help with Kernel panic after update
Bob Kashani
bobk at ocf.berkeley.edu
Wed Jun 15 04:49:10 UTC 2005
On Tue, 2005-06-14 at 22:10 -0400, Steven Knight wrote:
> Help!
>
> Yesterday afternoon, my home FC3 system took a power hit (not
> unusual, unfortunately). Nothing seemed particularly amiss, it
> came back up on its own (while I was still at work) and I reconnected
> and used it for several hours without noticing anything unsual.
> This is probably unrelated to what follows, but I mention it just
> in case it's not.
>
> Upon arriving home, I logged back in on my desktop and noticed my
> Red Hat update icon on the top taskbar was red and pulsing. I went
> ahead and su'ed up and fired up "yum update". It asked for permission
> to update about 17 packages (I noticed GAIM on the list, but otherwise
> didn't pay much attention), but being used to reliable updates before,
> I went ahead and installed all of them without a second thought.
>
> First sign of trouble: I could no longer ls, df, or do just about
> anything. Error messages were complaining about "Permission denied"
> for /lib/tls/libc.so.6 (and possibly other libraries), even when I
> tried to do anything from my su shell.
>
> Figuring (naively) that I had some kind of package version skew, I
> (naively) tried rebooting to see if that would clear things up.
> Bad, hasty decision: I now get an immediate kernel panic as follows
> (modulo typos from transcribing the information by hand):
>
> Uncompressing Linux... Ok, booting the kernel.
> ACPI: BIOS age (1999) fails cutoff (2001, acpi=force is required to enable ACPI
> audit(1118711202.065:0): initialized
> Red Hat nash version 4.1.18 starting
> audit(1118711209.899:0): avc: denied { execmod } for pid=1 comm=init path=/lib/tls/libc-2.3.5.so dev=hdd2 ino=528350 scontext=user_u:system_r:unconfined_t tcontext=root:object_r:filet tcall=file
> /sbin/init: error while loading shared libraries: /lib/tls/libc.so.6: cannot apply additional memory protection after relocation: Permission denied
> Kernel panic - not syncing: Attempted to kill init!
>
> After poking around, I figured out that this permission error was
> connected to selinux. My guess is that selinux-policy-target might
> have been part of the updates I installed, but like I said,
> I wasn't paying attention. (Note that I installed the selinux
> RPM(s) by default when I first installed FC, but I've never bothered
> to really understand or do anything with them, so don't presume
> any coherent administrative behavior on my part.)
>
> Some additional searches pointed me to /sbin/fixfiles, and the idea
> that relabelling might be necessary. So I tried booting up on
> Knoppix and mounting my filesystems in their usual configuration
> relative to each other. I then chroot'ed to the root of my
> reconstructed file systems and ran "fixfiles relabel". This seemed
> to relabel a bunch of stuff, but it wouldn't relabel anything on
> my root partition, claiming that was mounted read-only. (It wasn't
> relative to Knoppix, so I think that's an artifact of chroot
> behavior.)
>
> Interestingly enough, the /lib/tls/libc.so.6 file mentioned in the
> error message never showed up as a file that fixfiles tried to
> relabel.
>
> I tried rebooting anyway with the same panic as above.
>
> Since I'm not actually "doing anything" with selinux, I'd be fine
> with completely disabling it and/or removing it from my system, but
> I can't even figure out how to get to the point of being able to
> do that. How can I either work the right magic to label the above
> file appropriate and/or get past this panic, or else just disable/remove
> selinux so I can get going again?
You can use the rescue disc...just download and burn the iso and boot
it. Then at the commandline type "chroot /mnt/sysimage". It should allow
you to get back into your system. Then just turn selinux off
in /etc/selinux/config and reboot.
http://download.fedora.redhat.com/pub/fedora/linux/core/3/i386/iso/FC3-i386-rescuecd.iso
Once you get back into your system try Colin's advice:
setsebool -P allow_execmod=true
Hope this helps. :)
Bob
--
Bob Kashani
http://www.ocf.berkeley.edu/~bobk/garnome
More information about the fedora-selinux-list
mailing list