[FC3] kernel panic after selinux-policy-targeted update

Ben Stringer ben at burbong.com
Tue Jun 28 13:11:56 UTC 2005

On Tue, 2005-06-28 at 22:27 +1000, Russell Coker wrote:
> >
> > I did an update this afternoon, which included the selinux policy update
> > and the latest kernel (kernel-2.6.11-1.35_FC3). During the yum update,
> > things started breaking as the update applied the new policies (eg. I
> > couldn't use ssh from the laptop to other hosts).
> Did things work better after you had booted the new kernel?  Maybe the problem 
> is a combination of new policy and slightly older kernel.

Still have not tried the new kernel yet. I will give this a go.

> > When I tried to shutdown, I got many messages like this:
> >
> > Jun 28 18:56:00 ben8600 kernel: audit(1119948960.209:0): avc:  denied
> > { execmod } for  pid=13420 comm=mingetty path=/lib/tls/libc-2.3.5.so
> > dev=hda11 ino=20455 scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:lib_t tclass=file
> That's an example of a .so file which is mis-labeled.
> What version of glibc?  Mine is glibc-2.3.5-0.fc3.1.

Mine is the same.

> > My only option was to power off the laptop. I then had to boot with
> > enforcing=0 (and a considerable amount of fscking) to get back up.
> >
> > If there is any other information I can give you to help reproduce this,
> > let me know.
> What state is the machine in now?

I have dropped back to the previous policy and relabelled, using these
steps, as posted here earlier today:

        rpm -ev selinux-policy-targeted selinux-policy-targeted-sources
        rm -fR /etc/selinux/targeted/
        rpm -ivh /var/cache/yum/updates-released/packages/selinux-
policy-targeted-1.17.30-3.9.noarch.rpm /var/cache/yum/updates-
        touch /.autorelabel

Everything seems to be back to normal. My next steps (when I can afford
the time of having the laptop unavailable) will be to boot into the new
kernel. still using the previous policy file, confirm all is good with
that, then re-apply the new policy update and see if the same problems

Cheers, Ben

More information about the fedora-selinux-list mailing list