Bug 178125 - rc.sysinit complaining after selinux policy rebuild
rc.sysinit complaining after selinux policy rebuild
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: initscripts (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
Brock Organ
: SELinux
Depends On:
Blocks: FC5Target
  Show dependency treegraph
 
Reported: 2006-01-17 16:32 EST by Nicolas Mailhot
Modified: 2014-03-16 22:57 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-01-27 01:20:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
system dmesg after relabel boot (34.46 KB, text/plain)
2006-01-17 17:06 EST, Nicolas Mailhot
no flags Details
audit.log on the same system, starting with last auditd start (5.80 KB, application/x-bzip)
2006-01-17 17:07 EST, Nicolas Mailhot
no flags Details

  None (edit)
Description Nicolas Mailhot 2006-01-17 16:32:31 EST
Description of problem:

after a policy rebuild rc.sysinit will complain about a write error invalid
argument on line 73

Version-Release number of selected component (if applicable):

initscripts-8.20-1

How reproducible:

always

Steps to Reproduce:
1. touch /.autorelabel
2. reboot
3. read system messages after the relabeling ended
Comment 1 Daniel Walsh 2006-01-17 16:49:01 EST
What error messages are you seeing?  Are you seeing any AVC messages in
/var/log/audit/audit.log or /var/log/messages?
Comment 2 Nicolas Mailhot 2006-01-17 16:58:01 EST
Well, I don't know if it's relevant or not - I usually ignore the avcs during
the policy relabel boot. Anyway, my dmesg says has a lot of things in it
(luckily I haven't rebooted yet)

This is using policy 2.1.12-2, I think the problem is older
Comment 3 Daniel Walsh 2006-01-17 17:05:50 EST
Could you attach those avc messages?
Comment 4 Nicolas Mailhot 2006-01-17 17:06:44 EST
Created attachment 123336 [details]
system dmesg after relabel boot
Comment 5 Nicolas Mailhot 2006-01-17 17:07:29 EST
Created attachment 123337 [details]
audit.log on the same system, starting with last auditd start
Comment 6 Nicolas Mailhot 2006-01-17 17:20:47 EST
The actual sysinit error deos not seem to have been logged anywhere (sorry about
the lag, network is fluctuating wildly there)
Comment 7 Bill Nottingham 2006-01-17 17:34:29 EST
Hm, line 73 is where it resets the SELinux mode (enforcing, permissive, etc.)

So this would imply that before it started relabeling, it's running in the wrong
domain, and can't change the mode back? I suppose we would need to catch that
and then reboot, but without the error message, not sure what we'd check for. :/
Comment 8 Daniel Walsh 2006-01-17 17:49:14 EST
It Should be running in initrc_t.  

Many fixes in policy for fetchmail problems.

if id -Z not = initrc_t reboot.

Or if it could tell init to start the rc script again?
Of course init needs to be running as init_t...


Comment 9 Bill Nottingham 2006-01-17 17:59:53 EST
The test at the moment is:

REBOOTFLAG=`restorecon -v /sbin/init`

(i.e., if init has the wrong context on the file, then reboot.)

Should we just check for initrc_t instead?
Comment 10 Daniel Walsh 2006-01-27 01:20:48 EST
No that is fine.  

Note You need to log in before you can comment on or make changes to this bug.