Bug 528488 - dracut built initrd fails to find rootfs
dracut built initrd fails to find rootfs
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: udev (Show other bugs)
rawhide
All Linux
low Severity high
: ---
: ---
Assigned To: Harald Hoyer
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-10-12 09:36 EDT by Jeff Layton
Modified: 2014-06-18 03:39 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-10-15 09:28:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
console log from failed boot (25.10 KB, text/plain)
2009-10-12 09:36 EDT, Jeff Layton
no flags Details

  None (edit)
Description Jeff Layton 2009-10-12 09:36:19 EDT
Booting a rawhide KVM guest with dracut built initrd fails when trying to activate and fsck the rootfs. The problem seems to be something with /dev entries.

After the fsck fails, I enter the root pw and it drops to a shell. Only the "control" entry exists under /dev/mapper even though earlier boot messages seem to indicate that activating the LVM VG where it lives was successful.

Rebuilding the initramfs with mkinitrd and booting works fine. I'm using:

dracut-002-13.4.git8f397a9b.fc12.noarch

Complete console log is attached. Let me know if you need other info...
Comment 1 Jeff Layton 2009-10-12 09:36:53 EDT
Created attachment 364455 [details]
console log from failed boot
Comment 2 Harald Hoyer 2009-10-12 09:48:38 EDT
why is this a problem with dracut?
Comment 3 Harald Hoyer 2009-10-12 09:49:52 EDT
type=1400 audit(1255354212.706:9): avc:  denied  { open } for  pid=289 comm="mount" name="null" dev=devtmpfs ino=3590 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=chr_file



can you try to boot with "selinux=0" ?
Comment 4 Jeff Layton 2009-10-12 09:59:15 EDT
> why is this a problem with dracut?

Because an initramfs built with mkinitrd works fine?

> can you try to boot with "selinux=0" ?

I already had selinux in permissive mode, but went ahead and disabled it completely for giggles. It failed in the exact same way.
Comment 5 Jeff Layton 2009-10-12 10:04:32 EDT
The interesting bit is that the switchroot actually works, so filesystems are actually being mounted. Here's /proc/mounts after entering the maintenance shell:

(Repair filesystem) 1 # cat /proc/mounts
rootfs / rootfs rw 0 0
/proc /proc proc rw,relatime 0 0
/sys /sys sysfs rw,seclabel,relatime 0 0
udev /dev devtmpfs rw,relatime,size=225116k,nr_inodes=56279 0 0
/dev/pts /dev/pts devpts rw,seclabel,relatime,mode=600,ptmxmode=000 0 0
/dev/shm /dev/shm tmpfs rw,seclabel,relatime 0 0
/dev/mapper/rawhidevg-root / ext4 ro,seclabel,relatime,barrier=1,data=ordered 0 0
none /selinux selinuxfs rw,relatime 0 0
/proc/bus/usb /proc/bus/usb usbfs rw,relatime 0 0
none /dev tmpfs rw,rootcontext=system_u:object_r:device_t:s0,seclabel,relatime,mode=755 0 0
devpts /dev/pts devpts rw,seclabel,relatime,mode=600,ptmxmode=000 0 0

I think that the question is we need to answer is: Why are there no block device entries under /dev/mapper after switchroot?
Comment 6 Harald Hoyer 2009-10-12 10:29:15 EDT
udev /dev devtmpfs 
none /dev tmpfs

ok, /dev is mounted as devtmpfs first and then start_udev might mount a tmpfs there..

can you comment out the shell block in /sbin/start_udev which starts like this?

# mount the tmpfs on ${udev_root%/}, if not already done
LANG=C awk "\$2 == \"${udev_root%/}\" && \$3 == \"tmpfs\" { exit 1 }" /proc/mounts && {
....        
        ret=$[$ret + $?]
}
Comment 7 Jeff Layton 2009-10-12 10:50:40 EDT
That seemed to work -- it boots with that block commented out. There seems to be a problem setting security labels on the nodes under /dev though. I get a ton of these sorts of messages on the console while booting:

udevd-work[620]: setfilecon /dev/disk/by-id/ata-QEMU_HARDDISK_QM00001-part1 failed: Operation not supported

udevd-work[620]: setfilecon /dev/disk/by-id/ata-QEMU_HARDDISK_QM00001-part1 failed: Operation not supported

udevd-work[620]: setfilecon /dev/disk/by-path/pci-0000:00:01.1-scsi-0:0:0:0-part1 failed: Operation not supported

FWIW this is using:

udev-145-10.fc12.x86_64
Comment 8 Harald Hoyer 2009-10-12 11:26:58 EDT
ok, next step..

edit /usr/share/dracut/modules.d/99base/init

make
if [ ! -c /dev/ptmx ]; then
    # try to mount devtmpfs
    if ! mount -t devtmpfs -omode=0755 udev /dev >/dev/null 2>&1; then
        # if it failed fall back to normal tmpfs
        mount -t tmpfs -omode=0755 udev /dev >/dev/null 2>&1 
        # Make some basic devices first, let udev handle the rest
        mknod /dev/null c 1 3
        mknod /dev/ptmx c 5 2
        mknod /dev/console c 5 1
        mknod /dev/kmsg c 1 11
    fi
fi

to

if [ ! -c /dev/ptmx ]; then
        # if it failed fall back to normal tmpfs
        mount -t tmpfs -omode=0755 udev /dev >/dev/null 2>&1 
        # Make some basic devices first, let udev handle the rest
        mknod /dev/null c 1 3
        mknod /dev/ptmx c 5 2
        mknod /dev/console c 5 1
        mknod /dev/kmsg c 1 11
fi

and rebuild the initramfs image with:

# dracut -f /boot/initramfs-$(uname -r).img $(uname -r)
Comment 9 Harald Hoyer 2009-10-12 11:27:57 EDT
this will mount a tmpfs instead of the devtmpfs on /dev

let me know, if the 

udevd-work[620]: setfilecon /dev/disk/by-id/ata-QEMU_HARDDISK_QM00001-part1
failed: Operation not supported

messages disappear.
Comment 10 Jeff Layton 2009-10-12 13:56:37 EDT
Yes, that seemed to eliminate the messages (note that that was tested with the "patch" from comment #6 still in place).
Comment 11 Harald Hoyer 2009-10-13 10:24:24 EDT
dwalsh: why does it give those setfilecon errors on a devtmpfs filesystem (which is practically a tmpfs)
Comment 12 Daniel Walsh 2009-10-13 11:32:56 EDT
Because we have not told selinux what a devtmpfs is.

Is this a new file system?  Or just call it a tmpfs_t?
Comment 13 Daniel Walsh 2009-10-13 11:34:57 EDT
Fixed in selinux-policy-3.6.32-26.fc12.noarch
Comment 14 Harald Hoyer 2009-10-13 11:42:04 EDT
cool, thx
Comment 15 Daniel Walsh 2009-10-13 18:14:19 EDT
Harald can you pull the policy out of Rawhide and make sure it works ok.  If it does I will ask for this policy to be updated for Beta.
Comment 16 Harald Hoyer 2009-10-14 06:33:17 EDT
didn't find a build for selinux-policy-3.6.32-26

on rebuilding from cvs I get:

/usr/bin/checkmodule:  loading policy configuration from tmp/xen.tmp
policy/modules/system/xen.te":354:ERROR 'permission getshed is not defined for class process' at token ';' on line 16604:
allow xm_t self:process { getshed signal };
allow xm_t self:capability { dac_override ipc_lock sys_tty_config };
/usr/bin/checkmodule:  error(s) encountered while parsing configuration
make: *** [tmp/xen.mod] Error 1
error: Bad exit status from /var/tmp/rpm-tmp.4R2wi1 (%install)


RPM build errors:
    Bad exit status from /var/tmp/rpm-tmp.4R2wi1 (%install)
Comment 17 Harald Hoyer 2009-10-14 06:35:34 EDT
-fs_use_trans tmpfs gen_context(system_u:object_r:tmpfs_t,s0);
+fs_use_trans devtmpfs gen_context(system_u:object_r:tmpfs_t,s0);

Hmm, why do you remove the normal tmpfs? It still exists for older kernels < 2.6.32 without devtmpfs
Comment 18 Harald Hoyer 2009-10-14 06:43:47 EDT
(In reply to comment #17)
> Hmm, why do you remove the normal tmpfs? It still exists for older kernels <
> 2.6.32 without devtmpfs  

s/still exists/still is mounted on /dev /
Comment 19 Harald Hoyer 2009-10-14 06:52:30 EDT
ok, managed to build the rpm with:

s/getshed/getsched/

and not removing 
fs_use_trans tmpfs gen_context(system_u:object_r:tmpfs_t,s0);
but adding 
fs_use_trans devtmpfs gen_context(system_u:object_r:tmpfs_t,s0);


WORKSFORME.. no more  
setfilecon ... failed: Operation not supported
Comment 20 Daniel Walsh 2009-10-14 09:31:27 EDT
I guess it is a good thing it did not build.  I will build a new version ASAP with your fixes.

Then can we close this bug.
Comment 21 Jeff Layton 2009-10-15 09:28:11 EDT
I had another rawhide guest with this problem and patched it with udev-145-11 (and associated libs) and selinux-policy-3.6.32-27 (and the associated -targeted package). Rebuilt the initramfs with dracut and it works fine.

I think we can declare this one closed. Thanks for the quick resolution!

Note You need to log in before you can comment on or make changes to this bug.