc/selinux/strict/src/policy/file_contexts/types.fc 
which should fix the problem:

/lib(64)?/tls/i.86/[^/]*\.so(\.[^/]*)* -- system_u:object_r:shlib_t


Note You need to log in before you can comment on or make changes to this bug.