getting SELinix back active, cannot boot right now if active

Jim Cornette fct-cornette at insight.rr.com
Thu Sep 15 02:17:15 UTC 2005


Bikehead wrote:
> Jim Cornette wrote:
> 
>> John Ellson wrote:
>>
>>> Willem Riede wrote:
>>>
>>>> On 09/13/2005 10:10:15 AM, Build System wrote:
>>>>  
>>>>
>>>>> kernel-2.6.13-1.1552_FC5
>>>>> ------------------------
>>>>> * Tue Sep 13 2005 Dave Jones <davej at redhat.com>
>>>>> - 2.6.14-rc1
>>>>>
>>>>> * Mon Sep 12 2005 Dave Jones <davej at redhat.com>
>>>>> - 2.6.13-git12
>>>>>   
>>>>
>>>>
>>>>
>>>>
>>>> On my Opteron the x86_64 kernel panics early in the boot process
>>>> [some event preceeded this but is scrolled off screen to fast to read]:
>>>>
>>>> Code: 0f 0b 68 3b 96 37 80 c2 96 02 eb 20 48 8b 02 48 83 c2 18 48
>>>> RIP <ffffffff801688f1>{kmem_find_general_cachep+10} RSP 
>>>> <ffffffff80567ee8>
>>>> <0>Kernel panic - not syncing: Attempted to kill the idle task!
>>>>
>>>> Call Trace:<ffffffff80134c51>{panic+133} 
>>>> <ffffffff80354245>{spin_unlock_irq+9}
>>>> <ffffffff80353bd3>{__down_read+50} <ffffffff8010f2da>{show_stack+202}
>>>> <ffffffff803541e8>{_spin_lock_irqsave+9} 
>>>> <ffffffff80203011>{__up_read+19}
>>>> <ffffffff801376bf>{do_exit+149} 
>>>> <ffffffff80259662>{do_unblank_screen+45}
>>>> <ffffffff8010f7bc>{default_do_nmi+0} 
>>>> <ffffffff8010ff63>{do_invalid_op+163}
>>>> <ffffffff801688f1>{kmem_find_general_cachep+10}
>>>> <ffffffff8010e86d>{error_exit+0}
>>>> <ffffffff801688f1>{kmem_find_general_cachep+10}
>>>> <ffffffff80169775>{kmalloc_node+15}
>>>> <ffffffff8016bd16>{kmem_cache_create+2066}
>>>> <ffffffff8057db08>{kmem_cache_init+661}
>>>> <ffffffff80568753>{start_kernel+323} <ffffffff8056821d>{_sinittext+541}
>>>>
>>>> I hope I have better luck with tomorrow's kernel... Willem Riede.
>>>>
>>>>
>>>>  
>>>>
>>> Nope.  I'm  having the same problem with 1553 today.  (at least, 
>>> sounds like the same, but I haven't
>>> versified the details of the panic).
>>>
>>> I'm back to 1549  on x86_64
>>>
>>> Also, 155[23] fail on all i386 boxes  unless I start with selinux=0
>>
>>
>>
>> I tried kernel versions from FC4 and they failed unless selinux=0 was 
>> passed to the kernel. I even went into runlevel 1 with selinux=0 and 
>> running fixfiles relabel. The halt that I get with selinux enabled is 
>> the ID"1" on tty1, ID "2" on tty2 .....tty6
>>
>> Before relabeling, I got the lockup during detecting hardware when 
>> booting.
>>
>> Jim
>>
>>>
>>> John
>>>
>>
>>
> After upgrading two days ago,  I cannot boot without selinux=0.  The 
> kernel stop after "Initializing hardware...".  I get a *lot* of messages 
> like "/etc/selinux/targeted/context/files/file_contexts:  line 1729 has 
> invalid context system_u:object_r:bin_t".  Usually the line number 
> changes, but there are other files and context.  In fact there are so 
> many messages I cannot scroll to the top to see what starts it.
> 
> It appears there is something wrong with the targeted context files, but 
> nothing appears in the log so I cannot assertain the root cause of the 
> context failure.
> 
> I tried relabeling with no success.  I even wiped my disk, reinstalled 
> FC4 and did a fresh upgrade to development.  I see the exact same 
> behavior.  Is anyone else seeing this?  If I've done something to screw 
> up selinux how do I get it back?
> 
> 

This happened to me from 9/8/2005 when mentioned on this date. Russel 
looked at some of the avc errors that seemed to point to the below excerpt.
rc>It looks like the main problem is related to udev as the device nodes
rc>have the wrong labels.

He also mentioned booting with audit=1 to get more descriptive error 
messages.
rc>Booting with "audit=1" in these situations is a good idea as it makes 
rc>the AVC messages much more informative.

I also did a fresh install of FC4, upgraded to the most recent updates, 
then trailed up to development. I did not experience the boot problem 
until I finally installed some "se*" packages via yum.
A problem with a corrupted rpmdb put me into a loop and prevented me 
from being able to install packages related to ImageMagick. I was not 
able to update all my programs until after I ran rpm --rebuilddb which 
corrected the error related to ImageMagick. After all this was 
corrected, the system still would not boot successfully w/ selinux 
active. The system installs updates now, with no need to exclude 
programs for update.

Jim


-- 
C'mon! political protest! sheesh. Where's that anarchist spirit? ;-)
         -- Decklin Foster




More information about the fedora-test-list mailing list