udev slowness and selinux
Daniel J Walsh
dwalsh at redhat.com
Fri Dec 2 22:50:37 UTC 2005
Gene C. wrote:
> On Friday 02 December 2005 14:20, Nicolas Mailhot wrote:
>> Le vendredi 02 décembre 2005 à 14:17 -0500, Stephen Smalley a écrit :
>>> It isn't the number of nodes in /dev; it is the number of entries in
>>> file_contexts. And the slowdown should be improved/eliminated with
>>> recent changes in libselinux (1.27.28); let us know if it isn't. There
>>> are two changes in libselinux, one of which will have immediate benefit
>>> without requiring any changes to udev, and the other of which requires a
>>> small change to udev to take advantage of.
>> BTW today's rawhide segfaults on boot if run in enforcing mode
>> Adding selinux=false to the boot arguments rescues the system
> I also see a kernel panic after today's updates if selinux=enforcing
> Reboot selinux=false single
> and change to selinux=permissive gets things working again.
Yesterday's policy package wiped out the policy.20 file, on yum update.
We are no longer shipping policy.20 in the rpm, and the package post
install creates it. Problem is the previous version was shipped with
it and wipes it out on its post uninstall. Need to change the trigger
on policy package to recreate policy.20.
selinux-policy-*-2.0.7-3 fixes the problem. It is up on my people site
You can also do a
semoudle -B /usr/share/selinux/targeted/base.pp to recreate the
Do not reboot until you fix this or else init will crash because you
have no policy.
More information about the devel