161867 – update to 1.17.30-3.13 caused lots of execmod failures on /lib/lib*

Bug 161867 - update to 1.17.30-3.13 caused lots of execmod failures on /lib/lib*

Summary: update to 1.17.30-3.13 caused lots of execmod failures on /lib/lib*

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	3
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-06-27 22:28 UTC by Charles R. Anderson
Modified:	2007-11-30 22:11 UTC (History)
CC List:	5 users (show)
Fixed In Version:	1.17.30-3.16
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-08-19 09:52:41 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Charles R. Anderson 2005-06-27 22:28:25 UTC

Description of problem:

Cron ran yum and updated selinux-policy-targeted.  Afterwards, lots of system
services started failing, and dhclient continually looped, bombing the dhcp
server.  sshd, crond, login, mingetty, shutdown, and sh all showed execmod
failure for basic system libraries such as libc, libdl, libnls, and libcrypt.
This happened on 5 separate systems.

Version-Release number of selected component (if applicable):
1.17.30-3.13

How reproducible:
didn't try

Additional info:

/var/log/yum.log:
Jun 27 04:02:48 Updated: selinux-policy-targeted.noarch 1.17.30-3.13

/var/log/messages:
Jun 27 04:02:23 server kernel: audit(1119859343.299:0): avc:  granted  {
load_policy } for  pid=22745 exe=/usr/sbin/load_policy
scontext=system_u:system_r:unconfined_t tcontext=system_u:object_r:security_t
tclass=security
Jun 27 04:02:23 server kernel: security:  3 users, 4 roles, 345 types, 30 bools
Jun 27 04:02:23 server kernel: security:  55 classes, 15014 rules
Jun 27 04:22:32 server kernel: audit(1119860552.939:0): avc:  denied  { execmod
} for  pid=22879 comm=sshd path=/lib/libdl-2.3.5.so dev=dm-0 ino=2883608
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 04:23:32 server kernel: audit(1119860612.788:0): avc:  denied  { execmod
} for  pid=22880 comm=sshd path=/lib/libdl-2.3.5.so dev=dm-0 ino=2883608
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 05:01:01 server kernel: audit(1119862861.592:0): avc:  denied  { execmod
} for  pid=22883 comm=crond path=/lib/libnsl-2.3.5.so dev=dm-0 ino=2883622
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 05:01:01 server kernel: audit(1119862861.618:0): avc:  denied  { execmod
} for  pid=22883 comm=crond path=/lib/libcrypt-2.3.5.so dev=dm-0 ino=2883624
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 05:28:02 server kernel: audit(1119864482.607:0): avc:  denied  { execmod
} for  pid=22884 comm=sshd path=/lib/libdl-2.3.5.so dev=dm-0 ino=2883608
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 06:01:01 server kernel: audit(1119866461.740:0): avc:  denied  { execmod
} for  pid=22887 comm=crond path=/lib/libnsl-2.3.5.so dev=dm-0 ino=2883622
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 06:01:01 server kernel: audit(1119866461.741:0): avc:  denied  { execmod
} for  pid=22887 comm=crond path=/lib/libcrypt-2.3.5.so dev=dm-0 ino=2883624
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 07:01:01 server kernel: audit(1119870061.862:0): avc:  denied  { execmod
} for  pid=22890 comm=crond path=/lib/libnsl-2.3.5.so dev=dm-0 ino=2883622
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 07:01:01 server kernel: audit(1119870061.864:0): avc:  denied  { execmod
} for  pid=22890 comm=crond path=/lib/libcrypt-2.3.5.so dev=dm-0 ino=2883624
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 07:23:34 server kernel: audit(1119871414.313:0): avc:  denied  { execmod
} for  pid=22891 comm=sshd path=/lib/libdl-2.3.5.so dev=dm-0 ino=2883608
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 08:01:01 server kernel: audit(1119873661.980:0): avc:  denied  { execmod
} for  pid=22894 comm=crond path=/lib/libnsl-2.3.5.so dev=dm-0 ino=2883622
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 08:01:01 server kernel: audit(1119873661.982:0): avc:  denied  { execmod
} for  pid=22894 comm=crond path=/lib/libcrypt-2.3.5.so dev=dm-0 ino=2883624
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 08:08:08 server kernel: audit(1119874088.406:0): avc:  denied  { execmod
} for  pid=22895 comm=sshd path=/lib/libdl-2.3.5.so dev=dm-0 ino=2883608
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 08:38:34 server kernel: audit(1119875914.273:0): avc:  denied  { execmod
} for  pid=3288 comm=login path=/lib/libcrypt-2.3.5.so dev=dm-0 ino=2883624
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 08:38:34 server kernel: audit(1119875914.370:0): avc:  denied  { execmod
} for  pid=22902 comm=mingetty path=/lib/tls/libc-2.3.5.so dev=dm-0 ino=2883593
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 08:38:34 server kernel: audit(1119875914.386:0): avc:  denied  { execmod
} for  pid=22917 comm=mingetty path=/lib/tls/libc-2.3.5.so dev=dm-0 ino=2883593
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 08:38:34 server kernel: audit(1119875914.443:0): avc:  denied  { execmod
} for  pid=22945 comm=mingetty path=/lib/tls/libc-2.3.5.so dev=dm-0 ino=2883593
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 08:38:34 server kernel: audit(1119875914.505:0): avc:  denied  { execmod
} for  pid=23010 comm=mingetty path=/lib/tls/libc-2.3.5.so dev=dm-0 ino=2883593
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 08:38:34 server kernel: audit(1119875914.551:0): avc:  denied  { execmod
} for  pid=23032 comm=mingetty path=/lib/tls/libc-2.3.5.so dev=dm-0 ino=2883593
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 08:38:34 server kernel: audit(1119875914.596:0): avc:  denied  { execmod
} for  pid=23069 comm=mingetty path=/lib/tls/libc-2.3.5.so dev=dm-0 ino=2883593
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 08:38:34 server kernel: audit(1119875914.646:0): avc:  denied  { execmod
} for  pid=23096 comm=mingetty path=/lib/tls/libc-2.3.5.so dev=dm-0 ino=2883593
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 08:38:34 server kernel: audit(1119875914.703:0): avc:  denied  { execmod
} for  pid=23143 comm=mingetty path=/lib/tls/libc-2.3.5.so dev=dm-0 ino=2883593
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 08:38:34 server kernel: audit(1119875914.762:0): avc:  denied  { execmod
} for  pid=23159 comm=mingetty path=/lib/tls/libc-2.3.5.so dev=dm-0 ino=2883593
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 08:38:34 server kernel: audit(1119875914.789:0): avc:  denied  { execmod
} for  pid=23201 comm=mingetty path=/lib/tls/libc-2.3.5.so dev=dm-0 ino=2883593
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 08:38:34 server init: Id "1" respawning too fast: disabled for 5 minutes
Jun 27 08:39:08 server kernel: audit(1119875948.170:0): avc:  denied  { execmod
} for  pid=23452 comm=shutdown path=/lib/tls/libc-2.3.5.so dev=dm-0 ino=2883593
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 08:39:34 server kernel: audit(1119875974.570:0): avc:  denied  { execmod
} for  pid=23497 comm=sh path=/lib/libdl-2.3.5.so dev=dm-0 ino=2883608
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 08:39:34 server kernel: audit(1119875974.572:0): avc:  denied  { execmod
} for  pid=23498 comm=sh path=/lib/libdl-2.3.5.so dev=dm-0 ino=2883608
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 08:39:43 server kernel: audit(1119875983.576:0): avc:  denied  { execmod
} for  pid=23499 comm=sh path=/lib/libdl-2.3.5.so dev=dm-0 ino=2883608
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 08:39:43 server kernel: audit(1119875983.578:0): avc:  denied  { execmod
} for  pid=23500 comm=sh path=/lib/libdl-2.3.5.so dev=dm-0 ino=2883608
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 08:39:46 server kernel: audit(1119875986.671:0): avc:  denied  { execmod
} for  pid=23501 comm=sh path=/lib/libdl-2.3.5.so dev=dm-0 ino=2883608
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file
Jun 27 08:39:46 server kernel: audit(1119875986.673:0): avc:  denied  { execmod
} for  pid=23502 comm=sh path=/lib/libdl-2.3.5.so dev=dm-0 ino=2883608
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file

Comment 1 Charles R. Anderson 2005-06-27 22:40:08 UTC

Here are the file contexts of /lib/tls/* and /lib/*

# getfattr -n security.selinux /lib/tls/*
getfattr: Removing leading '/' from absolute path names
# file: lib/tls/i486
security.selinux="system_u:object_r:lib_t\000"

# file: lib/tls/i586
security.selinux="system_u:object_r:lib_t\000"

# file: lib/tls/i686
security.selinux="system_u:object_r:lib_t\000"

# file: lib/tls/libc-2.3.5.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/tls/libc.so.6
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/tls/libm-2.3.5.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/tls/libm.so.6
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/tls/libpthread-2.3.5.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/tls/libpthread.so.0
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/tls/librt-2.3.5.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/tls/librt.so.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/tls/libthread_db-1.0.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/tls/libthread_db.so.1
security.selinux="system_u:object_r:shlib_t\000"
# getfattr -n security.selinux /lib/*
getfattr: Removing leading '/' from absolute path names
# file: lib/cpp
security.selinux="system_u:object_r:bin_t\000"

# file: lib/firmware
security.selinux="system_u:object_r:lib_t\000"

# file: lib/i686
security.selinux="system_u:object_r:lib_t\000"

# file: lib/iptables
security.selinux="system_u:object_r:lib_t\000"

# file: lib/kbd
security.selinux="system_u:object_r:lib_t\000"

# file: lib/ld-2.3.5.so
security.selinux="system_u:object_r:ld_so_t\000"

# file: lib/ld-linux.so.2
security.selinux="system_u:object_r:ld_so_t\000"

# file: lib/ld-lsb.so.1
security.selinux="system_u:object_r:ld_so_t\000"

# file: lib/libacl.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libacl.so.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libacl.so.1.1.0
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libanl-2.3.5.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libanl.so.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libasound.so.2
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libasound.so.2.0.0
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libattr.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libattr.so.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libattr.so.1.1.0
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libblkid.so.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libblkid.so.1.0
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libBrokenLocale-2.3.5.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libBrokenLocale.so.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libc-2.3.5.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libcap.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libcap.so.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libcap.so.1.10
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libcidn-2.3.5.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libcidn.so.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libcom_err.so.2
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libcom_err.so.2.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libcrypt-2.3.5.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libcrypto.so.0.9.7a
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libcrypto.so.4
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libcrypt.so.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libc.so.6
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libdb-4.2.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libdevmapper.a
security.selinux="system_u:object_r:lib_t\000"

# file: lib/libdevmapper.a.1.00
security.selinux="system_u:object_r:lib_t\000"

# file: lib/libdevmapper.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libdevmapper.so.1.00
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libdl-2.3.5.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libdl.so.2
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libe2p.so.2
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libe2p.so.2.3
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libext2fs.so.2
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libext2fs.so.2.4
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libgcc_s-3.4.3-20050228.so.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libgcc_s.so.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libiw.so.27
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libm-2.3.5.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libm.so.6
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libNoVersion-2.3.5.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libNoVersion.so.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnsl-2.3.5.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnsl.so.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss1_compat-2.3.5.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss1_compat.so.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss1_dns-2.3.5.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss1_dns.so.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss1_files-2.3.5.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss1_files.so.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss1_nis-2.3.5.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss1_nis.so.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss_compat-2.3.5.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss_compat.so.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss_compat.so.2
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss_db.so.2
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss_db.so.2.0.0
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss_dns-2.3.5.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss_dns.so.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss_dns.so.2
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss_files-2.3.5.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss_files.so.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss_files.so.2
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss_hesiod-2.3.5.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss_hesiod.so.2
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss_ldap-2.3.3.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss_ldap.so.2
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss_nis-2.3.5.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss_nisplus-2.3.5.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss_nisplus.so.2
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss_nis.so.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss_nis.so.2
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss_winbind.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss_winbind.so.2
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss_wins.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libnss_wins.so.2
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libpamc.so.0
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libpamc.so.0.77
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libpam_misc.so.0
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libpam_misc.so.0.77
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libpam.so.0
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libpam.so.0.77
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libpcre.so.0
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libpcre.so.0.0.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libproc-3.2.3.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libpthread-0.10.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libpthread.so.0
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libresolv-2.3.5.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libresolv.so.2
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/librt-2.3.5.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/librt.so.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libSegFault.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libselinux.so.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libsepol.so.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libssl.so.0.9.7a
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libssl.so.4
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libss.so.2
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libss.so.2.0
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libtermcap.so.2
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libtermcap.so.2.0.8
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libthread_db-1.0.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libthread_db.so.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libutil-2.3.5.so
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libutil.so.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libuuid.so.1
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/libuuid.so.1.2
security.selinux="system_u:object_r:shlib_t\000"

# file: lib/lsb
security.selinux="system_u:object_r:lib_t\000"

# file: lib/modules
security.selinux="system_u:object_r:modules_object_t\000"

# file: lib/security
security.selinux="system_u:object_r:lib_t\000"

# file: lib/tls
security.selinux="system_u:object_r:lib_t\000"

Comment 2 Russell Coker 2005-06-28 07:12:14 UTC

I've tried to reproduce this on a P4-1.5GHz machine.  I now have the machine 
in question running with selinux-policy-targeted-sources-1.17.30-3.13 and 
kernel-2.6.11-1.35_FC3.  Everything is working, the machine boots, gets an IP 
address from the DHCP server, and lets me login via ssh.

Comment 3 Charles R. Anderson 2005-06-28 16:15:50 UTC

I found out some more info.  At the time the selinux-policy was updated, these
systems were booted into kernel-2.6.11-1.27_FC3.i686 or
kernel-smp-2.6.11-1.27_FC3.i686, but they all had the new kernel 2.6.11-1.35_FC3
installed prior.  They were all updated otherwise.

One was a dual-CPU Dell PowerEdge 2650 (Intel(R) Xeon(TM) CPU 2.40GHz,
Hyperthreading enabled, SMP kernel).  The others were a Dell Optiplex GX280
(Intel(R) Pentium(R) 4 CPU 3.00GHz, Hyperthreading enabled, SMP kernel) and a
Dell Optiplex GX400 (Intel(R) Pentium(R) 4 CPU 1300MHz).

On another FC3 system (a Dell Optiplex GX260, Intel(R) Pentium(R) 4 CPU 2.0GHZ),
fully updated, I had 2.6.11-1.35_FC3 booted, and this problem didn't happen.

All systems were running the default configuration of targeted, enforcing.

Comment 4 Bob Chiodini 2005-06-28 18:17:14 UTC

I can confirm Mr. Anderson's observations.  On Monday, arriving at work I could
not unlock the screen saver, log into a virtual terminal or virtually anything
else, kernel 27_FC3.  Booting into the 35_FC3 kernel with selinux=0 and backing
down to a previous rev of the selinux-policy-targeted worked correctly.  I then
ran in the 1.17.30-3.13 selinux update without problems (w/o selinux=0).

Comment 5 Richard Körber 2005-06-28 22:39:04 UTC

Same for me here. kernel 2.6.11-1.35_FC3 was installed on that system, but it
was actually booted from an older kernel, when yum installed the new
selinux-policy-targeted.

The result was that I was totally unable to login to the system. I had to press
the reset button. After restart (now with the 2.6.11-1.35 kernel), I was able to
login again, but some services (e.g. squid or httpd) were unable to start or did
not start correctly.

I tried to rescue my system like described by Bob Chiodini in Comment #4, but it
didn't work. Downgrading to an older selinux-policy-targeted didn't help too.

Currently I have to boot the system with selinux=0 in order to use it again. I
hope the damage to the system can be repaired with a future selinux update.

Comment 6 Daniel Walsh 2005-07-03 15:21:09 UTC

Fixed in selinux-policy-targeted-1.17.30-3.16

Comment 7 Walter Justen 2005-08-19 09:52:41 UTC

update package is published

Note You need to log in before you can comment on or make changes to this bug.