On Tuesday 28 June 2005 00:56, Stephen Smalley <sds(a)tycho.nsa.gov> wrote:
> Now I cannot boot into FC3 at all (I'm posting this from
Windows). This
> is the error I get:
>
> audit(1119882959.657:0): avc: denied { execmod } for pid=1 comm=init
> path=/lib/tls/libc-2.3.5.so dev=hda3 ino=2638668
> scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:shlib_t
> tclass=file
> /sbin/init: error while loading shared libraries : /lib/tls/libc.so.6:
> cannot apply additional memory protection after relocation: Permission
> denied
> Kernel panic - not syncing: Attempted to kill init!
What is your hardware? ppc32 by any chance? execmod has to be allowed
to all file types on that platform (or, as in kernel 2.6.12, the check
has to be disabled completely for ppc32).
/usr/sbin/getsebool allow_execmod shows what?
I've just tried reproducing this on a P4-1.5GHz machine specifically installed
for the purpose.
I upgraded to all the latest packages including kernel-2.6.11-1.35_FC3 and
selinux-policy-targeted-sources-1.17.30-3.13. Things worked fine.
Until I get more detail on this (type of CPU, kernel version, etc) I'll
conclude that it was a broken configuration.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161867
The above bugzilla has a similar bug report, I've closed it with WORKSFORME.
The person who reported it can reopen the bug if they have more information
that may allow me to reproduce the bug.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page