Filesystem problems

Filesystem problems

[Ignacio Tripodi]

I had a 2.4 kernel with SELinux enabled, could load a policy, relabeled the 
filesystem (ext3) and was able to see the extended attributes of all files. 
However, after I upgraded to the 2.6 SELinux kernel, I wasn't able to load 
the policy again. It still lets me in since I enabled the development mode 
but the tools don't recognize the running kernel as an SELinux-enabled 
kernel. Besides, this is what I get in the dmesg after it mounts the root 
filesystem:

security_context_to_sid: called before initial load_policy on unknown 
context system_u:object_
r:file_t
security_context_to_sid: called before initial load_policy on unknown 
context system_u:object_
r:root_t

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Filesystem problems

[Thorsten Kukuk]

On Tue, Oct 14, Ignacio Tripodi wrote:

> I had a 2.4 kernel with SELinux enabled, could load a policy, relabeled the 
> filesystem (ext3) and was able to see the extended attributes of all files. 
> However, after I upgraded to the 2.6 SELinux kernel, I wasn't able to load 
> the policy again. It still lets me in since I enabled the development mode 
> but the tools don't recognize the running kernel as an SELinux-enabled 
> kernel. Besides, this is what I get in the dmesg after it mounts the root 
> filesystem:
> 
> security_context_to_sid: called before initial load_policy on unknown 
> context system_u:object_
> r:file_t
> security_context_to_sid: called before initial load_policy on unknown 
> context system_u:object_
> r:root_t

With kernel 2.6.0-test7, I have a lot of ext3 problems with SELinux
enabled, which always ends in a filesystem crash and a necessary
fsck.ext3 run at the next boot. Don't know if this comes from the
usage of extended attributes or if ext3 itself is broken in 2.6.

  Thorsten

-- 
Thorsten Kukuk       http://www.suse.de/~kukuk/        kukuk@suse.de
SuSE Linux AG        Deutschherrnstr. 15-19        D-90429 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Filesystem problems

[James Morris]

On Tue, 14 Oct 2003, Ignacio Tripodi wrote:

> I had a 2.4 kernel with SELinux enabled, could load a policy, relabeled the 
> filesystem (ext3) and was able to see the extended attributes of all files. 
> However, after I upgraded to the 2.6 SELinux kernel, I wasn't able to load 
> the policy again. It still lets me in since I enabled the development mode 
> but the tools don't recognize the running kernel as an SELinux-enabled 
> kernel. Besides, this is what I get in the dmesg after it mounts the root 
> filesystem:
> 
> security_context_to_sid: called before initial load_policy on unknown 
> context system_u:object_
> r:file_t
> security_context_to_sid: called before initial load_policy on unknown 
> context system_u:object_
> r:root_t

Are you trying to load an initial policy via initrd?

- James
-- 
James Morris
<jmorris@redhat.com>



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Filesystem problems

[Ignacio Tripodi]

Quoting James Morris <jmorris@redhat.com>:
> Are you trying to load an initial policy via initrd?

Yes. I patched the mkinitrd script with the patch provided by the setools
package and created a new initrd image for this kernel. Since I haven't modified
any of the rc files myself I assume that's where it's trying to load the policy
from.

Ignacio

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Filesystem problems

[Stephen Smalley]

On Wed, 2003-10-15 at 03:29, Thorsten Kukuk wrote:
> With kernel 2.6.0-test7, I have a lot of ext3 problems with SELinux
> enabled, which always ends in a filesystem crash and a necessary
> fsck.ext3 run at the next boot. Don't know if this comes from the
> usage of extended attributes or if ext3 itself is broken in 2.6.

Details?  I haven't seen this yet with 2.6.0-test7 and ext3.  Did it
occur with 2.6.0-test6?

-- 
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Filesystem problems

[Thorsten Kukuk]

On Wed, Oct 15, Stephen Smalley wrote:

> On Wed, 2003-10-15 at 03:29, Thorsten Kukuk wrote:
> > With kernel 2.6.0-test7, I have a lot of ext3 problems with SELinux
> > enabled, which always ends in a filesystem crash and a necessary
> > fsck.ext3 run at the next boot. Don't know if this comes from the
> > usage of extended attributes or if ext3 itself is broken in 2.6.
> 
> Details?  I haven't seen this yet with 2.6.0-test7 and ext3.  Did it
> occur with 2.6.0-test6?

I don't know if it occur with 2.6.0-test6, normally I use reiserfs
or ext2 (with both I have no problems). It is the first time that
I use ext3 with 2.6.0.

If I make a clean shutdown and run a fsck.ext3 -f on the ext3
partition from a rescue system, fsck finds all kind of errors on
this device. Lost blocks, wrong number of blocks, ...
Sometimes grub is not able to read it at all.

  Thorsten

-- 
Thorsten Kukuk       http://www.suse.de/~kukuk/        kukuk@suse.de
SuSE Linux AG        Deutschherrnstr. 15-19        D-90429 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Filesystem problems

[Stephen Smalley]

On Wed, 2003-10-15 at 14:36, Thorsten Kukuk wrote:
> If I make a clean shutdown and run a fsck.ext3 -f on the ext3
> partition from a rescue system, fsck finds all kind of errors on
> this device. Lost blocks, wrong number of blocks, ...
> Sometimes grub is not able to read it at all.

What version of fsck?  There were issues with the EA support in older
versions of fsck, IIRC.

-- 
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.