Bug 268241 - fc8t1 hangs while booting up with default selinux setup
Summary: fc8t1 hangs while booting up with default selinux setup
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy   
(Show other bugs)
Version: rawhide
Hardware: ppc64 All
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL: ARRAY(0x8bbc90)
Depends On:
TreeView+ depends on / blocked
Reported: 2007-08-30 18:05 UTC by IBM Bug Proxy
Modified: 2007-11-30 22:12 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-09-10 14:20:25 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
screenshot (402.59 KB, image/jpeg)
2007-08-31 04:35 UTC, IBM Bug Proxy
no flags Details
var-log-message (126.42 KB, application/octet-stream)
2007-08-31 05:05 UTC, IBM Bug Proxy
no flags Details
audit-log (52.43 KB, application/octet-stream)
2007-08-31 05:05 UTC, IBM Bug Proxy
no flags Details

External Trackers
Tracker ID Priority Status Summary Last Updated
IBM Linux Technology Center 38369 None None None Never

Description IBM Bug Proxy 2007-08-30 18:05:23 UTC
After installation of fc8test1, during the first boot , system hangs by saying 
  " no more process in this runlevel". It is due to default selinux enabled.
When I rebooted the system with "selinux=0" parameter, It worked fine.

---uname -a------------
Linux p55lp1.in.ibm.com 2.6.23-0.61.rc1.git9.fc8 #1 SMP Tue Jul 31 17:10:34 EDT
2007 ppc64 ppc64 ppc64 GNU/Linux

--machine info------
p520,js21,p55..  (ppc64)

--message while booting---------
>>>>>>>>>>>>>>>some SELINUX messages <<<<<<<<<<<<<<

INIT: id 3 respawning too fast : disabled for 5 minutes
INIT: id 4 respawning too fast : disabled for 5 minutes
INIT: no process in this runlevel....................

and hanged

Reproducable? yes (will update the complete log soon)


Comment 1 IBM Bug Proxy 2007-08-31 04:35:37 UTC
Created attachment 182681 [details]

(In reply to comment #2)
> Hi Omar, are you seeing any AVC messages? Please attach
>var/log/audit/audit.log and /var/log/messages.
I could see some "avc:denied" messages , while booting up the system with
selinux=1 as boot parameter .Attaching screenshot,

> You said this is the first boot but I want to make sure - was the machine
> installed or booted with SELinux disabled before the hang occured? 

yes machine installed with selinux disabled.
>If so, you  may need to relabel the filesystem (touch /.autorelabel and

I did what u said, I got booted up into the system and got some avc messages in

Aug 31 09:41:16 p520b kernel: audit(1188533451.349:3): avc:  denied  { execmem
} for  pid=582 comm="rc.sysinit" scontext=system_u:system_r:init_t:s0
tcontext=system_u:system_r:init_t:s0 tclass=process
Aug 31 09:41:16 p520b kernel: audit(1188533451.464:4): avc:  denied  { execmem
} for  pid=584 comm="uname" scontext=system_u:system_r:initrc_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=process
Aug 31 09:41:16 p520b kernel: audit(1188533461.519:5): avc:  denied  { execmem
} for  pid=1153 comm="sh" scontext=system_u:system_r:loadkeys_t:s0
tcontext=system_u:system_r:loadkeys_t:s0 tclass=process
Aug 31 09:41:16 p520b kernel: audit(1188533462.610:6): avc:  denied  { execmem
} for  pid=1182 comm="fsck.ext3" scontext=system_u:system_r:fsadm_t:s0
tcontext=system_u:system_r:fsadm_t:s0 tclass=process
Aug 31 09:41:16 p520b kernel: audit(1188533467.085:7): avc:  denied  { execmem
} for  pid=1302 comm="true" scontext=system_u:system_r:initrc_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=process

After restarting it has come to original back to the same stage saying

---" no more processes in runlevel "
and got hanged


Comment 2 IBM Bug Proxy 2007-08-31 05:05:55 UTC
Created attachment 182701 [details]

Comment 3 IBM Bug Proxy 2007-08-31 05:05:57 UTC
Created attachment 182721 [details]

Comment 4 Daniel Walsh 2007-08-31 10:06:23 UTC
This is a known problem with the ppc architecture.  Basically the build
environment/tool chain is setup wrong.  Every executable requires execmem.  You
can turn on the boolean 

setsebool -P allow_execmem=1

Which will help, but they are working on a rebuild of ppc.

You might have to run in permissive mode until the next test release.

Comment 5 Daniel Walsh 2007-09-10 14:20:25 UTC
All of the ppc packages have been rebuilt correctly in rawhide, so this bug
should be fixed.

Comment 6 IBM Bug Proxy 2007-09-19 06:05:49 UTC
------- Comment From mohd.omar@in.ibm.com 2007-09-19 02:00 EDT-------
Hi all,

fc8test2 doesn't throw any AVC messages with default boot.


Comment 7 IBM Bug Proxy 2007-09-25 13:32:55 UTC
------- Comment From amitarora@in.ibm.com 2007-09-25 05:57 EDT-------
Closing the bug at IBM side.

Note You need to log in before you can comment on or make changes to this bug.