mkinitrd problems - 2 slightly different ones...
Colin Walters
walters at redhat.com
Tue Apr 20 03:12:29 UTC 2004
On Mon, 2004-04-19 at 22:50, Valdis.Kletnieks at vt.edu wrote:
> Running the fedora-devel code as of 0419.. hitting some issues
> with installing a new kernel due to mkinitrd failing.
>
> System has 1 disk, using LVM for the root filesystem - the bigger error seems
> to be LVM-specific (looks like bootloader_t needs to be able to do stuff
> with lvm_exec_t and lvm_etc_t).
I don't think anyone here has really messed seriously with SELinux and
LVM yet. Looks like you are the lucky winner :)
> rm: remove.c:378: AD_pop_and_chdir: Assertion `AD_stack_height (ds)' failed.
Nice. I think many applications were written with the idea that they
would always have permissions to the current working directory.
> How did I cause that? I was stupidly still cd'ed into /etc/security/selinux/src/policy at the time. ;)
Yeah.
> Apr 19 22:36:44 orange kernel: audit(1082428604.698:0): avc: denied { execute } for pid=15696 exe=/bin/bash name=dmsetup dev=dm-0 ino=65548 scontext=root:sysadm_r:bootloader_t tcontext=system_u:object_r:lvm_exec_t tclass=file
> Apr 19 22:36:44 orange kernel: audit(1082428604.698:0): avc: denied { read } for pid=15696 exe=/bin/bash name=dmsetup dev=dm-0 ino=65548 scontext=root:sysadm_r:bootloader_t tcontext=system_u:object_r:lvm_exec_t tclass=file
> Apr 19 22:36:44 orange kernel: audit(1082428604.729:0): avc: denied { execute } for pid=15711 exe=/bin/bash name=ls dev=dm-0 ino=16424 scontext=root:sysadm_r:bootloader_t tcontext=system_u:object_r:ls_exec_t tclass=file
> Apr 19 22:36:44 orange kernel: audit(1082428604.729:0): avc: denied { read } for pid=15711 exe=/bin/bash name=ls dev=dm-0 ino=16424 scontext=root:sysadm_r:bootloader_t tcontext=system_u:object_r:ls_exec_t tclass=file
> Apr 19 22:36:46 orange kernel: SELinux: initialized (dev loop0, type ext2), uses xattr
> Apr 19 22:36:47 orange kernel: audit(1082428607.002:0): avc: denied { read } for pid=15834 exe=/bin/cp name=lvm.static dev=dm-0 ino=72206 scontext=root:sysadm_r:bootloader_t tcontext=system_u:object_r:lvm_exec_t tclass=file
> Apr 19 22:36:47 orange kernel: audit(1082428607.007:0): avc: denied { read } for pid=15835 exe=/bin/cp name=lvm.conf dev=dm-0 ino=82396 scontext=root:sysadm_r:bootloader_t tcontext=system_u:object_r:lvm_etc_t tclass=file
I added stuff to try to fix this into policy, will be in the next
upload. Patch attached, let me know if it works for you...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lvm.patch
Type: text/x-patch
Size: 872 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20040419/96f2628f/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20040419/96f2628f/attachment.sig>
More information about the fedora-selinux-list
mailing list