Steps to Reproduce: 1.On Pristine RHEL5 system with selinux-policy-2.4.6-30.el5 which comes as default with RHEL5, Update selinux policy to selinux-policy-2.4.6-80.el5 by installing selinux-policy-2.4.6-80.el5 and selinux-policy-targeted 2.4.6-80.el5( which I confirmed(rpm -qa |grep selinux)). 2.Enforce selinux (/etc/sysconfig/selinux , SELINUX=enforcing). 3.Reboot the system so that the filesystem is labelled as per SELinux policies. Actual results: The system while booting continously throws below messages and doesn't boots up successfully. audit(1189690957.438:1085817): avc: denied { search } for pid=1906 comm="klogd" name="/" dev=tmpfs ino=695 scontext=system_u:system_r:klogd_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
However on a RHEL5 system with already selinux policy enforced(2.4.6-30.el5,policies applied) when I upgraded selinux policy to selinux-policy-2.4.6-80.el5 and then rebooted the system, the system booted successfully.
I am not sure where you got selinux-policy-2.4.6-80.el5 But please grab the u1 policy on http://people.redhat.com/dwalsh/SELinux/RHEL5/noarch And see if this fixes your problem. Not sure what the problem you are seeing here. No idea why you have a tmpfs_t file system that klogd is trying to search. This could ba a labeling problem.
I got selinux-policy-2.4.6-80.el5 from RHN site.Also note that selinux-policy-2.4.6-80.el5 is by default installed on RHEL5 u1(Beta stage)
Created attachment 244511 [details] attching dmesg log file I could reproduce this bug again when I upgraded to selinux-policy-2.4.6-106.el5 available on http://people.redhat.com/dwalsh/SELinux/RHEL5/noarch. I'm attaching /var/log/dmesg output(tested system)for debugging which clearly shows the error messages
THis log shows you have a badly labeled system. touch /.autorelabel reboot. your /dev is not labeled correctly and you have file_t contexts.
Thanks the solution given in above comment worked (though I wonder why my sytem was badly labelled since I had tested this on pristine system without playing with selinux policies).
Not sure was there anything you did special during the install? Did you add disks after the install?
No I had not added any hardware.Moreover I could reproduce this on 2 pristine systems after fresh install of RHEL5.Definately I sense there is some issue and would request you to get it verified at your end after following the original method given in this ticket. Thank's Manoj
We test pristine machines all the time with SELinux installed and do not see this behaviour. That is why this is curious. We have testsuites that do nothing but install systems, and look for avc messages.
Okies you can close this bug :-). However today again when I tried on third machine I got the same error when I followed below method. 1.On Pristine RHEL5 system with selinux-policy-2.4.6-30.el5 which comes as default with RHEL5, Update selinux policy to selinux-policy-2.4.6-80.el5 by installing selinux-policy-2.4.6-106.el5 and selinux-policy-targeted 2.4.6-106.el5(which I confirmed(rpm -qa |grep selinux)). Note: SELinux is disabled(i.e file system is not labelled with any SELinux(not 30 nor new 106) policy yet) 2.Enforce selinux (/etc/sysconfig/selinux , SELINUX=enforcing). 3.Reboot the system so that the filesystem is labelled as per SELinux policies. Actual results: The system while booting continously throws below messages and doesn't boots up successfully. audit(1189690957.438:1085817): avc: denied { search } for pid=1906 comm="klogd" name="/" dev=tmpfs ino=695 scontext=system_u:system_r:klogd_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
What does your mount partition look like?
Please try this with selinux-policy-2.4.6-106.el5_1.3 Reopen if the problem continues.
I had already tested that as stated in comment 4
I have only two physical partitions / and swap.
Well to get rid of the avc execute # grep klog /var/log/audit/audit.log | audit2allow -M myklog # semodule -i myklog.pp I will put a fix for this in U2.
Fixed in u2 policy. selinux-policy-2.4.6-125
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2008-0465.html