help with Kernel panic after update

Steven Knight knight at
Wed Jun 15 02:10:31 UTC 2005


Yesterday afternoon, my home FC3 system took a power hit (not
unusual, unfortunately).  Nothing seemed particularly amiss, it
came back up on its own (while I was still at work) and I reconnected
and used it for several hours without noticing anything unsual.
This is probably unrelated to what follows, but I mention it just
in case it's not.

Upon arriving home, I logged back in on my desktop and noticed my
Red Hat update icon on the top taskbar was red and pulsing.  I went
ahead and su'ed up and fired up "yum update".  It asked for permission
to update about 17 packages (I noticed GAIM on the list, but otherwise
didn't pay much attention), but being used to reliable updates before,
I went ahead and installed all of them without a second thought.

First sign of trouble:  I could no longer ls, df, or do just about
anything.  Error messages were complaining about "Permission denied"
for /lib/tls/ (and possibly other libraries), even when I
tried to do anything from my su shell.

Figuring (naively) that I had some kind of package version skew, I
(naively) tried rebooting to see if that would clear things up.
Bad, hasty decision:  I now get an immediate kernel panic as follows
(modulo typos from transcribing the information by hand):

    Uncompressing Linux... Ok, booting the kernel.
    ACPI: BIOS age (1999) fails cutoff (2001, acpi=force is required to enable ACPI
    audit(1118711202.065:0): initialized
    Red Hat nash version 4.1.18 starting
    audit(1118711209.899:0): avc:  denied { execmod } for pid=1 comm=init path=/lib/tls/ dev=hdd2 ino=528350 scontext=user_u:system_r:unconfined_t tcontext=root:object_r:filet tcall=file
    /sbin/init: error while loading shared libraries: /lib/tls/ cannot apply additional memory protection after relocation: Permission denied
    Kernel panic - not syncing: Attempted to kill init!

After poking around, I figured out that this permission error was
connected to selinux. My guess is that selinux-policy-target might
have been part of the updates I installed, but like I said,
I wasn't paying attention.  (Note that I installed the selinux
RPM(s) by default when I first installed FC, but I've never bothered
to really understand or do anything with them, so don't presume
any coherent administrative behavior on my part.)

Some additional searches pointed me to /sbin/fixfiles, and the idea
that relabelling might be necessary.  So I tried booting up on
Knoppix and mounting my filesystems in their usual configuration
relative to each other.  I then chroot'ed to the root of my
reconstructed file systems and ran "fixfiles relabel".  This seemed
to relabel a bunch of stuff, but it wouldn't relabel anything on
my root partition, claiming that was mounted read-only.  (It wasn't
relative to Knoppix, so I think that's an artifact of chroot

Interestingly enough, the /lib/tls/ file mentioned in the
error message never showed up as a file that fixfiles tried to

I tried rebooting anyway with the same panic as above.

Since I'm not actually "doing anything" with selinux, I'd be fine
with completely disabling it and/or removing it from my system, but
I can't even figure out how to get to the point of being able to
do that.  How can I either work the right magic to label the above
file appropriate and/or get past this panic, or else just disable/remove
selinux so I can get going again?



More information about the fedora-selinux-list mailing list