Red Hat Bugzilla – Bug 161918
updating to selinux-policy-targeted-1.17.30-3.13 without kernel-2.6.11-1.35_FC3 causes authorization problems, failure to boot
Last modified: 2007-11-30 17:11:09 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4
Description of problem:
up2date default policy skips installing new kernel packages. I run a cron job daily which runs "up2date-nox -u" to keep systems updated. Evidently, selinux-policy-targeted-1.17.30-3.13 requires the most current kernel.
Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-3.13, kernel-2.6.11-1.27_FC3 (possibly other kernels)
Steps to Reproduce:
1. With kernel-2.6.11-1.27_FC3 installed, and a password-protected screensaver running, run "up2date-nox -u" (with default configuration) as a cron job.
Actual Results: Afterwards, you cannot unlock the screen, it acts as though you're using an incorrect password. Use a rescue disc to zap the password and reboot - init fails with some sort of insufficient privilege message.
When this happened on two unrelated machines (different networks, miles apart physically, etc.) yesterday, there was an obvious pattern.
Expected Results: selinux-policy-targeted-1.17.30-3.13 should have an installation dependency on the kernel level.
One way to recover a system which is unbootable due to this bug:
1) reboot with a rescue disc, set up networking, chroot /mnt/sysimage
2) up2date-nox --configure
- select attribute 7, pkgSkipList (currently value: 'kernel*')
- 'C' to clear the list
- <enter> to exit
3) up2date-nox -u (installs new kernel)
4) eject rescue disc and reboot using the new kernel
5) (optional) rerun "up2date-nox --configure" and put "kernel*;" back in pkgSkipList
Just curious, why is up2date configured by default to skip installing new
kernels? It's been that way for years, but I've never seen it explained anywhere.
Fixed in selinux-policy-targeted-1.17.30-3.16
update package is published