running `setenforce 0` causes a system to hang kernel-xen0-2.6.15-1.2032_FC5 audit-libs-python-1.1.5-1 audit-libs-1.1.5-1 selinux-policy-2.2.23-11 selinux-policy-targeted-2.2.23-11 libselinux-1.29.7-1.2 libselinux-python-1.29.7-1.2 boot kernel-xen0-2.6.15-1.2032_FC5 system with no selinux options specified. run `getenforce` run `setenforce 0` # getenforce Enforcing # setenforce 0 audit(timestamp): avc: granted { granted } for pid=2398 comm="setenforce" scontext=root:system_r:undefined_t:s0-s0:c0.255 tcontext=system_u:object_r:security_t:s0 tclass=security <system is now hardlocked> fully reproducible Expected results: no hard locking executing admin commands
Anything on serial console?
nothing output to serial console. disable the xen serial console during boot stops it. Here's my current grub.conf boot stanzas: title Fedora Core (2.6.15-1.2032_FC5xen0) noserial root (hd0,0) kernel /xen.gz-2.6.15-1.2032_FC5 module /vmlinuz-2.6.15-1.2032_FC5xen0 ro root=LABEL=/1 module /initrd-2.6.15-1.2032_FC5xen0.img title Fedora Core (2.6.15-1.2032_FC5xen0) root (hd0,0) kernel /xen.gz-2.6.15-1.2032_FC5 com1=115200,8n1 module /vmlinuz-2.6.15-1.2032_FC5xen0 ro root=LABEL=/1 console=ttyS0 console=tty0 module /initrd-2.6.15-1.2032_FC5xen0.img The first reliably works. The second reliably hangs, but generates serial output (including the (XEN) section) until just befere the hang.
hang does not occur if 'sync_console' is appended to the kernel line in grub.conf
Do you know if you had auditd running?
I've not been able to reproduce this with FC5. Let me know if you still see it.
Haven't reproduced this with FC-5 GA or with current rawhide.