udev slowness and selinux

[Daniel J Walsh]

Gene C. wrote:
> On Friday 02 December 2005 14:20, Nicolas Mailhot wrote:
>   
>> Le vendredi 02 décembre 2005 à 14:17 -0500, Stephen Smalley a écrit :
>>     
>>> It isn't the number of nodes in /dev; it is the number of entries in
>>> file_contexts.  And the slowdown should be improved/eliminated with
>>> recent changes in libselinux (1.27.28); let us know if it isn't.  There
>>> are two changes in libselinux, one of which will have immediate benefit
>>> without requiring any changes to udev, and the other of which requires a
>>> small change to udev to take advantage of.
>>>       
>> BTW today's rawhide segfaults on boot if run in enforcing mode
>>
>> checkpolicy-1.27.19-1
>> selinux-policy-targeted-2.0.7-2
>> audit-1.1.1-1
>> audit-libs-1.1.1-1
>> audit-libs-1.1.1-1
>> libselinux-1.27.28-1
>> libselinux-1.27.28-1
>> libsepol-1.9.41-1
>> libsepol-1.9.41-1
>> libsemanage-1.3.61-1
>>
>> Adding selinux=false to the boot arguments rescues the system
>>     
>
> I also see a kernel panic after today's updates if selinux=enforcing
>
> Reboot selinux=false single
> and change to selinux=permissive gets things working again.
>   
Yesterday's policy package wiped out the policy.20 file, on yum update.  
We are no longer shipping policy.20 in the rpm, and the package post 
install creates it.    Problem is the previous version was shipped with 
it and wipes it out on its post uninstall.  Need to change the trigger 
on policy package to recreate policy.20.

selinux-policy-*-2.0.7-3 fixes the problem.  It is up on my people site  
ftp://people.redhat.com/dwalsh/SELinux/Fedora

You can also do a
semoudle -B /usr/share/selinux/targeted/base.pp to recreate the 
policy.20 file.

Do not reboot until you fix this or else init will crash because you 
have no policy.

--