Re: SELinux blocks access to device files when booting 2.6.32.* kernels (fc12)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/21/2010 03:03 AM, Karl-Michael Schneider wrote:
> I did some more debugging: booted both kernels in single user mode,
> then listed the security contexts in /dev:
> 
> kernel-2.6.31.12-174.2.22.fc12:
> $ ls -Zd /dev
> drwxr-xr-x. root root system_u:object_r:device_t:s0    /dev
> files in /dev are labeled according to
> /etc/selinux/targeted/contexts/files/file_contexts
> 
> kernel-2.6.32.12-115.fc12:
> $ ls -Zd /dev
> drwxr-xr-x. root root system_u:object_r:unlabeled_t:s0    /dev
> all files /dev are unlabeled_t
> 
> But
> $ fixfiles check /dev
> prints nothing.
> 
> On Thu, May 20, 2010 at 1:57 PM, Karl-Michael Schneider
> <karlmicha@xxxxxxxxx> wrote:
>> I cannot boot any 2.6.32.* kernel, right after udev is started I see
>> console messages like
>>
>> ln: creating symbolic link "/dev/fd": Permission denied
>>
>> and then booting is very slow and mounting the local file systems
>> fails. I believe it is a problem with SELinux because when I add
>> enforcing=0 to the kernel parameters in grub, it boots with no
>> problems, although I see many console messages like
>>
>> udev-work[678]: setfilecon /dev/fd failed: Operation not supported
>>
>> I also have a 2.6.31.12-174.2.22 kernel installed which I can boot and
>> which doesn't have this problem. But every newer kernel that I
>> installed does not boot when SELinux is enforcing.
>>
>> I relabeled the filesystem, but it didn't help.
>>
>> Any ideas what I can try next?
>>
What file system is /dev?

What does
# restorecon -R -v /dev
do?


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkv2bsMACgkQrlYvE4MpobMYeACdF7Oxmc0rxiGoYsFVT1A8J3ub
VXkAnjChY769Hqt5JJEFksRGvvwQcETd
=OPJ1
-----END PGP SIGNATURE-----
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux