udev slowness and selinux

Tom London selinux at gmail.com
Sat Dec 3 00:30:02 UTC 2005 

On 12/2/05, Daniel J Walsh <dwalsh at redhat.com> wrote:
> Gene C. wrote:
> > On Friday 02 December 2005 14:20, Nicolas Mailhot wrote:
> >
> >> Le vendredi 02 décembre 2005 à 14:17 -0500, Stephen Smalley a écrit :
> >>
> >>> It isn't the number of nodes in /dev; it is the number of entries in
> >>> file_contexts.  And the slowdown should be improved/eliminated with
> >>> recent changes in libselinux (1.27.28); let us know if it isn't.  There
> >>> are two changes in libselinux, one of which will have immediate benefit
> >>> without requiring any changes to udev, and the other of which requires a
> >>> small change to udev to take advantage of.
> >>>
> >> BTW today's rawhide segfaults on boot if run in enforcing mode
> >>
> >> checkpolicy-1.27.19-1
> >> selinux-policy-targeted-2.0.7-2
> >> audit-1.1.1-1
> >> audit-libs-1.1.1-1
> >> audit-libs-1.1.1-1
> >> libselinux-1.27.28-1
> >> libselinux-1.27.28-1
> >> libsepol-1.9.41-1
> >> libsepol-1.9.41-1
> >> libsemanage-1.3.61-1
> >>
> >> Adding selinux=false to the boot arguments rescues the system
> >>
> >
> > I also see a kernel panic after today's updates if selinux=enforcing
> >
> > Reboot selinux=false single
> > and change to selinux=permissive gets things working again.
> >
> Yesterday's policy package wiped out the policy.20 file, on yum update.
> We are no longer shipping policy.20 in the rpm, and the package post
> install creates it.    Problem is the previous version was shipped with
> it and wipes it out on its post uninstall.  Need to change the trigger
> on policy package to recreate policy.20.
>
> selinux-policy-*-2.0.7-3 fixes the problem.  It is up on my people site
> ftp://people.redhat.com/dwalsh/SELinux/Fedora
>
> You can also do a
> semoudle -B /usr/share/selinux/targeted/base.pp to recreate the
> policy.20 file.
>
> Do not reboot until you fix this or else init will crash because you
> have no policy.
>
> --
No joy?

[root at tlondon Downloads]# rpm -Uvh selinux-policy-targeted-2.0.8-1.noarch.rpm
Preparing...                ########################################### [100%]
   1:selinux-policy-targeted########################################### [100%]
libsepol.sepol_genbools_array: boolean allow_write_xshm no longer in policy
libsepol.sepol_genbools_array: boolean i18n_input_disable_trans no
longer in policy
libsepol.sepol_genbools_array: boolean mail_readhome no longer in policy
libsepol.sepol_genbools_array: boolean mail_writehome no longer in policy
libsepol.sepol_genbools_array: boolean pppd_for_user no longer in policy
libsepol.sepol_genbools_array: boolean system_dbusd_disable_trans no
longer in policy
/usr/sbin/load_policy:  Can't load policy:  Invalid argument
libsemanage.semanage_reload_policy: load_policy returned error code 2.
libsepol.sepol_genbools_array: boolean allow_write_xshm no longer in policy
libsepol.sepol_genbools_array: boolean i18n_input_disable_trans no
longer in policy
libsepol.sepol_genbools_array: boolean mail_readhome no longer in policy
libsepol.sepol_genbools_array: boolean mail_writehome no longer in policy
libsepol.sepol_genbools_array: boolean pppd_for_user no longer in policy
libsepol.sepol_genbools_array: boolean system_dbusd_disable_trans no
longer in policy
/usr/sbin/load_policy:  Can't load policy:  Invalid argument
libsemanage.semanage_reload_policy: load_policy returned error code 2.
Failed!
libsepol.sepol_genbools_array: boolean allow_write_xshm no longer in policy
libsepol.sepol_genbools_array: boolean i18n_input_disable_trans no
longer in policy
libsepol.sepol_genbools_array: boolean mail_readhome no longer in policy
libsepol.sepol_genbools_array: boolean mail_writehome no longer in policy
libsepol.sepol_genbools_array: boolean pppd_for_user no longer in policy
libsepol.sepol_genbools_array: boolean system_dbusd_disable_trans no
longer in policy
/usr/sbin/load_policy:  Can't load policy:  Invalid argument
libsemanage.semanage_reload_policy: load_policy returned error code 2.
libsepol.sepol_genbools_array: boolean allow_write_xshm no longer in policy
libsepol.sepol_genbools_array: boolean i18n_input_disable_trans no
longer in policy
libsepol.sepol_genbools_array: boolean mail_readhome no longer in policy
libsepol.sepol_genbools_array: boolean mail_writehome no longer in policy
libsepol.sepol_genbools_array: boolean pppd_for_user no longer in policy
libsepol.sepol_genbools_array: boolean system_dbusd_disable_trans no
longer in policy
/usr/sbin/load_policy:  Can't load policy:  Invalid argument
libsemanage.semanage_reload_policy: load_policy returned error code 2.
Failed!


--
Tom London

More information about the devel mailing list