Boot messages in 2.6.8-524
Steve G
linux_4ever at yahoo.com
Sat Aug 21 14:08:50 UTC 2004
Hi,
I just got yesterday's updates compiled and installed. Upon first boot, I got a
message like this:
Mounting local filesystem
Can't open RNG file /dev/hw_random no such file or directory
enable swap...
I haven't seen this before. I traced the message string to /sbin/rngd. Is this
error something that we should worry about? Something wanted a random number and
it aint gonna get it.
This prompted me to look deeper into the boot messages since there's a lot of new
changes regarding kudzu, hal, dbus, and the kernel. The issues I found will be
listed in the sequence they appeared in my logs:
Aug 21 09:00:13 buildhost kernel: SELinux: Initializing.
Aug 21 09:00:13 buildhost kernel: SELinux: Starting in permissive mode
Aug 21 09:00:13 buildhost kernel: There is already a security framework
initialized, register_security failed.
Aug 21 09:00:13 buildhost kernel: selinux_register_security: Registering
secondary module capability
Aug 21 09:00:13 buildhost kernel: Capability LSM initialized as secondary
OK, why did selinux fail registering?
Aug 21 09:00:14 buildhost kernel: ksign: Installing public key data
Aug 21 09:00:14 buildhost kernel: Loading keyring
Aug 21 09:00:14 buildhost kernel: - Added public key D9E600F29CF41CA4
Aug 21 09:00:14 buildhost kernel: - User ID: Red Hat, Inc. (Kernel Module GPG
key)
Aug 21 09:00:14 buildhost kernel: ksign: invalid packet (ctb=00)
Aug 21 09:00:14 buildhost kernel: Unable to load default keyring: error=74
Why is there an invalid packet and why did the keyring fail to load?
Aug 21 09:00:15 buildhost kernel: md: md driver 0.90.0 MAX_MD_DEVS=256,
MD_SB_DISKS=27
Aug 21 09:00:15 buildhost hal.hotplug[1684]: error sending message to hald
Aug 21 09:00:15 buildhost kernel: NET: Registered protocol family 2
Aug 21 09:00:15 buildhost kernel: IP: routing cache hash table of 2048 buckets,
64Kbytes
Aug 21 09:00:15 buildhost kernel: TCP: Hash tables configured (established 262144
bind 37449)
Hmmm something failed to send a message to hald. What was the dbus & hald boot
priority?
Aug 21 09:00:16 buildhost kernel: security: 3 users, 4 roles, 251 types, 12
bools
Aug 21 09:00:16 buildhost kernel: security: 53 classes, 3895 rules
Aug 21 09:00:16 buildhost kernel: SELinux: Completing initialization.
SE Linux is just now finishing its init? Why have other daemons and SE Linux
applications been running? Is there a synchonization barrier that stops any SE
Linux aware application from running until the whole rule set is finished
loading? Is there a window of opportunity that a malicious application could run
before SE Linux has done its thing? Like maybe disable SE Linux?
Aug 21 09:00:16 buildhost kernel: Adding 2096440k swap on /dev/sda5. Priority:-1
extents:1
Aug 21 09:00:16 buildhost kernel: audit(1093093168.059:0): avc: denied {
mounton } for pid=1117 exe=/bin/mount path=/proc/sys/fs/binfmt_misc dev=proc
ino=-268435430 scontext=user_u:system_r:unconfined_t
tcontext=system_u:object_r:sysctl_t tclass=dir
Aug 21 09:00:16 buildhost kernel: audit(1093093168.059:0): avc: denied {
mounton } for pid=1117 exe=/bin/mount path=/proc/sys/fs/binfmt_misc dev=proc
ino=-268435430 scontext=user_u:system_r:unconfined_t
tcontext=system_u:object_r:sysctl_t tclass=dir
Yep, SE Linux is now active, starting to see avc's.
Aug 21 09:00:17 buildhost kernel: Attached scsi generic sg0 at scsi0, channel 0,
id 0, lun 0, type 0
Aug 21 09:00:17 buildhost kernel: kudzu: Using deprecated /dev/sg mechanism
instead of SG_IO on the actual device
Are there plans to fix kudzu not to use a deprecated mechanism?
Aug 21 09:00:18 buildhost crond: crond startup succeeded
Aug 21 09:00:18 buildhost anacron: anacron startup succeeded
Aug 21 09:00:19 buildhost messagebus: messagebus startup succeeded
Aug 21 09:00:19 buildhost haldaemon: haldaemon startup succeeded
OK, way down here at the very end haldaemon is active. Isn't this way late?
-Steve Grubb
_______________________________
Do you Yahoo!?
Win 1 of 4,000 free domain names from Yahoo! Enter now.
http://promotions.yahoo.com/goldrush
More information about the fedora-test-list
mailing list