Bug 175529 - selinux causes boot failure
selinux causes boot failure
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2005-12-12 08:07 EST by David Woodhouse
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-12-22 17:38:10 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description David Woodhouse 2005-12-12 08:07:34 EST
Clean current rawhide installation needs 'selinux=0' on the kernel command line
to boot. Otherwise...

no fstab.sys, mounting internal defaults
Switching to new root and running init.
unmounting old /dev
unmounting old /proc
unmounting old /sys
Kernel panic - not syncing: Attempted to kill init!
Call Trace:
[C0000000028EBB40] [C00000000002B7C4] .show_stack+0x54/0x1f0 (unreliable)
[C0000000028EBBF0] [C000000000067B20] .panic+0x90/0x230
[C0000000028EBCB0] [C00000000006DCCC] .do_exit+0xb4c/0xdb0
[C0000000028EBD90] [C00000000006DF80] .do_group_exit+0x50/0xd0
[C0000000028EBE30] [C0000000000085F8] syscall_exit+0x0/0x40
Comment 1 Bill Nottingham 2005-12-12 14:06:50 EST
What init, and what policy?

I *think* this is because policy is accidentally getting removed.
Comment 2 David Woodhouse 2005-12-12 17:03:31 EST
20051211 rawhide -- SysVinit-2.85-42 and selinux-policy-targeted-2.1.2-1

This is uranus.cambridge.redhat.com; talk to me on irc, or dhowells or pnasrat
or one of many others, to find its root password.
Comment 3 David Woodhouse 2005-12-12 17:05:10 EST
Same exit happens when booted with init=/bin/bash, btw.
Comment 4 Bill Nottingham 2005-12-12 17:23:48 EST
Hm, sounds almost kernel-related then. Do older kernels work?
Comment 5 David Woodhouse 2005-12-12 18:04:07 EST
Not sure -- I haven't had selinux enabled on a rawhide machine for some time.
I'll back down to a kernel before the gcc 4.1 switch and see what happens.
Comment 6 Daniel Walsh 2005-12-13 10:17:36 EST
Can you boot with enforcing=0?  Is this a fresh install?  If yes, the install
was not builing the policy file successfully and init will blow up if there is
no policy file on disk.  There is a fix to init to output an error when the
policy file does not exist.  You can create a new policy file by executing

semodule -b /usr/share/selinux/targeted/base.pp
Comment 7 Orion Poplawski 2005-12-22 12:21:01 EST
I'm seeing this with a fresh install of today's rawhide kernel-2.6.14-1.1777_FC5.

Looks like no policy is installed:

-bash-3.00# rpm -qa selinux\*
-bash-3.00# rpm -qf /etc/selinux/config
file /etc/selinux/config is not owned by any package

This was a kickstart install.  There was no selinux line in the original ks
file, but the installed anaconda-ks.cfg does show "selinux --enforcing".

Perhaps an anaconda issue?
Comment 8 Orion Poplawski 2005-12-22 13:37:33 EST
Installing selinux-policy-targeted and running fixfiles relabel has me up and
running normally.
Comment 9 Daniel Walsh 2005-12-22 15:20:31 EST
does a /etc/selinux/targeted/policy/policy.20 file exist?

Comment 10 Orion Poplawski 2005-12-22 15:23:12 EST
It does now.  Date is after I installed selinux-policy-targeted.

# ls -l /etc/selinux/targeted/policy/policy.20
-rw-r--r-- 1 root root 653973 Dec 22 12:09 /etc/selinux/targeted/policy/policy.20
Comment 11 Daniel Walsh 2005-12-22 16:43:03 EST
So is the system still crashing.  I am not seeing this here.  I know the /home
and /root directories are mislabeled.

restorecon -R -v /home /root 

Should clear that up.

Working to get anaconda fixed.
Comment 12 Orion Poplawski 2005-12-22 16:46:04 EST
System is fine now as indicated in comment #8.  Although I am seeing lots of
avc: denied messages.  I'll deal with those separately.

Note You need to log in before you can comment on or make changes to this bug.