kernel panic related to SELinux for dec 2nd

Jim Cornette fct-cornette at insight.rr.com
Mon Dec 5 23:08:40 UTC 2005 

Daniel J Walsh wrote:
> Jim Cornette wrote:
> 
>> Gene C. wrote:
>>
>>> On Saturday 03 December 2005 23:19, Jim Cornette wrote:
>>>
>>>> I did not see any bug reports for a kernel panic that I experienced
>>>> today. The problem seems to be related to SELinux and an improperly
>>>> labeled filesystem. Am I the only one who ha this happen?
>>>>
>>>> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174919
>>>>
>>>> Jim
>>>>
>>>> PS - The problem with yum clean all bit me also. Reading the list 
>>>> helped
>>>>  working around that problem.
>>>
>>>
>>>
>>> No, you are not unique with the kernel panic.  The problem was 
>>> answered quickly on the fedora-devel mailing list.  The basic problem 
>>> is that the last selinux-policy-targeted updated removed athe binary 
>>> policy so there is NO policy for the kernel.  See 
>>> https://www.redhat.com/archives/fedora-devel-list/2005-December/msg00096.html 
>>> for description and fix.
>>
>>
>> Thanks!
>>
>> Excerpt from message above.
>>
>>> You can also do a
>>>
>>> semoudle -B /usr/share/selinux/targeted/base.pp to recreate the 
>>> policy.20 file.
>>
>>
>> Never heard of semoudle before. Will have to check into.
>>
>>>
>>> Do not reboot until you fix this or else init will crash because you 
>>> have no policy.
>>
>>
>> How is one to know the policy was removed until you reboot?
>> I'll update my bug report with a reference to the post from development.
>>
>> Jim.
>>
> Looks like we need a fflush on the error message to make sure it goes to 
> the screen.  This is obviously a serious error and should not happen on 
> an update.  We are investigating putting the machine into single user 
> mode, if this happens, to allow the user to cleanup.
> 

Dropping one to single user mode on a reboot would be fine if the 
computer would not come to life on the next boot otherwise.
Dropping one to single user mode when one could be compiling packages, 
downloading large files and the like would yield a lot of problems on 
the system and processes.
Regarding the error encountered during update. when the failure occurs, 
  prompt for applicable choices, (dropping to single user or wait for 
next boot) should be presented.
Personally, I would not mind for my system to do a complete relabeling 
of the filesystem on the next boot or drop to single user mode, run 
semodule <parameters> followed by putting the computer back into 
operational mode (runlevel 3 or 5). I realize since some elements of 
SELinux are loaded and controlled by the kernel during initialization, 
rebooting the computer to ensure proper SELinux system protection would 
not upset me.

Jim

More information about the fedora-test-list mailing list