latest dev pgks: strict/enforcing boot hangs....

Tom London selinux at comcast.net
Thu Jul 29 15:37:57 UTC 2004


nope. Thats all I get. When I added an allow rule
to search /var/lock, I got another one for 'getattr'
(so I did the r_dir_perms).

But thats all.

Should I do an 'enableaudit'?

tom


> ------------------------------------------------------------------------
>
>     * /From/: Daniel J Walsh <dwalsh redhat com>
>
> ------------------------------------------------------------------------
> Tom London wrote:
>
>After installing the latest packages from the development tree,
>(including selinux-policy-strict-1.15.8-3, etc.), booting with
>strict/enforcing hangs (but it works with strict/permissive).
>    
>
>
> Do you have any additional messages from strict/permissive?
>
> Dan
>
>[Same behavior with both 494 and 499 kernel. And I did
>a 'fixfiles relabel' to no avail.]
>
>
>     Here are the last entries from the log:
>
>     Jul 28 20:30:45 fedora ntpd[2203]: kernel time sync status 0040
>     Jul 28 20:30:45 fedora xinetd[2179]: xinetd Version 2.3.13 started
>     with libwrap loadavg options compiled in.
>     Jul 28 20:30:45 fedora xinetd[2179]: Started working: 1 available
>     service
>     Jul 28 20:30:45 fedora ntpd[2203]: frequency initialized 70.900
>     PPM from /var/lib/ntp/drift
>     Jul 28 20:30:45 fedora ntpd[2203]: configure: keyword
>     "authenticate" unknown, line ignored
>     Jul 28 20:30:45 fedora kernel: Installing knfsd (copyright (C)
>     1996 okir monad swb de).
>     Jul 28 20:30:45 fedora kernel: SELinux: initialized (dev nfsd,
>     type nfsd), uses genfs_contexts
>     Jul 28 20:30:45 fedora nfs: Starting NFS services: succeeded
>     Jul 28 20:30:45 fedora nfs: rpc.rquotad startup succeeded
>     Jul 28 20:30:45 fedora nfs: rpc.nfsd startup succeeded
>     Jul 28 20:30:45 fedora nfs: rpc.mountd startup succeeded
>     Jul 28 20:30:45 fedora rpcidmapd: rpc.idmapd -SIGHUP succeeded
>     Jul 28 20:30:50 fedora udev[2271]: creating device node '/dev/lp0'
>     Jul 28 20:30:50 fedora kernel: audit(1091071850.411:0): avc:
>     denied { search } for pid=2279 exe=/bin/bash name=lock dev=hda2
>     ino=4456478 scontext=system_u:system_r:udev_t
>     tcontext=system_u:object_r:var_lock_t tclass=dir
>
>     HANGS HERE.... ALT-CTL-DEL
>
>Jul 28 20:31:15 fedora shutdown: shutting down for system reboot
>Jul 28 20:31:15 fedora init: Switching to runlevel: 6
>
>
>I thought that perhaps the udev message was indicating something, so I
>added
>   allow udev_t var_lock_t:dir r_dir_perms;
>but this seems to be a red herring,
>all that did was to remove the avc..... still hangs.
>
>
>Any ideas?
>  tom
>--
>fedora-selinux-list mailing list
>fedora-selinux-list redhat com
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>    
>




More information about the selinux mailing list