Booting problems with kernel and selinux

Louis E Garcia II louisg00 at bellsouth.net
Fri Feb 3 09:57:09 UTC 2006 

On Fri, 2006-02-03 at 16:26 +1100, Russell Coker wrote:
> On Friday 03 February 2006 13:22, louisg00 at bellsouth.net wrote:
> > > touch /.autorelabel
> > > reboot
> >
> > I did a relabel but still having problems. This is what I get:
> 
> Did you boot with enforcing=0 for the relabel?  Sometimes mislabelling can 
> prevent the relabelling from occurring.
I relabeled in permissive mode and it went fine. Fixed a lot but not all
problems.

> > Feb  2 20:53:29 soncomputer kernel: audit(1138931589.627:32): avc:  denied 
> > { search } for  pid=2095 comm="avahi-daemon" name="/" dev=hda3 ino=2
> > scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:object_r:file_t:s0
> > tclass=dir Feb  2 20:53:30 soncomputer kernel: audit(1138931589.627:33):
> 
> What is /dev/hda3?  The root file system?  If the root directory is unlabeled 
> then things are seriously messed up and in need of a relabel.
/dev/hd3 is my root partition. After the relabel things quieted down. This is
the relevant entries during boot now. In enforcing mode the system was
unable to mount the /boot and /home partitions.

kernel: Security Framework v1.0.0 initialized
kernel: SELinux:  Initializing.
kernel: SELinux:  Starting in permissive mode
kernel: selinux_register_security:  Registering secondary module
capability
kernel: Capability LSM initialized as secondary

kernel: SELinux:  Registering netfilter hooks

kernel: security:  3 users, 6 roles, 1125 types, 132 bools, 1 sens, 256
cats
kernel: security:  55 classes, 37291 rules
kernel: SELinux:  Completing initialization.
kernel: SELinux:  Setting up existing superblocks.
kernel: SELinux: initialized (dev hda3, type ext3), uses xattr
kernel: inode_doinit_with_dentry:  context_to_sid(unlabeled) returned 22
for dev=hda3 ino=1562113
kernel: inode_doinit_with_dentry:  context_to_sid(unlabeled) returned 22
for dev=hda3 ino=618337
kernel: inode_doinit_with_dentry:  context_to_sid(unlabeled) returned 22
for dev=hda3 ino=585793
kernel: inode_doinit_with_dentry:  context_to_sid(unlabeled) returned 22
for dev=hda3 ino=1594657
kernel: SELinux: initialized (dev tmpfs, type tmpfs), uses transition
SIDs
kernel: SELinux: initialized (dev debugfs, type debugfs), uses
genfs_contexts
kernel: SELinux: initialized (dev selinuxfs, type selinuxfs), uses
genfs_contexts
kernel: SELinux: initialized (dev mqueue, type mqueue), uses transition
SIDs
kernel: SELinux: initialized (dev hugetlbfs, type hugetlbfs), uses
genfs_contexts
kernel: SELinux: initialized (dev devpts, type devpts), uses transition
SIDs
kernel: SELinux: initialized (dev eventpollfs, type eventpollfs), uses
genfs_contexts
kernel: SELinux: initialized (dev inotifyfs, type inotifyfs), uses
genfs_contexts
kernel: SELinux: initialized (dev tmpfs, type tmpfs), uses transition
SIDs
kernel: SELinux: initialized (dev futexfs, type futexfs), uses
genfs_contexts
kernel: SELinux: initialized (dev pipefs, type pipefs), uses task SIDs
kernel: SELinux: initialized (dev sockfs, type sockfs), uses task SIDs
kernel: SELinux: initialized (dev proc, type proc), uses genfs_contexts
kernel: SELinux: initialized (dev bdev, type bdev), uses genfs_contexts
kernel: SELinux: initialized (dev rootfs, type rootfs), uses
genfs_contexts
kernel: SELinux: initialized (dev sysfs, type sysfs), uses
genfs_contexts

kernel: inode_doinit_with_dentry:  context_to_sid(unlabeled) returned 22
for dev=hda3 ino=1050728

kernel: SELinux: initialized (dev usbfs, type usbfs), uses
genfs_contexts

kernel: SELinux: initialized (dev ramfs, type ramfs), uses
genfs_contexts

kernel: inode_doinit_with_dentry:  context_to_sid(unlabeled) returned 22
for dev=hda3 ino=195265
kernel: inode_doinit_with_dentry:  context_to_sid(unlabeled) returned 22
for dev=hda3 ino=683425
kernel: audit(1138958718.999:2): avc:  denied  { mounton } for  pid=1462
comm="mount" name="boot" dev=hda3 ino=195265
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
kernel: audit(1138958718.999:3): avc:  denied  { mounton } for  pid=1462
comm="mount" name="boot" dev=hda3 ino=195265
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
kernel: SELinux: initialized (dev tmpfs, type tmpfs), uses transition
SIDs
kernel: audit(1138958719.003:4): avc:  denied  { mounton } for  pid=1462
comm="mount" name="home" dev=hda3 ino=683425
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
kernel: audit(1138958719.003:5): avc:  denied  { mounton } for  pid=1462
comm="mount" name="home" dev=hda3 ino=683425
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir

kernel: SELinux: initialized (dev hda1, type ntfs), uses genfs_contexts
Feb  3 04:25:39 soncomputer kernel: Adding 1020088k swap on /dev/hda5.
Priority:-1 extents:1 across:1020088k
kernel: SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses
genfs_contexts
kernel: audit(1138958720.667:6): avc:  granted  { execmem } for
pid=1550 comm="kudzu" scontext=system_u:system_r:kudzu_t:s0
tcontext=system_u:system_r:kudzu_t:s0 tclass=process
kernel: audit(1138958720.667:7): avc:  granted  { execmem } for
pid=1550 comm="kudzu" scontext=system_u:system_r:kudzu_t:s0
tcontext=system_u:system_r:kudzu_t:s0 tclass=process
kernel: audit(1138958722.099:8): avc:  denied  { read } for  pid=1541
comm="readahead" name="display" dev=ramfs ino=4029
scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:object_r:ramfs_t:s0 tclass=file
kernel: audit(1138958722.099:9): avc:  denied  { read } for  pid=1541
comm="readahead" name="rhgb-console" dev=ramfs ino=4107
scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:object_r:ramfs_t:s0 tclass=fifo_file
kernel: audit(1138958725.539:10): avc:  denied  { read } for  pid=1541
comm="readahead" name="display" dev=ramfs ino=4029
scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:object_r:ramfs_t:s0 tclass=file
kernel: audit(1138958725.539:11): avc:  denied  { read } for  pid=1541
comm="readahead" name="rhgb-console" dev=ramfs ino=4107
scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:object_r:ramfs_t:s0 tclass=fifo_file

kernel: inode_doinit_with_dentry:  context_to_sid(unlabeled) returned 22
for dev=hda3 ino=1822979
kernel: audit(1138958733.996:12): avc:  denied  { mounton } for
pid=1815 comm="mount" name="rpc_pipefs" dev=hda3 ino=1822979
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
kernel: audit(1138958733.996:13): avc:  denied  { mounton } for
pid=1815 comm="mount" name="rpc_pipefs" dev=hda3 ino=1822979
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
kernel: SELinux: initialized (dev rpc_pipefs, type rpc_pipefs), uses
genfs_contexts
kernel: SELinux: initialized (dev 0:14, type nfs), uses genfs_contexts
Feb  3 04:25:39 soncomputer kernel: audit(1138958734.600:14): avc:
denied  { mounton } for  pid=1858 comm="mount" name="boot" dev=hda3
ino=195265 scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
kernel: audit(1138958734.600:15): avc:  denied  { mounton } for
pid=1858 comm="mount" name="boot" dev=hda3 ino=195265
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
kernel: audit(1138958734.600:16): avc:  denied  { mounton } for
pid=1858 comm="mount" name="home" dev=hda3 ino=683425
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
kernel: audit(1138958734.600:17): avc:  denied  { mounton } for
pid=1858 comm="mount" name="home" dev=hda3 ino=683425
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
kernel: SELinux: initialized (dev autofs, type autofs), uses
genfs_contexts

kernel: inode_doinit_with_dentry:  context_to_sid(unlabeled) returned 22
for dev=hda3 ino=1985186
kernel: inode_doinit_with_dentry:  context_to_sid(unlabeled) returned 22
for dev=hda3 ino=1985189

More information about the devel mailing list