After installing the latest packages from the development tree, (including selinux-policy-strict-1.15.8-3, etc.), booting with strict/enforcing hangs (but it works with strict/permissive).
[Same behavior with both 494 and 499 kernel. And I did a 'fixfiles relabel' to no avail.]
Here are the last entries from the log:
Jul 28 20:30:45 fedora ntpd[2203]: kernel time sync status 0040 Jul 28 20:30:45 fedora xinetd[2179]: xinetd Version 2.3.13 started with libwrap loadavg options compiled in. Jul 28 20:30:45 fedora xinetd[2179]: Started working: 1 available service Jul 28 20:30:45 fedora ntpd[2203]: frequency initialized 70.900 PPM from /var/lib/ntp/drift Jul 28 20:30:45 fedora ntpd[2203]: configure: keyword "authenticate" unknown, line ignored Jul 28 20:30:45 fedora kernel: Installing knfsd (copyright (C) 1996 okir@monad.swb.de). Jul 28 20:30:45 fedora kernel: SELinux: initialized (dev nfsd, type nfsd), uses genfs_contexts Jul 28 20:30:45 fedora nfs: Starting NFS services: succeeded Jul 28 20:30:45 fedora nfs: rpc.rquotad startup succeeded Jul 28 20:30:45 fedora nfs: rpc.nfsd startup succeeded Jul 28 20:30:45 fedora nfs: rpc.mountd startup succeeded Jul 28 20:30:45 fedora rpcidmapd: rpc.idmapd -SIGHUP succeeded Jul 28 20:30:50 fedora udev[2271]: creating device node '/dev/lp0' Jul 28 20:30:50 fedora kernel: audit(1091071850.411:0): avc: denied { search } for pid=2279 exe=/bin/bash name=lock dev=hda2 ino=4456478 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:var_lock_t tclass=dir
HANGS HERE.... ALT-CTL-DEL
Jul 28 20:31:15 fedora shutdown: shutting down for system reboot Jul 28 20:31:15 fedora init: Switching to runlevel: 6
I thought that perhaps the udev message was indicating something, so I added allow udev_t var_lock_t:dir r_dir_perms; but this seems to be a red herring, all that did was to remove the avc..... still hangs.
Any ideas? tom
Tom London wrote:
After installing the latest packages from the development tree, (including selinux-policy-strict-1.15.8-3, etc.), booting with strict/enforcing hangs (but it works with strict/permissive).
Do you have any additional messages from strict/permissive?
Dan
[Same behavior with both 494 and 499 kernel. And I did a 'fixfiles relabel' to no avail.]
Here are the last entries from the log:
Jul 28 20:30:45 fedora ntpd[2203]: kernel time sync status 0040 Jul 28 20:30:45 fedora xinetd[2179]: xinetd Version 2.3.13 started with libwrap loadavg options compiled in. Jul 28 20:30:45 fedora xinetd[2179]: Started working: 1 available service Jul 28 20:30:45 fedora ntpd[2203]: frequency initialized 70.900 PPM from /var/lib/ntp/drift Jul 28 20:30:45 fedora ntpd[2203]: configure: keyword "authenticate" unknown, line ignored Jul 28 20:30:45 fedora kernel: Installing knfsd (copyright (C) 1996 okir@monad.swb.de). Jul 28 20:30:45 fedora kernel: SELinux: initialized (dev nfsd, type nfsd), uses genfs_contexts Jul 28 20:30:45 fedora nfs: Starting NFS services: succeeded Jul 28 20:30:45 fedora nfs: rpc.rquotad startup succeeded Jul 28 20:30:45 fedora nfs: rpc.nfsd startup succeeded Jul 28 20:30:45 fedora nfs: rpc.mountd startup succeeded Jul 28 20:30:45 fedora rpcidmapd: rpc.idmapd -SIGHUP succeeded Jul 28 20:30:50 fedora udev[2271]: creating device node '/dev/lp0' Jul 28 20:30:50 fedora kernel: audit(1091071850.411:0): avc: denied { search } for pid=2279 exe=/bin/bash name=lock dev=hda2 ino=4456478 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:var_lock_t tclass=dir
HANGS HERE.... ALT-CTL-DEL
Jul 28 20:31:15 fedora shutdown: shutting down for system reboot Jul 28 20:31:15 fedora init: Switching to runlevel: 6
I thought that perhaps the udev message was indicating something, so I added allow udev_t var_lock_t:dir r_dir_perms; but this seems to be a red herring, all that did was to remove the avc..... still hangs.
Any ideas? tom -- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
selinux@lists.fedoraproject.org
-
Daniel J Walsh -
Tom London