SELinux blocks access to device files when booting 2.6.32.* kernels (fc12)
Daniel J Walsh
dwalsh at redhat.com
Fri May 21 11:30:11 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/21/2010 03:03 AM, Karl-Michael Schneider wrote:
> I did some more debugging: booted both kernels in single user mode,
> then listed the security contexts in /dev:
>
> kernel-2.6.31.12-174.2.22.fc12:
> $ ls -Zd /dev
> drwxr-xr-x. root root system_u:object_r:device_t:s0 /dev
> files in /dev are labeled according to
> /etc/selinux/targeted/contexts/files/file_contexts
>
> kernel-2.6.32.12-115.fc12:
> $ ls -Zd /dev
> drwxr-xr-x. root root system_u:object_r:unlabeled_t:s0 /dev
> all files /dev are unlabeled_t
>
> But
> $ fixfiles check /dev
> prints nothing.
>
> On Thu, May 20, 2010 at 1:57 PM, Karl-Michael Schneider
> <karlmicha at gmail.com> wrote:
>> I cannot boot any 2.6.32.* kernel, right after udev is started I see
>> console messages like
>>
>> ln: creating symbolic link "/dev/fd": Permission denied
>>
>> and then booting is very slow and mounting the local file systems
>> fails. I believe it is a problem with SELinux because when I add
>> enforcing=0 to the kernel parameters in grub, it boots with no
>> problems, although I see many console messages like
>>
>> udev-work[678]: setfilecon /dev/fd failed: Operation not supported
>>
>> I also have a 2.6.31.12-174.2.22 kernel installed which I can boot and
>> which doesn't have this problem. But every newer kernel that I
>> installed does not boot when SELinux is enforcing.
>>
>> I relabeled the filesystem, but it didn't help.
>>
>> Any ideas what I can try next?
>>
What file system is /dev?
What does
# restorecon -R -v /dev
do?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkv2bsMACgkQrlYvE4MpobMYeACdF7Oxmc0rxiGoYsFVT1A8J3ub
VXkAnjChY769Hqt5JJEFksRGvvwQcETd
=OPJ1
-----END PGP SIGNATURE-----
More information about the users
mailing list