239562 – boot sequence hangs at selinux relabel operation

Bug 239562 - boot sequence hangs at selinux relabel operation

Summary: boot sequence hangs at selinux relabel operation

Keywords:
Status:	CLOSED DUPLICATE of bug 244636
Alias:	None
Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	policycoreutils
Sub Component:
Version:	4.5
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Daniel Walsh
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-05-09 14:54 UTC by Richard Phipps
Modified:	2007-11-17 01:14 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-06-22 15:55:56 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Richard Phipps 2007-05-09 14:54:15 UTC

Description of problem:
Boot sequence appears to hang during SELinux relabel operation.

Version-Release number of selected component (if applicable):
Red Hat Enterprise Linux AS release 4 (Nahant Update 5)

How reproducible:
touch /.autorelabel
reboot

Actual results:
Boot sequence stops here:

         *** Warning -- SELinux relabel is required. ***
         *** Disabling security enforcement.         ***
         *** Relabeling could take a very long time, ***
         *** depending on file system size.          ***


Expected results:
Boot sequence continues after relabel is complete.

Additional info:
Apparent cause is: fixfiles command was broken in policycoreutils-1.18.1-4.12
The file /etc/rc.sysinit contains this:
 /sbin/fixfiles -F relabel > /dev/null 2>&1

Behavior of fixfiles per man page says -F skips prompting for removal of /tmp
files. However, fixfiles from policycoreutils-1.18.1-4.12 prompts regardless
if -F switch is used. This probably causes the apparent boot hang, as rc.sysinit
is waiting at: /sbin/fixfiles -F relabel > /dev/null 2>&1

The fixfiles -F switch worked as expected in policycoreutils-1.18.1-4.9

Comment 1 Carsten Tumma 2007-05-22 16:10:54 UTC

By adding the fallback to use /sbin/restorecon if /usr/sbin/setfiles is not
available, the "exit $?" statement has been removed from the end of the
restore() function within /sbin/fixfiles. This causes fixfiles to continue
execution after it actually finished relabeling.

Comment 2 Daniel Walsh 2007-05-23 17:06:17 UTC

We have not seen this in house although the exit $? is definitely removed.

Does this only happen with a separate /usr partiition?

Comment 3 Daniel Walsh 2007-05-23 17:13:30 UTC

If you add back in the exit $? does it work?

Comment 4 Carsten Tumma 2007-05-24 07:03:27 UTC

(In reply to comment #2)
> We have not seen this in house although the exit $? is definitely removed.
> 
> Does this only happen with a separate /usr partiition?

No, this happens always, regardless whether /usr is on a local partition or
mounted remotely later during the boot process. In any case fixfiles continues
execution prompts the user after the file security contexts have been restored
using either setfiles or restorecon.

(In reply to comment #3)
> If you add back in the exit $? does it work?

Yes.

Comment 5 RHEL Program Management 2007-05-24 14:04:31 UTC

This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 6 Daniel Walsh 2007-06-22 15:55:56 UTC


*** This bug has been marked as a duplicate of 244636 ***

Note You need to log in before you can comment on or make changes to this bug.