[FC3] kernel panic after selinux-policy-targeted update
Oleg Makarenko
mole at quadra.ru
Tue Jun 28 20:10:21 UTC 2005
Stephen Smalley wrote:
>On Tue, 2005-06-28 at 13:46 -0400, Chuck Anderson wrote:
>
>
>>I updated the bz ticket #161867. All the systems I had this problem
>>with were running 2.6.11-1.27_FC3 at the time the update was done.
>>The systems running 2.6.11-1.35_FC3 didn't experience the problem. So
>>it does appear that the problem is the older kernel and the newer
>>policy.
>>
>>
>
>Hmmm...interesting, since AFAIK, the SELinux code didn't change between
>those two kernels, and FC3 kernel has no SELinux-related patches in it
>(it just uses the upstream code). Side effect of another patch in the
>FC3 kernel?
>
>
>
Just to add more confusion... or probably give some hints to somebody...
I have the same problem on _both_ 1.27_FC3 and 1.35_FC3 kernels.
On 1.35_FC3 machine (remote 2 Xeon x686 server) sshd and mingetty were
broken after the recent policy update.
I rebooted it with enforcing=0 (using remote console) and then
make -W users reload
(I have policy sources installed on the machine)
Everything works fine since then with
selinux-policy-targeted-1.17.30-3.13 and kernel-smp-2.6.11-1.35_FC3. My
policy sources have very minor changes in apache.te and mysqld.te files
only. Some http related booleans are also different... May be the binary
policy in the package is broken?
On my home 1.27_FC3 machine I have just updated the policy and have not
rebooted yet. Just after the update a lot of things are broken. For
example I am unable to start a new (gnome-)terminal etc etc
setenforce 0 in the root's window (that I happen to run yum from) helps.
Now I am able to start new non root's terminal and mozilla to write this
e-mail :)
If I then do setenforce 1 and try to ls I get:
[oleg at mole ~]$ ls
ls: error while loading shared libraries: /lib/tls/librt.so.1: cannot
apply additional memory protection after relocation: Permission denied
and in /var/log/messages I see
Jun 28 23:42:01 localhost kernel: audit(1119987721.476:0): avc: denied
{ execmod } for pid=5873 comm=ls path=/lib/tls/librt-2.3.5.so dev=hda3
ino=16719 scontext=user_u:system_r:unconfined_t
tcontext=system_u:object_r:lib_t tclass=file
when I try to run ssh I get:
[oleg at mole ~]$ ssh localhost
ssh: error while loading shared libraries: /lib/libdl.so.2: cannot apply
additional memory protection after relocation: Permission denied
and
Jun 28 23:44:29 localhost kernel: audit(1119987869.572:0): avc: denied
{ execmod } for pid=5882 comm=ssh path=/lib/libdl-2.3.5.so dev=hda3
ino=2052530 scontext=user_u:system_r:unconfined_t
tcontext=system_u:object_r:lib_t tclass=file
in the root's terminal everything works fine even with setenforcing 1
hope this information may be useful.
=oleg
More information about the fedora-selinux-list
mailing list