Boot messages in 2.6.8-524

Russell Coker russell at coker.com.au
Sun Aug 22 11:36:14 UTC 2004


On Sun, 22 Aug 2004 04:49, Steve G <linux_4ever at yahoo.com> wrote:
> >rngd copies data from the hardware random number source to /dev/random
> > (the kernel random number source).  Without it /dev/random gets populated
> > by key-press intervals, network interrupt times, and other events which
> > may not be sufficiently random or common.
>
> Right. That's what bothers me.

It's not that bad.  Most machines have enough interrupts and a small enough 
demand for random numbers that this isn't an issue.

> >I believe that hotplug is spawned by kernel threads and can start before
> > init. The policy is loaded and SE Linux init is complete before init
> > starts running with full functionality (IE before rc.sysinit is run).
>
> Is that guaranteed or just happens to work out that way?

It is guaranteed in the current Fedora design that /sbin/init will not start 
operating in a normal manner until after the SE Linux policy is loaded.  In 
the past (before Fedora had SE Linux) things were different, and there could 
be a need to change things again in the future (although it's very unlikely).  
For the moment you can count on the SE Linux policy being loaded immediately 
after the initrd is complete.

> >> Aug 21 09:00:16 buildhost kernel: Adding 2096440k swap on /dev/sda5.
> >> Priority:-1 extents:1
> >> Aug 21 09:00:16 buildhost kernel: audit(1093093168.059:0): avc:  denied 
> >> { mounton } for  pid=1117 exe=/bin/mount path=/proc/sys/fs/binfmt_misc
> >> dev=proc ino=-268435430 scontext=user_u:system_r:unconfined_t
> >> tcontext=system_u:object_r:sysctl_t tclass=dir
> >> Aug 21 09:00:16 buildhost kernel: audit(1093093168.059:0): avc:  denied 
> >> { mounton } for  pid=1117 exe=/bin/mount path=/proc/sys/fs/binfmt_misc
> >> dev=proc ino=-268435430 scontext=user_u:system_r:unconfined_t
> >> tcontext=system_u:object_r:sysctl_t tclass=dir
> >
> >What script is calling this mount?  It's a bug in policy but I'd like to
> > get more info before making changes.
>
> I am using the targeted policy 1.15.16-2 and initscripts 7.62. This was
> right after the add swap file in /etc/rc.sysinit:

The attached patch will fix this, Steve, please put it in the CVS.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page
-------------- next part --------------
A non-text attachment was scrubbed...
Name: diff
Type: text/x-diff
Size: 348 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-test-list/attachments/20040822/4d813e5e/attachment.bin>


More information about the fedora-test-list mailing list