[FC3] kernel panic after selinux-policy-targeted update

Erik P. Olsen erik at epo.dk
Wed Jun 29 14:28:06 UTC 2005 

On Wed, 2005-06-29 at 09:55 -0400, Stephen Smalley wrote:
> On Tue, 2005-06-28 at 12:41 -0700, Ankit Jain wrote:
> > i updated the new kernel 2.6.11-1.35_FC3 and new selinux policy. The
> > only error I am getting is:
> > audit(1119984375.342:0): avc:  denied  { execmod } for  pid=4185
> > comm=kdm path=/usr/bin/kdm dev=hda7 ino=49541
> > scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:bin_t
> > tclass=file
> > and because of this I am unable to start the X-server unless I make
> > enforcing=0 while booting or change /etc/selinux/config.
> > Is this some problem with KDE? I updated my system to KDE 3.4 from kde-redhat.
> 
> Are you running the new kernel?  uname -r
> If not, then see if you still have a problem after booting it.  Other
> users have reported that they do not encounter such denials with
> 1.35_FC3, only with older kernels.
I have seen the following denials with 1.35_FC3:

Jun 27 21:46:10 epo kernel: audit(1119901570.501:0): avc:  denied
{ execmod } for  pid=20186 comm=gpg path=/usr/bin/gpg dev=hdb8
ino=328924 scontext=user_u:system_r:unconfined_t
tcontext=system_u:object_r:bin_t tclass=file
Jun 27 21:46:36 epo kernel: audit(1119901596.637:0): avc:  denied
{ execmod } for  pid=20201 comm=gpg path=/usr/bin/gpg dev=hdb8
ino=328924 scontext=user_u:system_r:unconfined_t
tcontext=system_u:object_r:bin_t tclass=file
Jun 27 21:46:36 epo kernel: audit(1119901596.639:0): avc:  denied
{ execmod } for  pid=20202 comm=gpg path=/usr/bin/gpg dev=hdb8
ino=328924 scontext=user_u:system_r:unconfined_t
tcontext=system_u:object_r:bin_t tclass=file
Jun 27 21:46:36 epo kernel: audit(1119901596.673:0): avc:  denied
{ execmod } for  pid=20203 comm=gpg path=/usr/bin/gpg dev=hdb8
ino=328924 scontext=user_u:system_r:unconfined_t
tcontext=system_u:object_r:bin_t tclass=file
Jun 27 21:46:58 epo kernel: audit(1119901618.120:0): avc:  denied
{ execmod } for  pid=20207 comm=gpg path=/usr/bin/gpg dev=hdb8
ino=328924 scontext=user_u:system_r:unconfined_t
tcontext=system_u:object_r:bin_t tclass=file
Jun 27 21:46:58 epo kernel: audit(1119901618.178:0): avc:  denied
{ execmod } for  pid=20208 comm=gpg path=/usr/bin/gpg dev=hdb8
ino=328924 scontext=user_u:system_r:unconfined_t
tcontext=system_u:object_r:bin_t tclass=file
Jun 27 21:46:58 epo kernel: audit(1119901618.233:0): avc:  denied
{ execmod } for  pid=20209 comm=gpg path=/usr/bin/gpg dev=hdb8
ino=328924 scontext=user_u:system_r:unconfined_t
tcontext=system_u:object_r:bin_t tclass=file
Jun 27 21:47:56 epo kernel: audit(1119901676.202:0): avc:  denied
{ execmod } for  pid=20211 comm=gpg path=/usr/bin/gpg dev=hdb8
ino=328924 scontext=user_u:system_r:unconfined_t
tcontext=system_u:object_r:bin_t tclass=file

I am now running in permissive mode otherwise I get too many problems
that I can't solve.

> 
> -- 
> Stephen Smalley
> National Security Agency
> 
-- 
Regards,
Erik P. Olsen
GPG http://pgp.mit.edu 0x71375E63
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050629/ef1e5e7d/attachment-0001.sig>

More information about the fedora-list mailing list