Red Hat Bugzilla – Bug 189856
Latest SELinux Patch breaks Udev
Last modified: 2007-11-30 17:11:31 EST
Description of problem:
Since the last update of SELinux to version 1.27.1-2.28 causes heavy problems
with udev. The boot process takes 10 minutes from beginning to login.
After the boot process, it takes about 5 minutes until the system is usable. The
output of ps aux shows 3 udev processes which consumes 99% of CPU.
The output of /var/log/messages is attached.
Steps to Reproduce:
1. Update selinux to 1.27.1-2.28.
2. Enable SELinux.
3. Reboot system.
The actual workaround for me is to disable SELinux.
Enabled SELinux and normal startup.
Created attachment 128187 [details]
Extract of /var/log/messages
hm... reassigning to selinux
Referred here by "nphilipp" on #fedora (freenode.)
I experienced a similar issue on a new install of FC5 (first 'real' reboot after the system had been installed
for a few days.)
Selecting 2.6.16 would cause the system to hang on 'Booting kernel.'
2.6.15 would boot fine.
I disabled selinux (selinux=off) and it works fine for 2.6.16.
udev version is 084-13
Are you seeing anything in the /var/log/audit/audit.log file?
There are no avc messages in the attached log file. Does booting with
enforcing=0 on the command line work proberly?
I've just installed a fresh FC4 system and done a full update to current stable
releases, including selinux-policy-targeted-1.27.1-2.28.
I'm not seeing any problems at all.
Can you verify whether your entire system is updated to the latest packages?
(In reply to comment #5)
> I've just installed a fresh FC4 system and done a full update to current
> releases, including selinux-policy-targeted-1.27.1-2.28.
> I'm not seeing any problems at all.
> Can you verify whether your entire system is updated to the latest packages?
The installed package version of selinux is:
The installed package version of udev is:
The used kernel is 2.6.16-1.2096_FC4. I choosed several kernels, but without
any changes. I guess it's a problem of the installed udev.
I started yum update again, but the udev package is not updated today.
Created attachment 128311 [details]
(In reply to comment #4)
> Are you seeing anything in the /var/log/audit/audit.log file?
I don't see anything special in the audit.log.
The reason of the slowdown is that the udev process is being killed & restarted
because for some reason it's using up all the available memory.
Is this still happening with all the latest updates applied ?
(In reply to comment #9)
> Is this still happening with all the latest updates applied ?
Yes, the versions are still the same like in comment #6, except the kernel
version, now kernel 2.6.16-1.2111_FC4 is running. I checked if there is a newer
verion of udev (with repoquery --nvr) but I already installed the latest version
Maybe only an upgrade to FC5 will help me.
hmm.. so I will update udev for FC4... oh my..
I'm running kernel 2.6.16-1.2122_FC5 and still having the problem, which I did
not have with FC4
did you guys try to relabel everything?
# touch /.autorelabel
(In reply to comment #13)
> did you guys try to relabel everything?
> # touch /.autorelabel
> # reboot
Yes. I relabeld my system last night - without any changes of the udev behaviour.
I'm pretty sure bug 174557 would have helped to decrease memory usuage of udev.
From the log it looks like udev keeps getting killed because the system keeps
running out of memory. But it also requires and upgrade of libselinux. Are you
able to upgrade these 2 pieces?
I re-installed with CD's to FC5 and overwrote everything from scratch
installation. That fixed the problem. :(
Johannes, are you still having problems with the latest updates ?
(In reply to comment #17)
> Johannes, are you still having problems with the latest updates ?
Yes, I had these problems, so I decided to upgrade to FC5. The last update I did
was last monday with a normal 'yum update'.
I don't quite understand, do you still have problems with FC5 or are you saying
you had the problems until you upgraded to FC5?
(In reply to comment #19)
> I don't quite understand, do you still have problems with FC5 or are you saying
> you had the problems until you upgraded to FC5?
I had the problems until I upgraded to FC5. Until the upgrade, I did a daily
'yum update' in FC4, hoping the problem will be fixed. But the behaviour didn't
change. So I decided to leave FC4.