Install of latest packages....kernel-2.6.6-1.421 fails, selinux-policy-strict-1.13.3-2 succeeds

Tom London selinux at comcast.net
Fri Jun 4 18:06:07 UTC 2004 

I did a 'yum update' to pick up the latest stuff from the development 
and Arjan's tree. I worked around the rpm conflicts from early stuff in 
the development tree.

The kernel update (421) still fails under strict/enforcing mode. The 
context labels now appear to be in the rpm file, but I'm getting similar 
messages:
    ...... lots and lots of WARNING messages like:
    WARNING: Couldn't stat 
/lib/modules/2.6.6-1.421/build/include/asm-i386/ptrace.h: Permission denied
    WARNING: Couldn't stat 
/lib/modules/2.6.6-1.421/build/include/asm-i386/bug.h: Permission denied
    WARNING: Couldn't stat 
/lib/modules/2.6.6-1.421/build/include/asm-i386/serial.h: Permission denied
    WARNING: Couldn't stat /lib/modules/2.6.6-1.421/build/mm/Makefile: 
Permission denied
    FATAL: Could not open /lib/modules/2.6.6-1.421/modules.dep.temp for 
writing: Permission denied
    /bin/bash: /root/.bashrc: Permission denied
    No dep file found for kernel 2.6.6-1.421
    mkinitrd failed

My previous workaround (do 'setenforce 0; yum ....' followed by a 
relabel) did not work this time. The mkinitrd now fails even under 
permissive mode:
    [root at dell selinux]# setenforce 0
    [root at dell selinux]# yum install kernel
    Gathering header information file(s) from server(s)
    Server: Test Linux 2.6-test prerelease kernels
    Server: Fedora Core 2 - i386 - Base
    Server: Fedora Core 2 - Development Tree
    Server: Fedora Core 2 - i386 - Released Updates
    Finding updated packages
    Downloading needed headers
    Resolving dependencies
    Dependencies resolved
    I will do the following:
    [install: kernel 2.6.6-1.421.i686]
    Is this ok [y/N]: y
    Downloading Packages
    Running test transaction:
    Test transaction complete, Success!
    kernel 100 % done 1/1
    memlock: Cannot allocate memory
    Couldn't lock into memory, exiting.
    mkinitrd failed

Since the latest kernel's seemed to have auditing off, I can't locate 
anything interesting in /var/log/messages.  (Looks like CONFIG_AUDIT is 
set to y in 421.)

Since the label now appear correct in the rpm file, could this be 
something in the policy/context files?  Any ideas?

The install of the 1.13.3-2 policy packages seemed to work OK. It left 
my /etc/selinux/config file untouched. (I guess I should have removed it 
prior to install.....sorry).

tom

More information about the fedora-selinux-list mailing list