Dracut or Selinux problem with update to kernel-2.6.31-2.fc12.x86_64 ?

martin tack tack649 at gmail.com
Mon Sep 14 13:49:26 UTC 2009


2009/9/14 Antonio Olivares <olivares14031 at yahoo.com>

>
>
> --- On Mon, 9/14/09, martin tack <tack649 at gmail.com> wrote:
>
> > From: martin tack <tack649 at gmail.com>
> > Subject: Dracut or Selinux problem with update to
> kernel-2.6.31-2.fc12.x86_64 ?
> > To: fedora-test-list at redhat.com
> > Date: Monday, September 14, 2009, 12:34 AM
> > Reboot after update halts on gdm with black
> > screen .
> >
> > gdm is active but not visible ,because one hit of tab and
> > enter reboots .
> >
> > While this was the first kernel update with dracut
> > initramfs on my system ,I suspect a rules conflict with
> > selinux .
> >
> >
> > See also the avc denials in dmesg ,
> >
> >
> snip-xorg.0.log----------------------------------------------------------------------------------------------------------------------------
> > (II) RADEON(0): Modeline "640x480"x60.0
> > 25.20  640 656 752 800  480 490 492 525 -hsync -vsync
> > (31.5 kHz)
> >
> > (II) RADEON(0): Modeline "640x400"x70.1
> > 25.17  640 656 752 800  400 412 414 449 +hsync -vsync
> > (31.5 kHz)
> > (II) RADEON(0): EDID for output DVI-0
> > (II) RADEON(0): EDID for output S-video
> > (II) AIGLX: Suspending AIGLX clients for VT switch
> >
> > (II) Power Button: Close
> > (II) UnloadModule: "evdev"
> > (II) Power Button: Close
> > (II) UnloadModule: "evdev"
> > (II) Sleep Button: Close
> > (II) UnloadModule: "evdev"
> > (II) HID 046a:0021: Close
> >
> > (II) UnloadModule: "evdev"
> > (II) Logitech USB Receiver: Close
> > (II) UnloadModule: "evdev"
> > (II) Macintosh mouse button emulation: Close
> > (II) UnloadModule: "evdev"
> > (II) HID 046a:0021: Close
> >
> > (II) UnloadModule: "evdev"
> > (II) AT Translated Set 2 keyboard: Close
> > (II) UnloadModule: "evdev"
> > (II) PS/2 Logitech Mouse: Close
> > (II) UnloadModule: "evdev"
> > (WW) xf86CloseConsole: VT_WAITACTIVE failed: Interrupted
> > system call
> >
> >
> snip&end----------------------------------------------------------------------------------------------------------------------------
> >
> > and in dmesg
> >
> >
> snip-dmesg------------------------------------------------------------------------------
> >
> >
> > SELinux: initialized (dev bdev, type bdev), uses
> > genfs_contexts
> > SELinux: initialized (dev rootfs, type rootfs), uses
> > genfs_contexts
> > SELinux: initialized (dev sysfs, type sysfs), uses
> > genfs_contexts
> > type=1403 audit(1252909022.438:3): policy loaded
> > auid=4294967295 ses=4294967295
> >
> > dracut: Switching root
> > udev: starting version 145
> > type=1400 audit(1252909025.411:7): avc:  denied  { read }
> > for  pid=393 comm="modprobe"
> > name="modprobe.d" dev=sda2 ino=58
> > scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023
> > tcontext=system_u:object_r:modules_conf_t:s0 tclass=dir
> >
> > type=1400 audit(1252909025.411:8): avc:  denied  { open }
> > for  pid=393 comm="modprobe"
> > name="modprobe.d" dev=sda2 ino=58
> > scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023
> > tcontext=system_u:object_r:modules_conf_t:s0 tclass=dir
> >
> > shpchp: Standard Hot Plug PCI Controller Driver version:
> > 0.4
> > via-rhine.c:v1.10-LK1.4.3 2007-03-06 Written by Donald
> > Becker
> > via-rhine 0000:00:12.0: PCI INT A -> GSI 23 (level, low)
> > -> IRQ 23
> > eth0: VIA Rhine II at 0xff6ff400, 00:17:31:79:ca:4d, IRQ
> > 23.
> >
> > eth0: MII PHY found at address 1, status 0x786d advertising
> > 01e1 Link 45e1.
> > VIA 82xx Audio 0000:00:11.5: PCI INT C -> GSI 22 (level,
> > low) -> IRQ 22
> > VIA 82xx Audio 0000:00:11.5: setting latency timer to 64
> > type=1400 audit(1252909027.568:9): avc:  denied  { read }
> > for  pid=695 comm="modprobe"
> > name="modprobe.d" dev=sda2 ino=58
> > scontext=system_u:system_r:insmod_t:s0
> > tcontext=system_u:object_r:modules_conf_t:s0 tclass=dir
> >
> > type=1400 audit(1252909027.568:10): avc:  denied  { open
> > } for  pid=695 comm="modprobe"
> > name="modprobe.d" dev=sda2 ino=58
> > scontext=system_u:system_r:insmod_t:s0
> > tcontext=system_u:object_r:modules_conf_t:s0 tclass=dir
> >
> > type=1400 audit(1252909028.179:11): avc:  denied  { read
> > } for  pid=710 comm="modprobe"
> > name="modprobe.d" dev=sda2 ino=58
> > scontext=system_u:system_r:insmod_t:s0
> > tcontext=system_u:object_r:modules_conf_t:s0 tclass=dir
> >
> > type=1400 audit(1252909028.179:12): avc:  denied  { open
> > } for  pid=710 comm="modprobe"
> > name="modprobe.d" dev=sda2 ino=58
> > scontext=system_u:system_r:insmod_t:s0
> > tcontext=system_u:object_r:modules_conf_t:s0 tclass=dir
> >
> > device-mapper: multipath: version 1.1.0 loaded
> > EXT4-fs (sda2): internal journal on sda2:8
> > EXT4-fs (sdc7): barriers enabled
> > kjournald2 starting: pid 795, dev sdc7:8, commit interval 5
> > seconds
> > EXT4-fs (sdc7): internal journal on sdc7:8
> >
> > EXT4-fs (sdc7): delayed allocation enabled
> > EXT4-fs: file extents enabled
> > EXT4-fs: mballoc enabled
> > EXT4-fs (sdc7): mounted filesystem with ordered data mode
> > SELinux: initialized (dev sdc7, type ext4), uses xattr
> >
> > EXT4-fs (sda6): barriers enabled
> >
> > ------------------------------------------------------------------------
> >
> > I've spend allot of time searching bugzilla ,fedora
> > forum ,dracut pages all around ,and found no related
> > problems.
> >
> >
> > Do I have to report this one ? And to what party ?
> >
> > Sincerely ,
> >
> > --
> > Tack Martin
> >
> >
> >
> >
> > -----Inline Attachment Follows-----
> >
> > --
>
> modprobe.d error/denied avc:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=522918
>
> https://bugzilla.redhat.com/show_bug.cgi?id=523039
>
> It is either one or both of them?
>
> BTW, have you tried booting into level 3 and then startx from there.  I
> encountered something similar and overcame it using this trick.  I did not
> report back since I was watching football :(, and apologize in advance.
>
> Regards,
>
> Antonio
>
>
>
>
> --
> fedora-test-list mailing list
> fedora-test-list at redhat.com
> To unsubscribe:
> https://www.redhat.com/mailman/listinfo/fedora-test-list
>

Well ... neither explains WHEN selinux complains. I mean  its unclear in
what
context .
But the latter (your's) seems to be it.

In the meanwhile I had started the system several times with init 3 ,
and sure startx works fine .

 But I suppose it needs some work ,to have a "normal" graphical start.

After experimenting some reinstalls (dracut,selinux,kernel&headers&firmware
,etc)
I thought to simplify the initramfs making my own for this
hardware                              ( #dracut -H ),doing so eliminating
some possible sources of troubles.

It fired back ,now I have problems with dracut making a initramfs !

At this moment I'm in the process of finding out !?

Ill notice when I see the light : )

NB : Controll Alt F# didn't give me a console .Only reboot and init 3 got me
to it.

Regards, and thanks for the reply : )


-- 
Tack Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-test-list/attachments/20090914/5c7806e9/attachment.htm>


More information about the fedora-test-list mailing list