[FC3] kernel panic after selinux-policy-targeted update
Erik Hemdal
ehemdal at townisp.com
Wed Jun 29 00:53:35 UTC 2005
>>From: Ben Stringer <ben at burbong.com>
>>Subject: Re: [FC3] kernel panic after selinux-policy-targeted update
>>
>>
>>On Tue, 2005-06-28 at 17:15 +1000, Russell Coker wrote:
>>
>>
>>
>>>Until I get more detail on this (type of CPU, kernel version, etc)
>>>I'll conclude that it was a broken configuration.
>>>
>>>
>>Hi Russell,
>>
>>I got hit by this one. Some details:
>>
>>Dell Inspiron 8600 laptop, Centrino 1.6Ghz, running
>>2.6.11-1.27_FC3. An "everything" installation of FC3, kept
>>updated from fedora-updates and livna. Using the 2100
>>wireless NIC at the time.
>>
>>I did an update this afternoon, which included the selinux
>>policy update and the latest kernel (kernel-2.6.11-1.35_FC3).
>>During the yum update, things started breaking as the update
>>applied the new policies (eg. I couldn't use ssh from the
>>laptop to other hosts).
>>
>>When I tried to shutdown, I got many messages like this:
>>
>>Jun 28 18:56:00 ben8600 kernel: audit(1119948960.209:0): avc:
>> denied { execmod } for pid=13420 comm=mingetty
>>path=/lib/tls/libc-2.3.5.so
>>dev=hda11 ino=20455 scontext=user_u:system_r:unconfined_t
>>tcontext=system_u:object_r:lib_t tclass=file
>>
>>My only option was to power off the laptop. I then had to
>>boot with enforcing=0 (and a considerable amount of fscking)
>>to get back up.
>>
>>If there is any other information I can give you to help
>>reproduce this, let me know.
>>
>>Cheers, Ben
>>
>>
>>
>>
Similar results here:
Dell Latitude D600 Pentium 4M 1.4GHz
kernel 2.6.11-1.35_FC3 and all fedora-updates updates (no other repos)
Using a Broadcom 4306 (Dell TrueMobile 1450) wireless card
I too saw the avc errors (possibly others that I did not see). I did not
have the kernel panic, and while I got more errors on reboot, none
caused the system to lock up. Booting with enforcing=0 stopped the errors.
Executing
su -
rpm -ev selinux-policy-targeted selinux-policy-targeted-sources
rm -fR /etc/selinux/targeted/
yum install selinux-policy-targeted-1.17.30-3.9.noarch
selinux-policy-targeted-sources-1.17.30-3.9.noarch
touch /.autorelabel
and a reboot cleared all the errors. Let me know if more information can
help.
Erik
More information about the fedora-list
mailing list