selinux September 2007 archive
Main Archive Page > Month Archives  > selinux archives
selinux: RE: Kernel panic when using refpolicy

RE: Kernel panic when using refpolicy

From: Brian M. Williams <bwilliams_at_nospam>
Date: Fri Sep 07 2007 - 17:50:16 GMT
To: "Kim Lawson-Jenkins" <lawson@itd.nrl.navy.mil>, <selinux@tycho.nsa.gov>


Please check which type of policy that you compiled in the build.conf, in RHEL5 if you build a non-mls non-mcs policy the system will not boot. There is a bug in the RHEL5 kernel that will not be fixed until RHEL5 U1.

> -----Original Message-----
> From: owner-selinux@tycho.nsa.gov
> [mailto:owner-selinux@tycho.nsa.gov] On Behalf Of Kim Lawson-Jenkins
> Sent: Friday, September 07, 2007 14:15
> To: selinux@tycho.nsa.gov
> Subject: Kernel panic when using refpolicy
>
>
> Hi,
>
> I'm running RHEL5. I downloaded refpolicy-20070629.tar.bz2 and
> selinux-refpolicy-sources-20070629-1.noarch.rpm and installed
> the files for
> the reference policy. When rebooting the system there was a
> fatal error -
> Kernel panic - not syncing: Fatal exception.
>
> There were many unknown Boolean errors for
> libsepol.load.booleans and there
> was the following error -
> libsepol.sepol_genbools: error while reading
> /etc/selinux/refpolicy/Booleans
>
> It looks like ifconfig was running when the kernel panic occurred. To
> recover booted into single-user mode and changed the
> SELINUXTYPE in the file
> /etc/selinux/config from refpolicy to targeted. I can easily
> repeat the
> problem by using the SELinux Management Tool to change the
> System Default
> Policy Type from targeted to refpolicy and rebooting. I've
> looked at all of
> the documentation to see if I missed a step or downloaded an
> incorrect file
> but I can't find anything. Can anyone give me some insight
> into what the
> problem may be? Thanks in advance for a response.
>
> Kim
>
>
> --
> This message was distributed to subscribers of the selinux
> mailing list.
> If you no longer wish to subscribe, send mail to
> majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
>
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.

   © Copyright 2012 Guardian Digital, Inc. All Rights Reserved.