Bug 178006 - kernel-2.6.15-1.2002_FC4 breaks networking
kernel-2.6.15-1.2002_FC4 breaks networking
Status: CLOSED INSUFFICIENT_DATA
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
5
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Dave Jones
Brian Brock
MassClosed
:
: 178287 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-01-17 05:08 EST by Fred New
Modified: 2015-01-04 17:24 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-19 23:40:32 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Fred New 2006-01-17 05:08:15 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7

Description of problem:
There is an incompatibility between the 2002_FC4 kernel and SELinux.  When SELinux is in enforcing mode, I cannot access the network.  In permissive mode or using kernel-2.6.15-1.1824_FC4, my network works.  That is, with the 2002_FC4 kernel I cannot access the httpd or sshd services from outside and ntp, DNS, sendmail and ping don't work going out.

Version-Release number of selected component (if applicable):
kernel-2.6.15-1.2002_FC4

How reproducible:
Always

Steps to Reproduce:
1. Boot the 2.6.15-1.2002_FC4 kernel.
2. Try to use the network.
  

Actual Results:  No talking.  And audit messages like the following appear (using aureport):

418. 01/17/06 09:38:56 ssh user_u:system_r:unconfined_t 0 sendto system_u:object_r:unlabeled_t denied 532
419. 01/17/06 09:59:20 mDNSResponder system_u:system_r:howl_t 102 recvfrom system_u:object_r:unlabeled_t denied 8
420. 01/17/06 09:59:21 mDNSResponder system_u:system_r:howl_t 102 sendto system_u:object_r:unlabeled_t denied 9
...
425. 01/17/06 09:59:26 modprobe system_u:system_r:kernel_t 91 sendto system_u:object_r:unlabeled_t denied 14
426. 01/17/06 09:59:26 default.hotplug system_u:system_r:kernel_t 0 sendto system_u:object_r:unlabeled_t denied 15
427. 01/17/06 09:59:26 ntpdate system_u:system_r:ntpd_t 102 sendto system_u:object_r:unlabeled_t denied 16

Expected Results:  Network communication.

Additional info:

libselinux-1.23.10-2
selinux-policy-targeted-1.27.1-2.18

$ grep eth0 /etc/modprobe.conf
alias eth0 8139too
Comment 1 Fred New 2006-01-17 14:30:18 EST
I have confirmed this behavior on a second computer with an e100 NIC.  Booting
stopped on the second computer when trying to start rhgb.  Graphical booting on
computer 1 is turned off.  Both computers successfully entered run level 5 and
started X with this kernel.
Comment 2 Ignacio Vazquez-Abrams 2006-01-18 21:09:27 EST
*** Bug 178287 has been marked as a duplicate of this bug. ***
Comment 3 William Murray 2006-01-19 04:03:55 EST
Yup, same for me. Maybe this is too obvious to be worth adding, but booting
selinux=0 restores all to life and health.
              Bill   
Comment 4 Fred New 2006-01-19 04:55:41 EST
This problem is still present in kernel-2.6.15-1.2003_FC4.
Comment 5 Fred New 2006-01-24 03:59:55 EST
And the same is true for kernel-2.6.15-1.2004_FC4.  In case you're curious, the
last working kernel for me was kernel-2.6.15-1.1824_FC4 and I have fallen back
to it once again.
Comment 6 Dave Jones 2006-02-03 00:47:51 EST
This is a mass-update to all currently open kernel bugs.

A new kernel update has been released (Version: 2.6.15-1.1830_FC4)
based upon a new upstream kernel release.

Please retest against this new kernel, as a large number of patches
go into each upstream release, possibly including changes that
may address this problem.

This bug has been placed in NEEDINFO_REPORTER state.
Due to the large volume of inactive bugs in bugzilla, if this bug is
still in this state in two weeks time, it will be closed.

Should this bug still be relevant after this period, the reporter
can reopen the bug at any time. Any other users on the Cc: list
of this bug can request that the bug be reopened by adding a
comment to the bug.

If this bug is a problem preventing you from installing the
release this version is filed against, please see bug 169613.

Thank you.
Comment 7 Fred New 2006-02-03 03:31:16 EST
The 2.6.15-1.1830_FC4 kernel resolves this problem.  Note that, because of the
smaller release number, I had to uninstall the 2000 series kernels (and
kernel-devel's) in order to get yum to install this kernel.  Of course this
won't be a problem for people who aren't testing the DaveJ kernels.
Comment 8 Dave Jones 2006-02-03 11:50:43 EST
glitch of the mass-update script.  thanks.  I'll do another 200x series kernel
based on 2.6.16rc2 later today.
Comment 9 Fred New 2006-02-06 06:31:21 EST
While waiting for the 200x kernel, I tested 2.6.15-1.1830_FC4.netdev.9(.i686) on
my system with the 8139too network card.  The network is half broken - I can ssh
out, use Firefox and ntpd appears to synchronize with outside servers, but I
can't ssh in or access the Apache Web server. Turning off iptables and putting
SELinux into permissive mode has no effect.  And aureport doesn't show any AVC
messages.  (So this is different from this bug as originally reported.)
Comment 10 Fred New 2006-02-07 00:33:26 EST
I don't see this behavior (comment #9) for 2.6.15-1.1830_FC4.netdev.9 on my
other system with the e100 network card.  The problem must be driver specific.
Comment 11 Fred New 2006-02-09 03:14:47 EST
This problem is fixed with kernel-2.6.15-1.2005_FC4.
Comment 12 Ignacio Vazquez-Abrams 2006-02-09 11:51:46 EST
-1.2005 doesn't solve this for me.
Comment 13 bensmyth 2006-08-25 03:31:22 EDT
This problem appears to still be present in 2.6.17-2142_FC4.

When I try to ping 127.0.0.1 or 192.168.0.1 I get:
ping: sendmsg: Operation not permitted

If I disable SELinux (setenforce 0) network access returns.


Further details
http://forums.devshed.com/linux-help-33/no-network-access-378910.html
Comment 14 Dave Jones 2006-09-16 22:40:55 EDT
[This comment added as part of a mass-update to all open FC4 kernel bugs]

FC4 has now transitioned to the Fedora legacy project, which will continue to
release security related updates for the kernel.  As this bug is not security
related, it is unlikely to be fixed in an update for FC4, and has been migrated
to FC5.

Please retest with Fedora Core 5.

Thank you.
Comment 15 Dave Jones 2006-10-16 14:52:21 EDT
A new kernel update has been released (Version: 2.6.18-1.2200.fc5)
based upon a new upstream kernel release.

Please retest against this new kernel, as a large number of patches
go into each upstream release, possibly including changes that
may address this problem.

This bug has been placed in NEEDINFO state.
Due to the large volume of inactive bugs in bugzilla, if this bug is
still in this state in two weeks time, it will be closed.

Should this bug still be relevant after this period, the reporter
can reopen the bug at any time. Any other users on the Cc: list
of this bug can request that the bug be reopened by adding a
comment to the bug.

In the last few updates, some users upgrading from FC4->FC5
have reported that installing a kernel update has left their
systems unbootable. If you have been affected by this problem
please check you only have one version of device-mapper & lvm2
installed.  See bug 207474 for further details.

If this bug is a problem preventing you from installing the
release this version is filed against, please see bug 169613.

If this bug has been fixed, but you are now experiencing a different
problem, please file a separate bug for the new problem.

Thank you.
Comment 16 Jon Stanley 2008-01-19 23:40:32 EST
(this is a mass-close to kernel bugs in NEEDINFO state)

As indicated previously there has been no update on the progress of this bug
therefore I am closing it as INSUFFICIENT_DATA. Please re-open if the issue
still occurs for you and I will try to assist in its resolution. Thank you for
taking the time to report the initial bug.

If you believe that this bug was closed in error, please feel free to reopen
this bug.

Note You need to log in before you can comment on or make changes to this bug.