955758 – systemd-readahead: failed to create shared memory segment

Bug 955758 - systemd-readahead: failed to create shared memory segment

Summary: systemd-readahead: failed to create shared memory segment

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	19
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-04-23 18:08 UTC by Zbigniew Jędrzejewski-Szmek
Modified:	2013-05-30 03:32 UTC (History)
CC List:	5 users (show)
Fixed In Version:	selinux-policy-3.12.1-47.fc19
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-05-30 03:32:51 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Zbigniew Jędrzejewski-Szmek 2013-04-23 18:08:40 UTC

Description of problem:
readhead does not gather data because of a selinux denial.

Apr 23 21:13:48 fedora kernel: type=1404 audit(1366766027.362:2): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295
Apr 23 21:13:48 fedora kernel: SELinux: 2048 avtab hash slots, 96919 rules.
Apr 23 21:13:48 fedora kernel: SELinux: 2048 avtab hash slots, 96919 rules.
Apr 23 21:13:48 fedora kernel: SELinux:  8 users, 82 roles, 4428 types, 249 bools, 1 sens, 1024 cats
Apr 23 21:13:48 fedora kernel: SELinux:  83 classes, 96919 rules
Apr 23 21:13:48 fedora kernel: SELinux:  Completing initialization.
Apr 23 21:13:48 fedora kernel: SELinux:  Setting up existing superblocks.
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev bdev, type bdev), uses genfs_contexts
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev proc, type proc), uses genfs_contexts
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev devtmpfs, type devtmpfs), uses transition SIDs
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev sockfs, type sockfs), uses task SIDs
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev debugfs, type debugfs), uses genfs_contexts
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev pipefs, type pipefs), uses task SIDs
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev anon_inodefs, type anon_inodefs), uses genfs_contexts
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev devpts, type devpts), uses transition SIDs
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev hugetlbfs, type hugetlbfs), uses transition SIDs
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev mqueue, type mqueue), uses transition SIDs
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev selinuxfs, type selinuxfs), uses genfs_contexts
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev securityfs, type securityfs), uses genfs_contexts
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev cgroup, type cgroup), uses genfs_contexts
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev pstore, type pstore), uses genfs_contexts
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev cgroup, type cgroup), uses genfs_contexts
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev cgroup, type cgroup), uses genfs_contexts
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev cgroup, type cgroup), uses genfs_contexts
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev cgroup, type cgroup), uses genfs_contexts
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev cgroup, type cgroup), uses genfs_contexts
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev cgroup, type cgroup), uses genfs_contexts
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev cgroup, type cgroup), uses genfs_contexts
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev cgroup, type cgroup), uses genfs_contexts
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev dm-1, type ext4), uses xattr
Apr 23 21:13:48 fedora kernel: type=1403 audit(1366766027.814:3): policy loaded auid=4294967295 ses=4294967295
Apr 23 21:13:48 fedora systemd[1]: Successfully loaded SELinux policy in 463.374ms.
Apr 23 21:13:48 fedora systemd[1]: Relabelled /dev and /run in 28.184ms.
Apr 23 21:13:48 fedora LVM: Logical Volume autoactivation enabled.
Apr 23 21:13:48 fedora LVM: Activation generator successfully completed.
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev autofs, type autofs), uses genfs_contexts
Apr 23 21:13:48 fedora systemd-readahead[392]: Failed to create /run/systemd: Permission denied
Apr 23 21:13:48 fedora systemd-readahead[392]: Failed to create shared memory segment: No such file or directory
Apr 23 21:13:48 fedora systemd-readahead[391]: Failed to create /run/systemd: Permission denied
Apr 23 21:13:48 fedora systemd-readahead[391]: Failed to create shared memory segment: No such file or directory
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev autofs, type autofs), uses genfs_contexts
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev hugetlbfs, type hugetlbfs), uses transition SIDs
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
Apr 23 21:13:48 fedora kernel: SELinux: initialized (dev configfs, type configfs), uses genfs_contexts

(Messages about permission denied are from a line I added myself to see what's going on.
I'll push the patch to systemd later on.)


Version-Release number of selected component (if applicable):
In general this is an up-to-date Fedora 19.

systemd is compiled from git.

Apr 23 21:13:41 fedora systemd[1]: systemd 202 running in system mode. (+PAM -LIBWRAP +AUDIT +SELINUX +IMA +SYSVINIT -LIBCRYPTSETUP +GCRYPT +ACL +XZ)
Apr 23 21:13:47 fedora systemd[1]: systemd 202 running in system mode. (+PAM -LIBWRAP +AUDIT +SELINUX +IMA +SYSVINIT -LIBCRYPTSETUP +GCRYPT +ACL +XZ)

selinux-policy-targeted-3.12.1-34.fc19.noarch
selinux-policy-3.12.1-34.fc19.noarch

How reproducible:
100%

Additional info:
% ls -lZd /run /run/systemd /run/systemd/readahead
drwxr-xr-x. root root system_u:object_r:var_run_t:s0   /run/
drwxr-xr-x. root root system_u:object_r:init_var_run_t:s0 /run/systemd/
drwxr-xr-x. root root system_u:object_r:readahead_var_run_t:s0 /run/systemd/readahead/

Comment 1 Daniel Walsh 2013-04-23 21:11:40 UTC

Avc messages?

Comment 2 Zbigniew Jędrzejewski-Szmek 2013-04-23 21:15:16 UTC

I don't see any AVC messages. Is it possible that they are not generated or logged because auditd is not yet running? auditd is initialized a while later, along with other services, while readahead is started already in the boot.

Comment 3 Zbigniew Jędrzejewski-Szmek 2013-04-23 21:20:12 UTC

Hm, after looking at it again, systemd probably might create /run/systemd by itself. It is convenient to create it in systemd-readahead, but I see that it might be inconvenient for selinux.

Comment 4 Miroslav Grepl 2013-04-24 12:08:26 UTC

# dmesg |grep avc

Comment 5 Zbigniew Jędrzejewski-Szmek 2013-04-24 12:41:30 UTC

# dmesg |grep avc
nada

Hm, I'll reboot with selinux=0 when I have acccess to the machine and see what happens.

Comment 6 Heiko Adams 2013-05-11 04:55:40 UTC

Any progress on this issue?

Comment 7 Heiko Adams 2013-05-11 09:11:39 UTC

Same problem here:
[    9.887300] systemd-readahead[267]: Failed to create /run/systemd: Permission denied
[    9.887311] systemd-readahead[267]: Failed to create shared memory segment: No such file or directory
[    9.887495] systemd-readahead[266]: Failed to create /run/systemd: Permission denied
[    9.887506] systemd-readahead[266]: Failed to create shared memory segment: No such file or directory

Comment 8 Daniel Walsh 2013-05-11 10:21:34 UTC

a1cf4f67ed46cabfb111b287577be0c9b71e0672 fixes this in git.

Comment 9 Fedora Update System 2013-05-29 14:18:48 UTC

selinux-policy-3.12.1-47.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-47.fc19

Comment 10 Fedora Update System 2013-05-29 17:45:37 UTC

Package selinux-policy-3.12.1-47.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-47.fc19'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-9565/selinux-policy-3.12.1-47.fc19
then log in and leave karma (feedback).

Comment 11 Fedora Update System 2013-05-30 03:32:51 UTC

selinux-policy-3.12.1-47.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.