[FC3] kernel panic after selinux-policy-targeted update

Russell Coker russell at coker.com.au
Tue Jun 28 12:27:53 UTC 2005

On Tuesday 28 June 2005 22:07, Ben Stringer <ben at burbong.com> wrote:
> On Tue, 2005-06-28 at 17:15 +1000, Russell Coker wrote:
> > I've just tried reproducing this on a P4-1.5GHz machine specifically
> > installed for the purpose.
> >
> > I upgraded to all the latest packages including kernel-2.6.11-1.35_FC3
> > and selinux-policy-targeted-sources-1.17.30-3.13.  Things worked fine.

> Dell Inspiron 8600 laptop, Centrino 1.6Ghz, running 2.6.11-1.27_FC3. An
> "everything" installation of FC3, kept updated from fedora-updates and
> livna. Using the 2100 wireless NIC at the time.
> I did an update this afternoon, which included the selinux policy update
> and the latest kernel (kernel-2.6.11-1.35_FC3). During the yum update,
> things started breaking as the update applied the new policies (eg. I
> couldn't use ssh from the laptop to other hosts).

Did things work better after you had booted the new kernel?  Maybe the problem 
is a combination of new policy and slightly older kernel.

> When I tried to shutdown, I got many messages like this:
> Jun 28 18:56:00 ben8600 kernel: audit(1119948960.209:0): avc:  denied
> { execmod } for  pid=13420 comm=mingetty path=/lib/tls/libc-2.3.5.so
> dev=hda11 ino=20455 scontext=user_u:system_r:unconfined_t
> tcontext=system_u:object_r:lib_t tclass=file

That's an example of a .so file which is mis-labeled.

What version of glibc?  Mine is glibc-2.3.5-0.fc3.1.

> My only option was to power off the laptop. I then had to boot with
> enforcing=0 (and a considerable amount of fscking) to get back up.
> If there is any other information I can give you to help reproduce this,
> let me know.

What state is the machine in now?

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

More information about the fedora-selinux-list mailing list