Bug 214397 - kernel Oops with non-MLS/MCS policy
Summary: kernel Oops with non-MLS/MCS policy
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.0
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: Eric Paris
QA Contact: Brian Brock
Depends On:
TreeView+ depends on / blocked
Reported: 2006-11-07 13:37 UTC by Stephen Smalley
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2006-12-23 02:10:53 UTC

Attachments (Terms of Use)

Description Stephen Smalley 2006-11-07 13:37:03 UTC
Description of problem:
Back port of the IPSEC labeling code in the FC6 kernel is missing a bug fix,
which causes an Oops if you try to boot with a non-MLS-enabled policy (i.e.
something other than the shipped policies).

Version-Release number of selected component (if applicable):

How reproducible:
Every time.

Steps to Reproduce:
1. Build an upstream policy from oss.tresys.com w/o MLS.
2. Set /etc/selinux/config to point to that policy.
3. Boot the kernel.
Actual results:
Oops in ebitmap_cpy from security_sid_mls_cpy.

Expected results:
Kernel works.

Additional info:
Upstream bug fix was:
commit 4eb327b517cf85f6cb7dcd5691e7b748cbe8c343
tree 51bd92e6b5582a10f21de0d909fb062d6ecf8cce
parent 161643660129dd7d98f0b12418c0a2710ffa7db6
author Venkat Yekkirala <vyekkirala@TrustedCS.com> 1158686659 -0700
committer David S. Miller <davem@sunset.davemloft.net> 1158963544 -0700

[SELINUX]: Fix bug in security_sid_mls_copy

Comment 1 Eric Paris 2006-11-08 16:39:12 UTC
As this is upstream I'm going to let FC6 pick up the fix when they next rebase
the kernel.  I am going to move this to be a RHEL5 BZ and have it fixed with a
patch there.

Comment 2 Eric Paris 2006-12-01 19:24:56 UTC
patch posted to internal list 12/1/06

Comment 3 RHEL Product and Program Management 2006-12-04 14:31:05 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for

Comment 4 Don Zickus 2006-12-05 19:53:32 UTC
in 2.6.18-1.2817.el5

Comment 5 RHEL Product and Program Management 2006-12-23 02:10:53 UTC
A package has been built which should help the problem described in 
this bug report. This report is therefore being closed with a resolution 
of CURRENTRELEASE. You may reopen this bug report if the solution does 
not work for you.

Note You need to log in before you can comment on or make changes to this bug.