Bug 214397 - kernel Oops with non-MLS/MCS policy
kernel Oops with non-MLS/MCS policy
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel (Show other bugs)
5.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Eric Paris
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-11-07 08:37 EST by Stephen Smalley
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: beta2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-12-22 21:10:53 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Stephen Smalley 2006-11-07 08:37:03 EST
Description of problem:
Back port of the IPSEC labeling code in the FC6 kernel is missing a bug fix,
which causes an Oops if you try to boot with a non-MLS-enabled policy (i.e.
something other than the shipped policies).

Version-Release number of selected component (if applicable):
2.6.18-1.2798.fc6

How reproducible:
Every time.


Steps to Reproduce:
1. Build an upstream policy from oss.tresys.com w/o MLS.
2. Set /etc/selinux/config to point to that policy.
3. Boot the kernel.
  
Actual results:
Oops in ebitmap_cpy from security_sid_mls_cpy.

Expected results:
Kernel works.

Additional info:
Upstream bug fix was:
http://marc.theaimsgroup.com/?l=git-commits-head&m=115905653315945&w=2
commit 4eb327b517cf85f6cb7dcd5691e7b748cbe8c343
tree 51bd92e6b5582a10f21de0d909fb062d6ecf8cce
parent 161643660129dd7d98f0b12418c0a2710ffa7db6
author Venkat Yekkirala <vyekkirala@TrustedCS.com> 1158686659 -0700
committer David S. Miller <davem@sunset.davemloft.net> 1158963544 -0700

[SELINUX]: Fix bug in security_sid_mls_copy
Comment 1 Eric Paris 2006-11-08 11:39:12 EST
As this is upstream I'm going to let FC6 pick up the fix when they next rebase
the kernel.  I am going to move this to be a RHEL5 BZ and have it fixed with a
patch there.
Comment 2 Eric Paris 2006-12-01 14:24:56 EST
patch posted to internal list 12/1/06
Comment 3 RHEL Product and Program Management 2006-12-04 09:31:05 EST
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.
Comment 4 Don Zickus 2006-12-05 14:53:32 EST
in 2.6.18-1.2817.el5
Comment 5 RHEL Product and Program Management 2006-12-22 21:10:53 EST
A package has been built which should help the problem described in 
this bug report. This report is therefore being closed with a resolution 
of CURRENTRELEASE. You may reopen this bug report if the solution does 
not work for you.

Note You need to log in before you can comment on or make changes to this bug.