Bug 268241 - fc8t1 hangs while booting up with default selinux setup
fc8t1 hangs while booting up with default selinux setup
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
ppc64 All
medium Severity high
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-08-30 14:05 EDT by IBM Bug Proxy
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-09-10 10:20:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
screenshot (402.59 KB, image/jpeg)
2007-08-31 00:35 EDT, IBM Bug Proxy
no flags Details
var-log-message (126.42 KB, application/octet-stream)
2007-08-31 01:05 EDT, IBM Bug Proxy
no flags Details
audit-log (52.43 KB, application/octet-stream)
2007-08-31 01:05 EDT, IBM Bug Proxy
no flags Details

External Trackers
Tracker ID Priority Status Summary Last Updated
IBM Linux Technology Center 38369 None None None Never

  None (edit)
Description IBM Bug Proxy 2007-08-30 14:05:23 EDT
After installation of fc8test1, during the first boot , system hangs by saying 
  " no more process in this runlevel". It is due to default selinux enabled.
When I rebooted the system with "selinux=0" parameter, It worked fine.

---uname -a------------
Linux p55lp1.in.ibm.com 2.6.23-0.61.rc1.git9.fc8 #1 SMP Tue Jul 31 17:10:34 EDT
2007 ppc64 ppc64 ppc64 GNU/Linux

--machine info------
p520,js21,p55..  (ppc64)

--message while booting---------
>>>>>>>>>>>>>>>some SELINUX messages <<<<<<<<<<<<<<

INIT: id 3 respawning too fast : disabled for 5 minutes
INIT: id 4 respawning too fast : disabled for 5 minutes
INIT: no process in this runlevel....................

and hanged

Reproducable? yes (will update the complete log soon)

Comment 1 IBM Bug Proxy 2007-08-31 00:35:37 EDT
Created attachment 182681 [details]

(In reply to comment #2)
> Hi Omar, are you seeing any AVC messages? Please attach
>var/log/audit/audit.log and /var/log/messages.
I could see some "avc:denied" messages , while booting up the system with
selinux=1 as boot parameter .Attaching screenshot,

> You said this is the first boot but I want to make sure - was the machine
> installed or booted with SELinux disabled before the hang occured? 

yes machine installed with selinux disabled.
>If so, you  may need to relabel the filesystem (touch /.autorelabel and

I did what u said, I got booted up into the system and got some avc messages in

Aug 31 09:41:16 p520b kernel: audit(1188533451.349:3): avc:  denied  { execmem
} for  pid=582 comm="rc.sysinit" scontext=system_u:system_r:init_t:s0
tcontext=system_u:system_r:init_t:s0 tclass=process
Aug 31 09:41:16 p520b kernel: audit(1188533451.464:4): avc:  denied  { execmem
} for  pid=584 comm="uname" scontext=system_u:system_r:initrc_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=process
Aug 31 09:41:16 p520b kernel: audit(1188533461.519:5): avc:  denied  { execmem
} for  pid=1153 comm="sh" scontext=system_u:system_r:loadkeys_t:s0
tcontext=system_u:system_r:loadkeys_t:s0 tclass=process
Aug 31 09:41:16 p520b kernel: audit(1188533462.610:6): avc:  denied  { execmem
} for  pid=1182 comm="fsck.ext3" scontext=system_u:system_r:fsadm_t:s0
tcontext=system_u:system_r:fsadm_t:s0 tclass=process
Aug 31 09:41:16 p520b kernel: audit(1188533467.085:7): avc:  denied  { execmem
} for  pid=1302 comm="true" scontext=system_u:system_r:initrc_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=process

After restarting it has come to original back to the same stage saying

---" no more processes in runlevel "
and got hanged

Comment 2 IBM Bug Proxy 2007-08-31 01:05:55 EDT
Created attachment 182701 [details]
Comment 3 IBM Bug Proxy 2007-08-31 01:05:57 EDT
Created attachment 182721 [details]
Comment 4 Daniel Walsh 2007-08-31 06:06:23 EDT
This is a known problem with the ppc architecture.  Basically the build
environment/tool chain is setup wrong.  Every executable requires execmem.  You
can turn on the boolean 

setsebool -P allow_execmem=1

Which will help, but they are working on a rebuild of ppc.

You might have to run in permissive mode until the next test release.
Comment 5 Daniel Walsh 2007-09-10 10:20:25 EDT
All of the ppc packages have been rebuilt correctly in rawhide, so this bug
should be fixed.
Comment 6 IBM Bug Proxy 2007-09-19 02:05:49 EDT
------- Comment From mohd.omar@in.ibm.com 2007-09-19 02:00 EDT-------
Hi all,

fc8test2 doesn't throw any AVC messages with default boot.

Comment 7 IBM Bug Proxy 2007-09-25 09:32:55 EDT
------- Comment From amitarora@in.ibm.com 2007-09-25 05:57 EDT-------
Closing the bug at IBM side.

Note You need to log in before you can comment on or make changes to this bug.