Bug 161918 - updating to selinux-policy-targeted-1.17.30-3.13 without kernel-2.6.11-1.35_FC3 causes authorization problems, failure to boot
updating to selinux-policy-targeted-1.17.30-3.13 without kernel-2.6.11-1.35_F...
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
i686 Linux
medium Severity high
: ---
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2005-06-28 10:08 EDT by Rick Sykes
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: 1.17.30-3.16
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-08-19 05:53:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Rick Sykes 2005-06-28 10:08:18 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4

Description of problem:
up2date default policy skips installing new kernel packages.  I run a cron job daily which runs "up2date-nox -u" to keep systems updated.  Evidently, selinux-policy-targeted-1.17.30-3.13 requires the most current kernel.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-3.13, kernel-2.6.11-1.27_FC3 (possibly other kernels)

How reproducible:

Steps to Reproduce:
1. With kernel-2.6.11-1.27_FC3 installed, and a password-protected screensaver running, run "up2date-nox -u" (with default configuration) as a cron job.

Actual Results:  Afterwards, you cannot unlock the screen, it acts as though you're using an incorrect password.  Use a rescue disc to zap the password and reboot - init fails with some sort of insufficient privilege message.

When this happened on two unrelated machines (different networks, miles apart physically, etc.) yesterday, there was an obvious pattern.

Expected Results:  selinux-policy-targeted-1.17.30-3.13 should have an installation dependency on the kernel level.

Additional info:

One way to recover a system which is unbootable due to this bug:
1) reboot with a rescue disc, set up networking, chroot /mnt/sysimage
2) up2date-nox --configure
  - select attribute 7, pkgSkipList (currently value: 'kernel*')
  - 'C' to clear the list
  - <enter> to exit
3) up2date-nox -u  (installs new kernel)
4) eject rescue disc and reboot using the new kernel
5) (optional) rerun "up2date-nox --configure" and put "kernel*;" back in pkgSkipList
Comment 1 Rick Sykes 2005-06-28 10:18:22 EDT
Just curious, why is up2date configured by default to skip installing new
kernels?  It's been that way for years, but I've never seen it explained anywhere.
Comment 2 Daniel Walsh 2005-07-03 11:20:50 EDT
Fixed in selinux-policy-targeted-1.17.30-3.16
Comment 3 Walter Justen 2005-08-19 05:53:04 EDT
update package is published

Note You need to log in before you can comment on or make changes to this bug.