On Sun, 2004-10-24 at 23:56, John Reiser wrote:
> I believe that I may have suffered a case where a fresh install of
> Fedora Core 3 [Test 3] with SELinux in targeted, permissive mode borked
> existing multi-booted installations of RedHat 9, RedHat 8.0, and RedHat
> 7.3 [separate ext3 root filesystems for each]. The typical symptom when
> booting an old system is a console message:
> Freeing unused kernel memory: 156k freed
> attempt to access beyond end of device
> 03:09: rw=0, want=1219858868, limit=5863693
> Kernel panic: No init found. Try passing init= option to kernel.
2.4 kernels < 2.4.25 had an issue in their fast symlink detection code
that would cause them to die in this manner upon accessing a fast
symlink with an extended attribute set on it. A fix was included in the
FC1 kernel starting with 2.4.22-1.2149.nptl.
> So, how do I recover? [I need to boot the old systems to support
> customers who run them.] What about a procedure like this:
In theory, you should be able to remove the SELinux attributes from the
filesystems if you want to use them with the older kernels, e.g. boot
FC3test3 with selinux=0, then run
find / -exec setfattr -x security.selinux {} \;
You need selinux=0 as SELinux won't let you remove them if it is active,
but you need a kernel that includes the xattr security handlers to
remove them, so you need a 2.6 kernel like the FC3test3 one.
--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency