Bug 856332 - RHEL6.4 build panic after dracut FATAL: Initial SELinux policy load failed
RHEL6.4 build panic after dracut FATAL: Initial SELinux policy load failed
Status: CLOSED WORKSFORME
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy (Show other bugs)
6.4
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Miroslav Grepl
BaseOS QE Security Team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-09-11 15:35 EDT by Scott Poore
Modified: 2014-05-14 12:43 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1101967 (view as bug list)
Environment:
Last Closed: 2012-10-09 07:12:53 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
print screen (20.71 KB, image/png)
2013-05-29 02:36 EDT, EricLee
no flags Details

  None (edit)
Description Scott Poore 2012-09-11 15:35:15 EDT
Description of problem:

Panic during RHEL 6.4 nightly build kickstart in beaker:

dracut: Mounted root filesystem /dev/sda3 
dracut: Loading SELinux policy 
type=1404 audit(1347361672.118:2): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 
dracut: SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.24: No such file or directory /sbin/load_policy: Can't load policy and enforcing mode requested: No such file or directory 
dracut Warning: Initial SELinux policy load failed. 
dracut: FATAL: Initial SELinux policy load failed. Machine in enforcing mode. To disable selinux, add selinux=0 to the kernel command line. 
dracut: Refusing to continue 
dracut Warning: Signal caught! 
  
  
 %G  
  
dracut Warning: dracut: FATAL: Initial SELinux policy load failed. Machine in enforcing mode. To disable selinux, add selinux=0 to the kernel command line. 
dracut Warning: dracut: Refusing to continue 
Kernel panic - not syncing: Attempted to kill init! 


Version-Release number of selected component (if applicable):

RHEL6.4-20120910.n.0 Server x86_64

How reproducible:
Unknown

Steps to Reproduce:
1. RHEL 6.4 build in beaker
  
Actual results:

panic

Expected results:

install OS without panic

Additional info:
Comment 2 Scott Poore 2012-09-18 13:49:51 EDT
Any word on this one?

Here's a little more info from the failure I saw:

Kernel panic - not syncing: Attempted to kill init! 
Pid: 1, comm: init Not tainted 2.6.32-306.el6.x86_64 #1 
Call Trace: 
 [<ffffffff81503dff>] ? panic+0xa0/0x168 
 [<ffffffff81070eb2>] ? do_exit+0x862/0x870 
 [<ffffffff8117f365>] ? fput+0x25/0x30 
 [<ffffffff81070f18>] ? do_group_exit+0x58/0xd0 
 [<ffffffff81070fa7>] ? sys_exit_group+0x17/0x20 
 [<ffffffff8100b0f2>] ? system_call_fastpath+0x16/0x1b 

This was also seen on a different RHEL6.4 install attempt in sys.log:

17:09:46,735 INFO kernel:semodule[2533]: segfault at 1246c7e2cba ip 00007f19c450b6e1 sp 00007fff7baad210 error 4 in libsepol.so.1[7f19c44fe000+3b000]
17:13:16,604 INFO kernel:yum[10816]: segfault at 19619ec54b7 ip 00007f6d99cb6629 sp 00007fff2375c780 error 4 in libpython2.6.so.1.0[7f6d99bab000+171000]
Comment 3 Harald Hoyer 2012-09-20 05:20:32 EDT
(In reply to comment #2)
> Any word on this one?
> 
> Here's a little more info from the failure I saw:
> 
> Kernel panic - not syncing: Attempted to kill init! 
> Pid: 1, comm: init Not tainted 2.6.32-306.el6.x86_64 #1 
> Call Trace: 
>  [<ffffffff81503dff>] ? panic+0xa0/0x168 
>  [<ffffffff81070eb2>] ? do_exit+0x862/0x870 
>  [<ffffffff8117f365>] ? fput+0x25/0x30 
>  [<ffffffff81070f18>] ? do_group_exit+0x58/0xd0 
>  [<ffffffff81070fa7>] ? sys_exit_group+0x17/0x20 
>  [<ffffffff8100b0f2>] ? system_call_fastpath+0x16/0x1b 


This happens, when dracut (process 1) stops. In this case because of:
dracut Warning: dracut: FATAL: Initial SELinux policy load failed. Machine in enforcing mode. To disable selinux, add selinux=0 to the kernel command line. 
dracut Warning: dracut: Refusing to continue

> 
> This was also seen on a different RHEL6.4 install attempt in sys.log:
> 
> 17:09:46,735 INFO kernel:semodule[2533]: segfault at 1246c7e2cba ip
> 00007f19c450b6e1 sp 00007fff7baad210 error 4 in
> libsepol.so.1[7f19c44fe000+3b000]
> 17:13:16,604 INFO kernel:yum[10816]: segfault at 19619ec54b7 ip
> 00007f6d99cb6629 sp 00007fff2375c780 error 4 in
> libpython2.6.so.1.0[7f6d99bab000+171000]

Well, seems like selinux is broken! Dracut cannot do anything about it.
Comment 4 Daniel Walsh 2012-09-26 17:12:03 EDT
Is selinux-policy package installed?
Comment 5 Scott Poore 2012-10-04 15:16:59 EDT
I'm guessing it was included in the image used for that phase of the kickstart boot/build.  I guess I don't know that for sure though.

This may be resolved now though.  I was able to successfully build a RHEL6.4 test with the latest build and it seems fine.
Comment 6 EricLee 2013-05-29 02:35:19 EDT
Hi All,

I got the same error when I install VMs, the strange thing is that: I use the same profile to install two guests which with different disk format(one is qcow2, the other one is raw), only raw format disk will get the error after installed and can not boot up normally. Please see the attachment.

Can somebody tell me what's the problem?

Thanks,
Ericlee
Comment 7 EricLee 2013-05-29 02:36:33 EDT
Created attachment 754199 [details]
print screen
Comment 8 Salim Talamas 2014-05-14 12:43:07 EDT
We also had experienced the same issue as noted above on rhel 6.4.  To resolve the issue we did the following:

Problem: after disabling selinux, we encountered the following kernel panic -not syncing: Attempting to kill init!

Solution: 
Step1 - boot into rescue mode via rhel ISO image
Step2: navigate to the filesystem: /mnt/sysimage/etc/selinux/config 
Step3 - modify selinux=0 then reboot
Step4 - boot normally to rhel OS
Step5 - from CLI getenforce will display "Permissive"
Step6 - navigate to /etc/selinux/config and modify selinux=disabled
Step7 - reboot normally to rhel OS. Kernel panic should not occur
Step 8 - confirm getenforce displays "Disabled"

Note You need to log in before you can comment on or make changes to this bug.