Description of problem: Updating the system to kernel 2.6.18-1.2200.fc5. The system (web server, running for 2 years with FC without problems) does not even shut down properly. After pulling the plug sys does hang during reboot with lots of avc messages (something with number 57 and for network devices, dovecot, fetchmail, hald, ...). Trying to relabel fs (selinux enabled) - does not help. Rebooting again with formerly updated kernel 2.6.17-1.2187_FC5 - everything runs normally.
Habe experienced the same on another machine. The "57" message is: Security_compute_av: unrecognized class 57 To me, it seems to be a problem of the network card driver. Both machines have an alias eth0 e1000 entry in /etc/modprobe.conf. Maybe something here has changed or is wrong. All other appearing problems seem to follow after the sys is unable to load the driver for the network device properly.
I think this a duplicate of bug #211087: the kernel prints `security_compute_av: unrecognized class 57'
Think, bug 211087 pretty much the same problem.
Yep. ;-)
From http://www.mail-archive.com/netdev@vger.kernel.org/msg12606.html : "The workaround is to enable the old networking controls via the kernel parameter selinux_compat_net=1. Once the distro packages have been updated, this will not be necessary. All that's needed to start with in fact is a change to the startup scripts to do this at boot, depending on the package version. This is a brief temporary issue in -mm." This email talks about secmark and connsecmark I haven't tried this workaroun so I don't know if it works.
Have set kernel /vmlinuz-2.6.18-1.2200.fc5smp ro root=LABEL=/ selinux_compat_net=1 vga=791 in /boot/grub/grub.conf. [root@blackhole h0m6r3]# uname -r 2.6.18-1.2200.fc5smp e.g., it works! Great!
Doesn't completely work for me. Still have problems with sshd among others. Back at previous kernel for now.
*** This bug has been marked as a duplicate of 211087 ***