Description of problem: Trying to open a file on an NFS4 (krb5i) mounted partion and denying this by SELinux policy causes a kernel oops: [ 1841.233320] type=1400 audit(1289684788.194:30): avc: denied { open } for pid=6211 comm="python" name=".bitbake.elito.conf" dev=0:16 ino=41932 scontext=unconfined_u:unconfined_r:build_t:s0-s0:c0.c1023 tcontext=system_u:object_r:nfs_t:s0 tclass=file [ 1841.234331] BUG: unable to handle kernel NULL pointer dereference at 000000000000000b [ 1841.234339] IP: [<ffffffff811163e7>] nameidata_to_filp+0x24/0x50 [ 1841.234350] PGD 121de4067 PUD 135a1b067 PMD 0 [ 1841.234359] Oops: 0000 [#1] SMP [ 1841.234365] last sysfs file: /sys/devices/system/cpu/cpu1/cache/index2/shared_cpu_map [ 1841.234370] CPU 0 [ 1841.234372] Modules linked in: fuse ip6_tables ebtable_nat ebtables nfsd exportfs coretemp des_generic nfs fscache nfs_acl rpcsec_gss_krb5 auth_rpcgss lockd sunrpc cpufreq_ondemand acpi_cpufreq freq_table mperf bridge stp llc iptable_nat nf_nat xt_pkttype xt_physdev ipt_LOG xt_limit sha256_generic cryptd aes_x86_64 aes_generic cbc dm_crypt kvm_intel kvm uinput snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device ftdi_sio snd_pcm snd_timer snd e1000e soundcore usbserial tpm_infineon snd_page_alloc serio_raw iTCO_wdt iTCO_vendor_support microcode usb_storage ata_generic pata_acpi i915 drm_kms_helper drm i2c_algo_bit i2c_core video output [last unloaded: scsi_wait_scan] [ 1841.234498] [ 1841.234501] Pid: 6211, comm: python Not tainted 2.6.35.6-48.fc14.x86_64 #1 D2314-A3/ESPRIMO P5916 iAMT [ 1841.234505] RIP: 0010:[<ffffffff811163e7>] [<ffffffff811163e7>] nameidata_to_filp+0x24/0x50 [ 1841.234510] RSP: 0018:ffff880121e49d48 EFLAGS: 00010286 [ 1841.234513] RAX: fffffffffffffff3 RBX: ffff880121e49e28 RCX: 0000000000000002 [ 1841.234516] RDX: 0000000000000000 RSI: 000000000000012f RDI: ffff880121e49e28 [ 1841.234519] RBP: ffff880121e49d58 R08: ffff8801093829c0 R09: 0000000000000000 [ 1841.234521] R10: 00000000000006ab R11: 0000000000000002 R12: 0000000000000000 [ 1841.234524] R13: 0000000000008000 R14: 0000000000000000 R15: ffff880114aba000 [ 1841.234528] FS: 00007feb797f1720(0000) GS:ffff880002000000(0000) knlGS:0000000000000000 [ 1841.234531] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1841.234534] CR2: 000000000000000b CR3: 0000000130f76000 CR4: 00000000000006f0 [ 1841.234537] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1841.234539] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 1841.234543] Process python (pid: 6211, threadinfo ffff880121e48000, task ffff880133315d00) [ 1841.234545] Stack: [ 1841.234547] 0000000000000000 0000000000008000 ffff880121e49da8 ffffffff81122048 [ 1841.234553] <0> ffff8801093829c0 0000002400000024 ffff880121e49d88 ffff880121e49e28 [ 1841.234560] <0> 0000000000008000 0000000000000024 0000000000000000 0000000000008001 [ 1841.234568] Call Trace: [ 1841.234573] [<ffffffff81122048>] do_last+0x457/0x5d4 [ 1841.234578] [<ffffffff811223f5>] do_filp_open+0x230/0x5e1 [ 1841.234583] [<ffffffff81467b5d>] ? _cond_resched+0xe/0x22 [ 1841.234589] [<ffffffff81221660>] ? might_fault+0x21/0x23 [ 1841.234593] [<ffffffff81221760>] ? __strncpy_from_user+0x1f/0x4e [ 1841.234597] [<ffffffff8112b619>] ? alloc_fd+0x74/0x11f [ 1841.234601] [<ffffffff81116477>] do_sys_open+0x64/0x110 [ 1841.234605] [<ffffffff81116543>] sys_open+0x20/0x22 [ 1841.234610] [<ffffffff81009cf2>] system_call_fastpath+0x16/0x1b [ 1841.234612] Code: 49 63 c6 41 5e c9 c3 55 48 89 e5 48 83 ec 10 0f 1f 44 00 00 65 48 8b 04 25 00 cc 00 00 4c 8b 80 40 04 00 00 48 8b 87 90 00 00 00 <48> 83 78 18 00 75 16 4c 8b 4f 08 48 8b 37 31 c9 48 89 c2 4c 89 [ 1841.234683] RIP [<ffffffff811163e7>] nameidata_to_filp+0x24/0x50 [ 1841.234688] RSP <ffff880121e49d48> [ 1841.234690] CR2: 000000000000000b [ 1841.234694] ---[ end trace 281ed826b18e4c83 ]--- [ 1923.454549] type=1400 audit(1289684870.416:31): avc: denied { open } for pid=6236 comm="python" name=".bitbake.elito.conf" dev=0:16 ino=41932 scontext=unconfined_u:unconfined_r:build_t:s0-s0:c0.c1023 tcontext=system_u:object_r:nfs_t:s0 tclass=file [ 1923.455475] BUG: unable to handle kernel NULL pointer dereference at 000000000000000b [ 1923.455481] IP: [<ffffffff811163e7>] nameidata_to_filp+0x24/0x50 [ 1923.455492] PGD 1149c7067 PUD 114b69067 PMD 0 Version-Release number of selected component (if applicable): kernel-2.6.35.6-48.fc14.x86_64
oops is at /usr/src/debug/kernel-2.6.35.fc14/linux-2.6.35.x86_64/fs/open.c:789 ffffffff811163e7: 48 83 78 18 00 cmpq $0x0,0x18(%rax) <<< with rax being 0xfffffffffffffff3 (-13 == -EACCESS)
Does this still happen on the latest f14 or f15 kernel?
unlikely to be fixed in f14, due to the limited time remaining in its lifecycle.