Boot messages in 2.6.8-524

Sat Aug 21 15:48:27 UTC 2004

On Sun, 22 Aug 2004 00:08, Steve G <linux_4ever at yahoo.com> wrote:
> Mounting local filesystem
> Can't open RNG file /dev/hw_random no such file or directory
> enable swap...
>
> I haven't seen this before. I traced the message string to /sbin/rngd. Is
> this error something that we should worry about? Something wanted a random
> number and it aint gonna get it.

rngd copies data from the hardware random number source to /dev/random (the 
kernel random number source).  Without it /dev/random gets populated by 
key-press intervals, network interrupt times, and other events which may not 
be sufficiently random or common.

It seems that rngd expects /dev/hwrandom while udev with the FC3T1 kernel 
creates /dev/hw_random.  I haven't checked the latest kernel to see whether 
this has changed.

> Aug 21 09:00:13 buildhost kernel: SELinux:  Initializing.
> Aug 21 09:00:13 buildhost kernel: SELinux:  Starting in permissive mode
> Aug 21 09:00:13 buildhost kernel: There is already a security framework
> initialized, register_security failed.
> Aug 21 09:00:13 buildhost kernel: selinux_register_security:  Registering
> secondary module capability
> Aug 21 09:00:13 buildhost kernel: Capability LSM initialized as secondary
>
> OK, why did selinux fail registering?

Bogus error message.  SE Linux needs the capability module for full 
functionality but you get an error when both are loaded.  Things work fine 
anyway.

> Aug 21 09:00:16 buildhost kernel: security:  3 users, 4 roles, 251 types,
> 12 bools
> Aug 21 09:00:16 buildhost kernel: security:  53 classes, 3895 rules
> Aug 21 09:00:16 buildhost kernel: SELinux:  Completing initialization.
>
> SE Linux is just now finishing its init? Why have other daemons and SE
> Linux applications been running? Is there a synchonization barrier that

I believe that hotplug is spawned by kernel threads and can start before init.  
The policy is loaded and SE Linux init is complete before init starts running 
with full functionality (IE before rc.sysinit is run).

> stops any SE Linux aware application from running until the whole rule set
> is finished loading? Is there a window of opportunity that a malicious
> application could run before SE Linux has done its thing? Like maybe
> disable SE Linux?

No.  The machine is a long way from multi-user mode at that stage.

> Aug 21 09:00:16 buildhost kernel: Adding 2096440k swap on /dev/sda5. 
> Priority:-1 extents:1
> Aug 21 09:00:16 buildhost kernel: audit(1093093168.059:0): avc:  denied  {
> mounton } for  pid=1117 exe=/bin/mount path=/proc/sys/fs/binfmt_misc
> dev=proc ino=-268435430 scontext=user_u:system_r:unconfined_t
> tcontext=system_u:object_r:sysctl_t tclass=dir
> Aug 21 09:00:16 buildhost kernel: audit(1093093168.059:0): avc:  denied  {
> mounton } for  pid=1117 exe=/bin/mount path=/proc/sys/fs/binfmt_misc
> dev=proc ino=-268435430 scontext=user_u:system_r:unconfined_t
> tcontext=system_u:object_r:sysctl_t tclass=dir
>
> Yep, SE Linux is now active, starting to see avc's.

What script is calling this mount?  It's a bug in policy but I'd like to get 
more info before making changes.

> Aug 21 09:00:18 buildhost crond: crond startup succeeded
> Aug 21 09:00:18 buildhost anacron: anacron startup succeeded
> Aug 21 09:00:19 buildhost messagebus: messagebus startup succeeded
> Aug 21 09:00:19 buildhost haldaemon: haldaemon startup succeeded
>
> OK, way down here at the very end haldaemon is active. Isn't this way late?

I was under the impression that kudzu requires hal.  If that means it needs 
haldaemon to be active then you are correct and it is too late.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page