The 'FATAL' message from 'mkinitrd' seems to be due to a problem with 'ulimit' defaults.
A workaround until fixed, install/update kernel only in permissive mode, and make sure you do a 'ulimit -l unlimited' before running 'yum' (so you'll enter 'setenforce 0; ulimit -l unlimited'). I think you'll still get the warnings, but the command will succeed without the fatal error. After the yum 'succeeds', you probably will need to correct the context labels for the kernel files. Easiest way to do that is to run
FC=/etc/selinux/strict/contexts/files/file_contexts
setfiles -v $FC /lib/modules/2.6.6-1.427
setfiles -v $FC /boot
BEFORE you reboot, or to reboot single-user, permissive mode (by adding 'single enforcing=0' to the boot params) and then running 'fixfiles relabel'. Then you can reboot multi-user as usual.
If you've updated more than just the kernel package, you probably want to do the 'boot single-user/permissive, run fixfiles' path.
tom
--------------------------------------
* From: Richard Hally <rhallyx mindspring com>
* To: fedora-selinux-list redhat com
* Subject: avc denied from kernel 427 update
* Date: Sun, 13 Jun 2004 02:29:05 -0400Below a few of the over 100 warning and error messages from doing yum update today.(6/12/04) Of the ones that didn't scroll off, they are all about the 427/build directory tree.
This is in enforcing mode using the most recent strict policy that existed before todays update to
selinux-policy-strict-sources-1.13.4-5. The avc denied messages are further below.
HTH
Richard Hally
-----------------------------------------------------------------------------------------------------
from yum update:
...
WARNING: Couldn't stat /lib/modules/2.6.6-1.427/build/.config: Permission denied
WARNING: Couldn't stat /lib/modules/2.6.6-1.427/build/init/Makefile: Permission denied
WARNING: Couldn't stat /lib/modules/2.6.6-1.427/build/init/Kconfig: Permission denied
FATAL: Could not open /lib/modules/2.6.6-1.427/modules.dep.temp for writing: Permission denied
/bin/bash: /root/.bashrc: Permission denied
No dep file found for kernel 2.6.6-1.427
mkinitrd failed
------------------------------------------------------------------- And here are some of the avc denied messages
Jun 12 19:27:20 new2 kernel: audit(1087082831.128:0): avc: denied { getattr }
for pid=5774 exe=/sbin/depmod path=/lib/modules/2.6.6-1.427/build/net/ipv4/Kconfig dev=hda2 ino=543312 scontext=root:sysadm_r:depmod_t tcontext=system_u:object_r:lib_t tclass=file
Jun 12 19:27:20 new2 kernel: audit(1087082831.142:0): avc: denied { getattr }
for pid=5774 exe=/sbin/depmod path=/lib/modules/2.6.6-1.427/build/.config dev=hda2 ino=525543 scontext=root:sysadm_r:depmod_t tcontext=system_u:object_r:lib_t
tclass=file
Jun 12 19:27:20 new2 kernel: audit(1087082831.142:0): avc: denied { getattr }
for pid=5774 exe=/sbin/depmod path=/lib/modules/2.6.6-1.427/build/init/Makefile dev=hda2 ino=525592 scontext=root:sysadm_r:depmod_t tcontext=system_u:object_r:lib_t tclass=file
Jun 12 19:27:20 new2 kernel: audit(1087082831.142:0): avc: denied { getattr }
for pid=5774 exe=/sbin/depmod path=/lib/modules/2.6.6-1.427/build/init/Kconfig
dev=hda2 ino=525591 scontext=root:sysadm_r:depmod_t tcontext=system_u:object_r:lib_t tclass=file
Jun 12 19:27:20 new2 kernel: audit(1087082831.142:0): avc: denied { write } for pid=5774 exe=/sbin/depmod name=2.6.6-1.427 dev=hda2 ino=525541 scontext=root:sysadm_r:depmod_t tcontext=system_u:object_r:lib_t tclass=dir
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]
Copyright © 2004 Red Hat, Inc. All rights reserved. Search by Google
Privacy Policy : Careers at Red Hat : Legal statement : Patent promise : Contact Red Hat
Log in to Your Account
