Bug 200269 - selinux causes kernel installation failure
selinux causes kernel installation failure
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
6
ia64 Linux
high Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-07-26 12:52 EDT by Prarit Bhargava
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-04-09 09:49:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Prarit Bhargava 2006-07-26 12:52:53 EDT
Description of problem:

When installing a new kernel, selinux prevents the initrd from being created.

Version-Release number of selected component (if applicable): nightly-20060725


How reproducible: 100%


Steps to Reproduce:
1. Download a new kernel RPM
2. attempt to install it

  
Actual results:

Install fails:
[root@frosty home]# rpm -ivh kernel-xen-2.6.17-1.2450.ia64.rpm 
Preparing...                ########################################### [100%]
   1:kernel-xen             ########################################### [100%]
WARNING: /lib/modules/2.6.17-1.2450xen/kernel/drivers/md/xor.ko needs unknown
symbol xor_ia64_3
WARNING: /lib/modules/2.6.17-1.2450xen/kernel/drivers/md/xor.ko needs unknown
symbol xor_ia64_5
WARNING: /lib/modules/2.6.17-1.2450xen/kernel/drivers/md/xor.ko needs unknown
symbol xor_ia64_4
WARNING: /lib/modules/2.6.17-1.2450xen/kernel/drivers/md/xor.ko needs unknown
symbol xor_ia64_2
WARNING: /lib/modules/2.6.17-1.2450xen/kernel/fs/cachefiles/cachefiles.ko needs
unknown symbol copy_page
audit(1153932867.020:5): avc:  denied  { search } for  pid=2355 comm="mkinitrd"
name="/" dev=sda1 ino=1 scontext=root:system_r:bootloader_t:s0-s0:c0.c255
tcontext=system_u:object_r:dosfs_t:s0 tclass=dir
audit(1153932882.564:6): avc:  denied  { search } for  pid=3143 comm="mkinitrd"
name="/" dev=sda1 ino=1 scontext=root:system_r:bootloader_t:s0-s0:c0.c255
tcontext=system_u:object_r:dosfs_t:s0 tclass=dir
audit(1153932882.564:7): avc:  denied  { search } for  pid=3143 comm="mkinitrd"
name="/" dev=sda1 ino=1 scontext=root:system_r:bootloader_t:s0-s0:c0.c255
tcontext=system_u:object_r:dosfs_t:s0 tclass=dir
/sbin/mkinitrd: line 1226: /boot/efi/EFI/redhat/initrd-2.6.17-1.2450xen.img:
Permission denied
mkinitrd failed


Expected results: installation should succeed

Additional info: Installation succeeds if I boot with "selinux=0"
Comment 1 Daniel Walsh 2006-07-26 13:59:56 EDT
Fixed in selinux-policy-2_3_3-11
Comment 2 Matthew Miller 2007-04-06 13:25:57 EDT
Fedora Core 5 and Fedora Core 6 are, as we're sure you've noticed, no longer
test releases. We're cleaning up the bug database and making sure important bug
reports filed against these test releases don't get lost. It would be helpful if
you could test this issue with a released version of Fedora or with the latest
development / test release. Thanks for your help and for your patience.

[This is a bulk message for all open FC5/FC6 test release bugs. I'm adding
myself to the CC list for each bug, so I'll see any comments you make after this
and do my best to make sure every issue gets proper attention.]

Note You need to log in before you can comment on or make changes to this bug.