LTC Owner is: gjlynx.com LTC Originator is: dvelarde.com Problem description: When I (sysadm_r) tried to upgrade my lspp.37.ppc64 kernel to lspp.44.ppc64 with selinux in enforcing mode, I got the error: # rpm -Uvh kernel-2.6.17-1.2293.2.8_FC6.lspp.44.ppc64.rpm kernel-devel-2.6.17- 1.2293.2.8_FC6.lspp.44.ppc64.rpm Preparing... ########################################### [100%] 1:kernel-devel ########################################### [ 50%] 2:kernel ########################################### [100%] grubby: error moving /etc/yaboot.conf- to /etc/yaboot.conf: Permission denied ybin: /dev/sda1: Permission denied ybin: /dev/sda3: Permission denied grubby fatal error: unable to find a suitable template grubby: doing this would leave no kernel entries. Not writing out new config. ybin: /dev/sda1: Permission denied ybin: /dev/sda3: Permission denied Despite the permission denied errors, the rpms seem to have been upgraded # rpm -qa | grep kernel kernel-2.6.17-1.2293.2.8_FC6.lspp.44 kernel-devel-2.6.17-1.2293.2.8_FC6.lspp.44 If this is not an installation problem, Describe any custom patches installed. Installed system last week with Klaus' latest kickstart script. Upgraded selinux policy to latest available. Then tried to upgrade to more recent LSPP kernel packages: kernel-2.6.17-1.2293.2.8_FC6.lspp.44.ppc64.rpm kernel-devel-2.6.17-1.2293.2.8_FC6.lspp.44.ppc64.rpm Provide output from "uname -a", if possible: # uname -a Linux hvracer6.ltc.austin.ibm.com 2.6.17-1.2293.2.1_FC6.lspp.37 #1 SMP Mon Jun 19 19:49:45 EDT 2006 ppc64 ppc64 ppc64 GNU/Linux Hardware Environment Machine type (p650, x235, SF2, etc.): PPC64 HV LPAR Is the system (not just the application) hung? If so, describe how you determined this: If you reboot the system immediately after attempting to upgrade the kernel packages, you will have trouble booting up the system if you do not still have another kernel installed. Additional information: The default image no longer boots boot: Please wait, loading kernel... /vdevice/v-scsi@30000005/disk@8000000000000000:2,/boot/vmlinuz-2.6.17- 1.2293.2.1 _FC6.lspp.37: No such file or directory And lspp.44.kernel is not listed as one of the defined images you can select to boot.
Why is this filed as a kernel bug?
----- Additional Comments From salina.com 2006-09-21 13:23 EDT ------- strange .. on IBM side .. this is against security.. maybe a mapping error with the mirroring tool ?
Peter pls look at this. I think its resloved, it was misassigned to kernel... If so pls close etc. etc. etc.
Please attach the system log so we can fix the SELinux policy.
I believe this has been fixed in policy for a while. Please reopen if I am mistaken.
----- Additional Comments From gcwilson.com 2006-10-05 19:24 EDT ------- I was able to update Milestone 4 (200609227) to today's rawhide kernel in enforcing mode without problems on ppc64. Debbie, do you agree that this bug is fixed?
changed: What |Removed |Added ---------------------------------------------------------------------------- Status|FIXEDAWAITINGTEST |ACCEPTED ------- Additional Comments From dvelarde.com 2006-10-05 19:29 EDT ------- Agree bug is now fixed.
changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ACCEPTED |CLOSED ------- Additional Comments From dvelarde.com 2006-10-05 19:29 EDT ------- closing since no longer an issue.
----- Additional Comments From gcwilson.com 2006-10-05 19:30 EDT ------- To clarify, the test in my previous post was conducted on Milestone 4 using libsemanage 1.6.17-1 and MLS policy 2.3.18-3 from rawhide to work around RIT103513.
changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |REOPENED Resolution|FIX_BY_DISTRO | ------- Additional Comments From mcthomps.com 2006-12-11 19:54 EDT ------- Reopening due to regression in the SELinux policy packages.
changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|RH200181- update to LSPP .44|[REG] RH200181- update to |kernel with selinux in |LSPP .44 kernel with selinux |Enforcing fails |in Enforcing fails ------- Additional Comments From mcthomps.com 2006-12-12 11:09 EDT ------- Marking as regression.
This is FC6 bug. If this is also a RHEL 5 bug, and it needs to be fixed there, you need to open RHEL 5 bugzilla.
Ok is this a bug or not? I don't believe this is a bug as I believe it has been fixed in policy. If a bug on upgrade still happens please attach More information/avc messages.
------- Additional Comments From mcthomps.com 2006-12-20 11:28 EDT ------- (In reply to comment #18) > ----- Additional Comments From dwalsh 2006-12-18 14:18 EST ------ - > Ok is this a bug or not? I don't believe this is a bug as I believe it has been > fixed in policy. If a bug on upgrade still happens please attach More > information/avc messages. > -- Dan & Irena, We are mostly on break, so I appologize for the long delay and lack of response. The problem we're seeing is that installing a kernel in enforcing mode does not (I seems) to properly install the initrd, resulting in being unable to mount your root fs. I have the audit log attached to this bug report. Here is the output from the install and the result: [root@bladeracer1 root]# run_init rpm -ivh /root/kernel-2.6.18- 1.2747.2.1.el5.lspp.55.ppc64.rpm --force Authenticating ealuser. Password: /etc/selinux/mls/contexts/files/file_contexts: Multiple same specifications for /a?quota.(user|group). Preparing... ########################################### [100%] 1:kernel ########################################### [100%] mktemp: cannot make temp dir /tmp/initrd.AG2456: Permission denied mktemp: cannot create temp file /tmp/initrd.img.TR2457: Permission denied Error creating temporaries. Try again mkinitrd failed error: %post(kernel-2.6.18-1.2747.2.1.el5.lspp.55.ppc64) scriptlet failed, exit status 1 [root@bladeracer1 root]# ls /boot boot.cmdline boot.entry config-2.6.18-1.2747.2.1.el5.lspp.55 config-2.6.18-1.2767.el5 config-2.6.18-1.2840.2.1.el5.lspp.57 etc fallback.check grub initrd-2.6.18-1.2767.el5.img initrd-2.6.18-1.2840.2.1.el5.lspp.57.img lost+found symvers-2.6.18-1.2747.2.1.el5.lspp.55.gz symvers-2.6.18-1.2767.el5.gz symvers-2.6.18-1.2840.2.1.el5.lspp.57.gz System.map-2.6.18-1.2747.2.1.el5.lspp.55 System.map-2.6.18-1.2767.el5 System.map-2.6.18-1.2840.2.1.el5.lspp.57 vmlinuz-2.6.18-1.2747.2.1.el5.lspp.55 vmlinuz-2.6.18-1.2767.el5 vmlinuz-2.6.18-1.2840.2.1.el5.lspp.57 [root@bladeracer1 root]# rpm -q kernel kernel-2.6.18-1.2767.el5 kernel-2.6.18-1.2840.2.1.el5.lspp.57 kernel-2.6.18-1.2747.2.1.el5.lspp.55
Created attachment 144118 [details] audit.log
----- Additional Comments From mcthomps.com 2006-12-20 11:35 EDT ------- AVC messages from kernel rpm install
The latest policy on people removed the bootloader_exec_t from /sbin/mkinitrd which should fix this problem. Basically we want mkinitrd labeled as sbin_t so that it will continue to run under rpm_script_t context. So this should be fixed in selinux-policy-2.4.6-15.el5
changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ACCEPTED |CLOSED ------- Additional Comments From dvelarde.com 2007-01-05 17:20 EDT ------- I was able to successfully use rpm -Uvh to upgrade my kernel to lspp.58 version from a RHEL5 RC5 install in enforcing mode. I restarted system and it came up fine.
Fedora Core 5 and Fedora Core 6 are, as we're sure you've noticed, no longer test releases. We're cleaning up the bug database and making sure important bug reports filed against these test releases don't get lost. It would be helpful if you could test this issue with a released version of Fedora or with the latest development / test release. Thanks for your help and for your patience. [This is a bulk message for all open FC5/FC6 test release bugs. I'm adding myself to the CC list for each bug, so I'll see any comments you make after this and do my best to make sure every issue gets proper attention.]
This bug appears to be resolved.