On Mon, 2010-05-24 at 15:07 -0400, Stephen Smalley wrote: > On Mon, 2010-05-24 at 11:54 -0700, Karl-Michael Schneider wrote: > > I have fc12 installed on a Lenovo R61 laptop with two kernels: > > > > kernel-2.6.31.12-174.2.22.fc12.i686 > > kernel-2.6.32.12-115.fc12.i686 > > > > The 2.6.31 kernel has no problem. But when I try to boot the 2.6.32 > > kernel it fails because SELinux is blocking access to device nodes. I > > can only boot the 2.6.32 kernel in single user mode. The reason is > > that /dev and all files in it have no type: > > > > $ ls -lZ /dev > > crw-------. root root system_u:object_r:unlabeled_t:s0 agpgart > <snip> > > The filesystem is ext3 on LVM: > > > > $ cat /etc/fstab > > /dev/VolGroup00/LogVol00 / ext3 defaults 1 1 > > ... > > > > The filesystem was created when I installed FC9. Later I upgraded to > > FC12. But the problem only appeared when the kernel was updated from > > 2.6.31 to 2.6.32. All 2.6.32 kernels so far had the same problem. > > > > I have already relabeled the filesystem, but it didn't help. I tried > > restorecon -R -v /dev after booting the 2.6.32 kernel but it didn't do > > anything. > > Sounds like the devtmpfs mount with a policy that doesn't know about it. > dmesg | grep SELinux > grep /dev /proc/mounts I suspect your policy update didn't go cleanly and aborted during %post, especially if you tried going all the way from F9 to F12. I'd suggest doing: mv /etc/selinux/targeted /etc/selinux/targeted.orig yum reinstall selinux-policy-targeted -- Stephen Smalley National Security Agency -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
