Bug 441954 - kernel crash: semanage user -m -R unconfined_r user_u leaves existing process system_u object_r unlabeled_t
Summary: kernel crash: semanage user -m -R unconfined_r user_u leaves existing process...
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: rawhide
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Eric Paris
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-04-10 20:33 UTC by archimerged Ark submedes
Modified: 2008-08-02 23:40 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-05-05 17:32:26 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description archimerged Ark submedes 2008-04-10 20:33:04 UTC
Description of problem:
This happens on Rawhide-2008-04-09, which has error in installing
selinux-policy-targeted.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.3.1-31.fc9.noarch
policycoreutils-2.0.46-2.fc9.i386
libsemanage-2.0.24-1.fc9.i386

How reproducible:
I've seen it each time I looked (twice)

Steps to Reproduce:
1. Install Rawhide-2008-04-09 (that might be important)
2. user login on X11, logout.  (which sometimes leaves Xorg :0 tty7 running)
3. ps -ef | grep [u]serlogin; secon --pid 
4. tty1# semanage user -m -R unconfined_r user_u
5. ps -ef | grep [u]serlogin

Actual results:
3. bonobo-activation-server had context user_u user_r user_t
4. semanage got error message libsemanage_dbase_llist_query: could not query
record value (no such file or directory), after a long delay (maybe a minute).
5. the process context was system_u object_r unlabeled_t.

Expected results:
Not this.  I imagine the process might have elevated privileges now.

Additional info:

install.log:
Installing selinux-policy-targeted-3.3.1-31.fc9.noarch
/usr/sbin/semanage: You must specify a prefix
/usr/sbin/semanage: You must specify a prefix

Comment 1 archimerged Ark submedes 2008-04-10 20:48:22 UTC
My notes also say on first attempt to change user_r to unconfined_r, system
crashed hard, no keyboard response even to shift-lock, no ping response,
power-off button which usually triggers shutdown was ignored, reset required. 
On reboot, the role was changed.  This happened on both systems I had installed
04-09 on.  I am repeating install to see if the crash is repeatable.  Presumably
the fixes to targeted policy might mask the symptoms but I don't think it should
be possible to crash the system just because s-p-t-3.3.1-31 is installed, and
this probably reflects a different bug.  Any pointers to instructions for
setting up serial port kernel debugger to get the crash state?


Comment 2 archimerged Ark submedes 2008-04-11 01:47:44 UTC
Repeated install on two systems.  The crucial factor which seems necessary for a
crash is that the user is logged in.  If no user process is active, there is no
crash.  If user is logged in, the crash occurs a short (but not zero) time after
the dbase_llist_query no such file or directory.  It is definitely a hard crash:
shift-lock, num-lock, scroll-lock lights do not respond, mouse tracking stops,
ping response stops, all at the same time.

Comment 3 Eric Paris 2008-04-12 01:55:16 UTC
dan, although clearly not impossible that this was an actual kernel crash more
likely is that system_u:object_r:kernel_t became and invalid type and all of the
sudden darn near everything went boom.

To collect a kernel crash though attach a serial console and add

console=ttyS0,9600 console=tty0 to the boot line.  All kernel meesage will them
go out the first serial port and to the console...

Comment 4 Eric Paris 2008-05-01 14:02:27 UTC
Did we get any messages from the console?  Anything relevant you could find in
/var/log/messages dmesg or /var/log/audit/audit.log

Comment 5 Daniel Walsh 2008-05-05 17:32:26 UTC
Fixed in latest policy

Fixed in selinux-policy-3.3.1-40.fc9.noarch


Note You need to log in before you can comment on or make changes to this bug.