[Fedora8] SElinux bug

Stephen Smalley sds at tycho.nsa.gov
Thu Jun 12 16:48:36 UTC 2008


On Thu, 2008-06-12 at 11:02 -0400, Daniel J Walsh wrote:
> hicham wrote:
> > Hello
> > I had this morning a "freeze", where I could not shutdown X server or
> > the laptop properly, looking at /var/log/messages:
> > I found what I suspect a selinux bug :
> > 
> > Jun 12 12:19:00 laptop kernel: SELinux:  out of range capability -555425744
> > Jun 12 12:19:00 laptop kernel: ------------[ cut here ]------------
> > Jun 12 12:19:00 laptop kernel: kernel BUG at security/selinux/hooks.c:1332!
> > Jun 12 12:19:00 laptop kernel: invalid opcode: 0000 [#1] SMP
> > Jun 12 12:19:00 laptop kernel: Modules linked in: iptable_nat xt_limit
> > xt_tcpudp iptable_mangle ipt_LOG ipt_MASQUERADE nf_nat xt_DSCP
> > ipt_REJE
> > CT nf_conntrack_irc nf_conntrack_ftp nf_conntrack_ipv4 xt_state
> > nf_conntrack iptable_filter ip_tables x_tables pppoatm pppoe pppox
> > ppp_synctty
> >  ppp_async ppp_generic slhc appletalk ipx p8023 ipv6 cpufreq_ondemand
> > acpi_cpufreq vfat fat dm_mirror dm_multipath dm_mod parport_pc
> > smsc_ircc
> > 2 parport irda crc_ccitt pcspkr floppy serio_raw snd_intel8x0
> > snd_seq_dummy snd_seq_oss video snd_seq_midi_event snd_seq output
> > snd_seq_device
> >  snd_intel8x0m fglrx(P)(U) snd_ac97_codec snd_pcm_oss ac97_bus tg3
> > snd_mixer_oss snd_pcm wmi snd_timer battery snd ac soundcore
> > snd_page_alloc
> >  button iTCO_wdt i2c_i801 i2c_core iTCO_vendor_support joydev speedtch
> > usbatm sr_mod cdrom atm sg pata_acpi ata_generic ata_piix libata
> > sd_mod
> >  scsi_mod ext3 jbd mbcache uhci_hcd ohci_hcd ehci_hcd [last unloaded: microcode]
> > Jun 12 12:19:00 laptop kernel:
> > Jun 12 12:19:00 laptop kernel: Pid: 2036, comm: X Tainted: P
> > (2.6.25.4-10.fc8 #1)
> > Jun 12 12:19:00 laptop kernel: EIP: 0060:[<c04cd270>] EFLAGS: 00213246 CPU: 0
> > Jun 12 12:19:00 laptop kernel: EIP is at task_has_capability+0x46/0x79
> > Jun 12 12:19:00 laptop kernel: EAX: 00000030 EBX: dee4e030 ECX:
> > c07195e4 EDX: 00000000
> > Jun 12 12:19:00 laptop kernel: ESI: df191740 EDI: df18deb0 EBP:
> > df18debc ESP: df18de6c
> > Jun 12 12:19:00 laptop kernel:  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
> > Jun 12 12:19:00 laptop kernel: Process X (pid: 2036, ti=df18d000
> > task=df160000 task.ti=df18d000)
> > Jun 12 12:19:00 laptop kernel: Stack: c06d7792 dee4e030 df160000
> > 00000003 df160000 dee4e030 00000000 00000000
> > Jun 12 12:19:00 laptop kernel:        00000000 00000000 00000000
> > 00000000 00000000 00000000 00000000 00000000
> > Jun 12 12:19:00 laptop kernel:        00000000 dee4e030 df160000
> > df148000 df18decc c04cd2c2 df160000 e0d000c0
> > Jun 12 12:19:00 laptop kernel: Call Trace:
> > Jun 12 12:19:00 laptop kernel:  [<c04cd2c2>] ? selinux_capable+0x1f/0x23
> > Jun 12 12:19:00 laptop kernel:  [<c04c9685>] ? security_capable+0xc/0xe
> > Jun 12 12:19:00 laptop kernel:  [<c042c9ff>] ? __capable+0xb/0x1f
> > Jun 12 12:19:00 laptop kernel:  [<e0bf5050>] ?
> > firegl_cmmqs_CWDDE32+0x0/0x110 [fglrx]
> > Jun 12 12:19:00 laptop kernel:  [<c042ca23>] ? capable+0x10/0x12
> > Jun 12 12:19:00 laptop kernel:  [<e0bda477>] ? firegl_ioctl+0xe7/0x220 [fglrx]
> > Jun 12 12:19:00 laptop kernel:  [<c0439d7f>] ? ktime_get_ts+0x45/0x49
> > Jun 12 12:19:00 laptop kernel:  [<c0439d96>] ? ktime_get+0x13/0x2f
> > Jun 12 12:19:00 laptop kernel:  [<e0bcfc66>] ? ip_firegl_ioctl+0xe/0x10 [fglrx]
> > Jun 12 12:19:00 laptop kernel:  [<c048acfa>] ? vfs_ioctl+0x4e/0x67
> > Jun 12 12:19:00 laptop kernel:  [<c048af75>] ? do_vfs_ioctl+0x262/0x279
> > Jun 12 12:19:00 laptop kernel:  [<c04d016e>] ? selinux_file_ioctl+0xa8/0xab
> > Jun 12 12:19:00 laptop kernel:  [<c048afcc>] ? sys_ioctl+0x40/0x5c
> > Jun 12 12:19:00 laptop kernel:  [<c0405b7a>] ? syscall_call+0x7/0xb
> > Jun 12 12:19:00 laptop kernel:  =======================
> > Jun 12 12:19:00 laptop kernel: Code: 05 00 00 89 d0 f3 ab 8b 4d b8 89
> > d8 b2 04 c1 f8 05 c6 45 bc 03 89 5d c4 89 4d c0 74 19 48 74 11 53 68
> > 92 77 6d c0 e8 fd 9e f5 ff <0f> 0b 58 5a eb fe ba 45 00 00 00 8b 46 08
> > 83 e3 1f 0f b7 f2 8d
> > Jun 12 12:19:00 laptop kernel: EIP: [<c04cd270>]
> > task_has_capability+0x46/0x79 SS:ESP 0068:df18de6c
> > Jun 12 12:19:00 laptop kernel: ---[ end trace fd35f97fc34637fa ]---
> > Jun 12 12:19:00 laptop kernel: [fglrx:firegl_release] *ERROR* device busy: 1 0
> > Jun 12 12:19:00 laptop kernel: [fglrx] release failed with code -EBUSY
> > 
> Please open a bugzilla

It is a bug in the proprietary fglrx driver, not in SELinux.
SELinux is just the messenger here.

-- 
Stephen Smalley
National Security Agency




More information about the fedora-list mailing list