Description of problem: Cron ran yum and updated selinux-policy-targeted. Afterwards, lots of system services started failing, and dhclient continually looped, bombing the dhcp server. sshd, crond, login, mingetty, shutdown, and sh all showed execmod failure for basic system libraries such as libc, libdl, libnls, and libcrypt. This happened on 5 separate systems. Version-Release number of selected component (if applicable): 1.17.30-3.13 How reproducible: didn't try Additional info: /var/log/yum.log: Jun 27 04:02:48 Updated: selinux-policy-targeted.noarch 1.17.30-3.13 /var/log/messages: Jun 27 04:02:23 server kernel: audit(1119859343.299:0): avc: granted { load_policy } for pid=22745 exe=/usr/sbin/load_policy scontext=system_u:system_r:unconfined_t tcontext=system_u:object_r:security_t tclass=security Jun 27 04:02:23 server kernel: security: 3 users, 4 roles, 345 types, 30 bools Jun 27 04:02:23 server kernel: security: 55 classes, 15014 rules Jun 27 04:22:32 server kernel: audit(1119860552.939:0): avc: denied { execmod } for pid=22879 comm=sshd path=/lib/libdl-2.3.5.so dev=dm-0 ino=2883608 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 04:23:32 server kernel: audit(1119860612.788:0): avc: denied { execmod } for pid=22880 comm=sshd path=/lib/libdl-2.3.5.so dev=dm-0 ino=2883608 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 05:01:01 server kernel: audit(1119862861.592:0): avc: denied { execmod } for pid=22883 comm=crond path=/lib/libnsl-2.3.5.so dev=dm-0 ino=2883622 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 05:01:01 server kernel: audit(1119862861.618:0): avc: denied { execmod } for pid=22883 comm=crond path=/lib/libcrypt-2.3.5.so dev=dm-0 ino=2883624 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 05:28:02 server kernel: audit(1119864482.607:0): avc: denied { execmod } for pid=22884 comm=sshd path=/lib/libdl-2.3.5.so dev=dm-0 ino=2883608 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 06:01:01 server kernel: audit(1119866461.740:0): avc: denied { execmod } for pid=22887 comm=crond path=/lib/libnsl-2.3.5.so dev=dm-0 ino=2883622 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 06:01:01 server kernel: audit(1119866461.741:0): avc: denied { execmod } for pid=22887 comm=crond path=/lib/libcrypt-2.3.5.so dev=dm-0 ino=2883624 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 07:01:01 server kernel: audit(1119870061.862:0): avc: denied { execmod } for pid=22890 comm=crond path=/lib/libnsl-2.3.5.so dev=dm-0 ino=2883622 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 07:01:01 server kernel: audit(1119870061.864:0): avc: denied { execmod } for pid=22890 comm=crond path=/lib/libcrypt-2.3.5.so dev=dm-0 ino=2883624 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 07:23:34 server kernel: audit(1119871414.313:0): avc: denied { execmod } for pid=22891 comm=sshd path=/lib/libdl-2.3.5.so dev=dm-0 ino=2883608 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 08:01:01 server kernel: audit(1119873661.980:0): avc: denied { execmod } for pid=22894 comm=crond path=/lib/libnsl-2.3.5.so dev=dm-0 ino=2883622 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 08:01:01 server kernel: audit(1119873661.982:0): avc: denied { execmod } for pid=22894 comm=crond path=/lib/libcrypt-2.3.5.so dev=dm-0 ino=2883624 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 08:08:08 server kernel: audit(1119874088.406:0): avc: denied { execmod } for pid=22895 comm=sshd path=/lib/libdl-2.3.5.so dev=dm-0 ino=2883608 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 08:38:34 server kernel: audit(1119875914.273:0): avc: denied { execmod } for pid=3288 comm=login path=/lib/libcrypt-2.3.5.so dev=dm-0 ino=2883624 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 08:38:34 server kernel: audit(1119875914.370:0): avc: denied { execmod } for pid=22902 comm=mingetty path=/lib/tls/libc-2.3.5.so dev=dm-0 ino=2883593 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 08:38:34 server kernel: audit(1119875914.386:0): avc: denied { execmod } for pid=22917 comm=mingetty path=/lib/tls/libc-2.3.5.so dev=dm-0 ino=2883593 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 08:38:34 server kernel: audit(1119875914.443:0): avc: denied { execmod } for pid=22945 comm=mingetty path=/lib/tls/libc-2.3.5.so dev=dm-0 ino=2883593 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 08:38:34 server kernel: audit(1119875914.505:0): avc: denied { execmod } for pid=23010 comm=mingetty path=/lib/tls/libc-2.3.5.so dev=dm-0 ino=2883593 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 08:38:34 server kernel: audit(1119875914.551:0): avc: denied { execmod } for pid=23032 comm=mingetty path=/lib/tls/libc-2.3.5.so dev=dm-0 ino=2883593 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 08:38:34 server kernel: audit(1119875914.596:0): avc: denied { execmod } for pid=23069 comm=mingetty path=/lib/tls/libc-2.3.5.so dev=dm-0 ino=2883593 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 08:38:34 server kernel: audit(1119875914.646:0): avc: denied { execmod } for pid=23096 comm=mingetty path=/lib/tls/libc-2.3.5.so dev=dm-0 ino=2883593 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 08:38:34 server kernel: audit(1119875914.703:0): avc: denied { execmod } for pid=23143 comm=mingetty path=/lib/tls/libc-2.3.5.so dev=dm-0 ino=2883593 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 08:38:34 server kernel: audit(1119875914.762:0): avc: denied { execmod } for pid=23159 comm=mingetty path=/lib/tls/libc-2.3.5.so dev=dm-0 ino=2883593 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 08:38:34 server kernel: audit(1119875914.789:0): avc: denied { execmod } for pid=23201 comm=mingetty path=/lib/tls/libc-2.3.5.so dev=dm-0 ino=2883593 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 08:38:34 server init: Id "1" respawning too fast: disabled for 5 minutes Jun 27 08:39:08 server kernel: audit(1119875948.170:0): avc: denied { execmod } for pid=23452 comm=shutdown path=/lib/tls/libc-2.3.5.so dev=dm-0 ino=2883593 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 08:39:34 server kernel: audit(1119875974.570:0): avc: denied { execmod } for pid=23497 comm=sh path=/lib/libdl-2.3.5.so dev=dm-0 ino=2883608 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 08:39:34 server kernel: audit(1119875974.572:0): avc: denied { execmod } for pid=23498 comm=sh path=/lib/libdl-2.3.5.so dev=dm-0 ino=2883608 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 08:39:43 server kernel: audit(1119875983.576:0): avc: denied { execmod } for pid=23499 comm=sh path=/lib/libdl-2.3.5.so dev=dm-0 ino=2883608 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 08:39:43 server kernel: audit(1119875983.578:0): avc: denied { execmod } for pid=23500 comm=sh path=/lib/libdl-2.3.5.so dev=dm-0 ino=2883608 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 08:39:46 server kernel: audit(1119875986.671:0): avc: denied { execmod } for pid=23501 comm=sh path=/lib/libdl-2.3.5.so dev=dm-0 ino=2883608 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file Jun 27 08:39:46 server kernel: audit(1119875986.673:0): avc: denied { execmod } for pid=23502 comm=sh path=/lib/libdl-2.3.5.so dev=dm-0 ino=2883608 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Here are the file contexts of /lib/tls/* and /lib/* # getfattr -n security.selinux /lib/tls/* getfattr: Removing leading '/' from absolute path names # file: lib/tls/i486 security.selinux="system_u:object_r:lib_t\000" # file: lib/tls/i586 security.selinux="system_u:object_r:lib_t\000" # file: lib/tls/i686 security.selinux="system_u:object_r:lib_t\000" # file: lib/tls/libc-2.3.5.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/tls/libc.so.6 security.selinux="system_u:object_r:shlib_t\000" # file: lib/tls/libm-2.3.5.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/tls/libm.so.6 security.selinux="system_u:object_r:shlib_t\000" # file: lib/tls/libpthread-2.3.5.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/tls/libpthread.so.0 security.selinux="system_u:object_r:shlib_t\000" # file: lib/tls/librt-2.3.5.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/tls/librt.so.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/tls/libthread_db-1.0.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/tls/libthread_db.so.1 security.selinux="system_u:object_r:shlib_t\000" # getfattr -n security.selinux /lib/* getfattr: Removing leading '/' from absolute path names # file: lib/cpp security.selinux="system_u:object_r:bin_t\000" # file: lib/firmware security.selinux="system_u:object_r:lib_t\000" # file: lib/i686 security.selinux="system_u:object_r:lib_t\000" # file: lib/iptables security.selinux="system_u:object_r:lib_t\000" # file: lib/kbd security.selinux="system_u:object_r:lib_t\000" # file: lib/ld-2.3.5.so security.selinux="system_u:object_r:ld_so_t\000" # file: lib/ld-linux.so.2 security.selinux="system_u:object_r:ld_so_t\000" # file: lib/ld-lsb.so.1 security.selinux="system_u:object_r:ld_so_t\000" # file: lib/libacl.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libacl.so.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libacl.so.1.1.0 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libanl-2.3.5.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libanl.so.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libasound.so.2 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libasound.so.2.0.0 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libattr.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libattr.so.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libattr.so.1.1.0 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libblkid.so.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libblkid.so.1.0 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libBrokenLocale-2.3.5.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libBrokenLocale.so.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libc-2.3.5.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libcap.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libcap.so.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libcap.so.1.10 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libcidn-2.3.5.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libcidn.so.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libcom_err.so.2 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libcom_err.so.2.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libcrypt-2.3.5.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libcrypto.so.0.9.7a security.selinux="system_u:object_r:shlib_t\000" # file: lib/libcrypto.so.4 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libcrypt.so.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libc.so.6 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libdb-4.2.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libdevmapper.a security.selinux="system_u:object_r:lib_t\000" # file: lib/libdevmapper.a.1.00 security.selinux="system_u:object_r:lib_t\000" # file: lib/libdevmapper.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libdevmapper.so.1.00 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libdl-2.3.5.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libdl.so.2 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libe2p.so.2 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libe2p.so.2.3 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libext2fs.so.2 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libext2fs.so.2.4 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libgcc_s-3.4.3-20050228.so.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libgcc_s.so.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libiw.so.27 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libm-2.3.5.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libm.so.6 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libNoVersion-2.3.5.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libNoVersion.so.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnsl-2.3.5.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnsl.so.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss1_compat-2.3.5.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss1_compat.so.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss1_dns-2.3.5.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss1_dns.so.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss1_files-2.3.5.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss1_files.so.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss1_nis-2.3.5.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss1_nis.so.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss_compat-2.3.5.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss_compat.so.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss_compat.so.2 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss_db.so.2 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss_db.so.2.0.0 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss_dns-2.3.5.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss_dns.so.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss_dns.so.2 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss_files-2.3.5.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss_files.so.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss_files.so.2 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss_hesiod-2.3.5.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss_hesiod.so.2 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss_ldap-2.3.3.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss_ldap.so.2 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss_nis-2.3.5.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss_nisplus-2.3.5.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss_nisplus.so.2 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss_nis.so.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss_nis.so.2 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss_winbind.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss_winbind.so.2 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss_wins.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libnss_wins.so.2 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libpamc.so.0 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libpamc.so.0.77 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libpam_misc.so.0 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libpam_misc.so.0.77 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libpam.so.0 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libpam.so.0.77 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libpcre.so.0 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libpcre.so.0.0.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libproc-3.2.3.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libpthread-0.10.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libpthread.so.0 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libresolv-2.3.5.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libresolv.so.2 security.selinux="system_u:object_r:shlib_t\000" # file: lib/librt-2.3.5.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/librt.so.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libSegFault.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libselinux.so.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libsepol.so.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libssl.so.0.9.7a security.selinux="system_u:object_r:shlib_t\000" # file: lib/libssl.so.4 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libss.so.2 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libss.so.2.0 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libtermcap.so.2 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libtermcap.so.2.0.8 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libthread_db-1.0.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libthread_db.so.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libutil-2.3.5.so security.selinux="system_u:object_r:shlib_t\000" # file: lib/libutil.so.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libuuid.so.1 security.selinux="system_u:object_r:shlib_t\000" # file: lib/libuuid.so.1.2 security.selinux="system_u:object_r:shlib_t\000" # file: lib/lsb security.selinux="system_u:object_r:lib_t\000" # file: lib/modules security.selinux="system_u:object_r:modules_object_t\000" # file: lib/security security.selinux="system_u:object_r:lib_t\000" # file: lib/tls security.selinux="system_u:object_r:lib_t\000"
I've tried to reproduce this on a P4-1.5GHz machine. I now have the machine in question running with selinux-policy-targeted-sources-1.17.30-3.13 and kernel-2.6.11-1.35_FC3. Everything is working, the machine boots, gets an IP address from the DHCP server, and lets me login via ssh.
I found out some more info. At the time the selinux-policy was updated, these systems were booted into kernel-2.6.11-1.27_FC3.i686 or kernel-smp-2.6.11-1.27_FC3.i686, but they all had the new kernel 2.6.11-1.35_FC3 installed prior. They were all updated otherwise. One was a dual-CPU Dell PowerEdge 2650 (Intel(R) Xeon(TM) CPU 2.40GHz, Hyperthreading enabled, SMP kernel). The others were a Dell Optiplex GX280 (Intel(R) Pentium(R) 4 CPU 3.00GHz, Hyperthreading enabled, SMP kernel) and a Dell Optiplex GX400 (Intel(R) Pentium(R) 4 CPU 1300MHz). On another FC3 system (a Dell Optiplex GX260, Intel(R) Pentium(R) 4 CPU 2.0GHZ), fully updated, I had 2.6.11-1.35_FC3 booted, and this problem didn't happen. All systems were running the default configuration of targeted, enforcing.
I can confirm Mr. Anderson's observations. On Monday, arriving at work I could not unlock the screen saver, log into a virtual terminal or virtually anything else, kernel 27_FC3. Booting into the 35_FC3 kernel with selinux=0 and backing down to a previous rev of the selinux-policy-targeted worked correctly. I then ran in the 1.17.30-3.13 selinux update without problems (w/o selinux=0).
Same for me here. kernel 2.6.11-1.35_FC3 was installed on that system, but it was actually booted from an older kernel, when yum installed the new selinux-policy-targeted. The result was that I was totally unable to login to the system. I had to press the reset button. After restart (now with the 2.6.11-1.35 kernel), I was able to login again, but some services (e.g. squid or httpd) were unable to start or did not start correctly. I tried to rescue my system like described by Bob Chiodini in Comment #4, but it didn't work. Downgrading to an older selinux-policy-targeted didn't help too. Currently I have to boot the system with selinux=0 in order to use it again. I hope the damage to the system can be repaired with a future selinux update.
Fixed in selinux-policy-targeted-1.17.30-3.16
update package is published