From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc4 Firefox/1.0.6 Description of problem: I have successfully installed an AVM Fritzcard PCI with CAPI. CAPI works fine as long as selinux is disabled or in permissive mode. Version-Release number of selected component (if applicable): selinux-policy-targeted-1.25.3-12 How reproducible: Always Steps to Reproduce: 1. echo "modprobe capifs " > /etc/sysconfig/modules/capi.modules 2. chmod +x /etc/sysconfig/modules/capi.modules 3. reboot Actual Results: The computer oopses while trying to modprobe capifs. Another 117 (!) oopses during boot (see attached messages.enforcing-1), not able to login then (oops, he did it again), so I have to reboot with entforcing=0 and disable /etc/sysconfig/modules/capi.modules Aug 20 16:11:06 hal9000 kernel: SELinux: initialized (dev capifs, type capifs), not configured for labeling Aug 20 16:11:06 hal9000 kernel: audit(1124554245.343:2): avc: denied { mount } for pid=1107 comm="modprobe" name="/" dev=capifs ino=1 scontext=system_u:system_r:insmod_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem Aug 20 16:11:06 hal9000 kernel: Unable to handle kernel paging request at virtual address e0e004c0 Aug 20 16:11:06 hal9000 kernel: printing eip: Aug 20 16:11:06 hal9000 kernel: c01a1cf1 Aug 20 16:11:06 hal9000 kernel: *pde = 1d9c7067 Aug 20 16:11:06 hal9000 kernel: Oops: 0000 [#1] (from attached messages.enforcing-1) Expected Results: Computer should boot normal and capifs should be loaded. In permissive Mode it looks like this: Aug 20 16:15:27 hal9000 kernel: SELinux: initialized (dev capifs, type capifs), not configured for labeling Aug 20 16:15:27 hal9000 kernel: audit(1124554514.755:2): avc: denied { mount } for pid=1616 comm="modprobe" name="/" dev=capifs ino=1 scontext=system_u:system_r:insmod_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem Aug 20 16:15:27 hal9000 kernel: capifs: Rev 1.1.2.3 (from attached messages.enforcing-0) Additional info: After bootup I can modprobe capifs or run capiinit as root without any problems, only modprobing capifs or running capiinit from an initscript at boot causes oopses.
Created attachment 117945 [details] /var/log/messages from boot with enabled selinux
Created attachment 117946 [details] /var/log/messages from a boot with permissive selinux
I will add capifs support to policy, but the kernel should not be oopsing. Transfering bug to kernel.
Looks like a bug in capifs. It doesn't call unregister_filesystem() when kern_mount() fails during initialization.
Created attachment 118189 [details] Patch submitted upstream
fixed in updates-testing
Mass update to all FC4 bugs: An update has been released (2.6.13-1.1526_FC4) which rebases to a new upstream kernel (2.6.13.2). As there were ~3500 changes upstream between this and the previous kernel, it's possible your bug has been fixed already. Please retest with this update, and update this bug if necessary. Thanks.
For me the bug was fixed with selinux-policy-targeted-1.25.4-10 which added capifs support. I tried to reproduce the bug with an older version of selinux-policy-targted and kernel-2.6.12-1.1447_FC4, kernel-2.6.12-1.1456_FC4 and current kernel-2.6.13-1.1526_FC4. No more oopses, so I going to close this bug now.