Red Hat Bugzilla – Bug 214397
kernel Oops with non-MLS/MCS policy
Last modified: 2007-11-30 17:07:36 EST
Description of problem:
Back port of the IPSEC labeling code in the FC6 kernel is missing a bug fix,
which causes an Oops if you try to boot with a non-MLS-enabled policy (i.e.
something other than the shipped policies).
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Build an upstream policy from oss.tresys.com w/o MLS.
2. Set /etc/selinux/config to point to that policy.
3. Boot the kernel.
Oops in ebitmap_cpy from security_sid_mls_cpy.
Upstream bug fix was:
author Venkat Yekkirala <vyekkirala@TrustedCS.com> 1158686659 -0700
committer David S. Miller <firstname.lastname@example.org> 1158963544 -0700
[SELINUX]: Fix bug in security_sid_mls_copy
As this is upstream I'm going to let FC6 pick up the fix when they next rebase
the kernel. I am going to move this to be a RHEL5 BZ and have it fixed with a
patch posted to internal list 12/1/06
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release. Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release. This request is not yet committed for
A package has been built which should help the problem described in
this bug report. This report is therefore being closed with a resolution
of CURRENTRELEASE. You may reopen this bug report if the solution does
not work for you.