Kernel oops on fc6 with non-mls policy

Kernel oops on fc6 with non-mls policy

[Joshua Brindle]

There seems to be a kernel oops on non-mls policies with the fc6 kernel.
It appears that netlabel is the culprit but I couldn't immediately track
down the issue, the mls functions all seem to be returning if mls is
disabled. The oops and ksymoops output is available at
http://pastebin.com/872996.

I have seen another that isn't there that happens on unix_stream_connect
and oopses in security_sid_mls_copy->ebitmap_cpy.

Is this a known issue?


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Kernel oops on fc6 with non-mls policy

[Eric Paris]

On Thu, 2007-02-01 at 14:58 -0500, Joshua Brindle wrote:
> There seems to be a kernel oops on non-mls policies with the fc6 kernel.
> It appears that netlabel is the culprit but I couldn't immediately track
> down the issue, the mls functions all seem to be returning if mls is
> disabled. The oops and ksymoops output is available at
> http://pastebin.com/872996.
> 
> I have seen another that isn't there that happens on unix_stream_connect
> and oopses in security_sid_mls_copy->ebitmap_cpy.
> 
> Is this a known issue?

http://marc2.theaimsgroup.com/?l=selinux&m=116920292206962&w=2

I believe.

Will get fixed in FC7 when the kernel gets new enough to pick it up from
upstream.  Will not get fixed in RHEL5 until U1.

-Eric


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Kernel oops on fc6 with non-mls policy

[Paul Moore]

On Thursday 01 February 2007 3:20 pm, Eric Paris wrote:
> On Thu, 2007-02-01 at 14:58 -0500, Joshua Brindle wrote:
> > There seems to be a kernel oops on non-mls policies with the fc6 kernel.
> > It appears that netlabel is the culprit but I couldn't immediately track
> > down the issue, the mls functions all seem to be returning if mls is
> > disabled. The oops and ksymoops output is available at
> > http://pastebin.com/872996.
> >
> > I have seen another that isn't there that happens on unix_stream_connect
> > and oopses in security_sid_mls_copy->ebitmap_cpy.
> >
> > Is this a known issue?
>
> http://marc2.theaimsgroup.com/?l=selinux&m=116920292206962&w=2
>
> I believe.
>
> Will get fixed in FC7 when the kernel gets new enough to pick it up from
> upstream.  Will not get fixed in RHEL5 until U1.

I think Eric is correct.  Josh, any chance you can grab a 2.6.20-rc7 and 
verify that is does indeed fix the problem (or perhaps a recent Rawhide 
kernel as I believe those are based off the 2.6.20-rc stream)?

-- 
paul moore
linux security @ hp

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Kernel oops on fc6 with non-mls policy

[Paul Moore]

On Thursday 01 February 2007 3:20 pm, Eric Paris wrote:
> On Thu, 2007-02-01 at 14:58 -0500, Joshua Brindle wrote:
> > There seems to be a kernel oops on non-mls policies with the fc6 kernel.
> > It appears that netlabel is the culprit but I couldn't immediately track
> > down the issue, the mls functions all seem to be returning if mls is
> > disabled. The oops and ksymoops output is available at
> > http://pastebin.com/872996.
> >
> > I have seen another that isn't there that happens on unix_stream_connect
> > and oopses in security_sid_mls_copy->ebitmap_cpy.
> >
> > Is this a known issue?
>
> http://marc2.theaimsgroup.com/?l=selinux&m=116920292206962&w=2
>
> I believe.
>
> Will get fixed in FC7 when the kernel gets new enough to pick it up from
> upstream.  Will not get fixed in RHEL5 until U1.

Sorry, I hit send on the other email too soon ...

I also pushed this to the 2.6.19-stable tree and I received mail this Tuesday 
that it has been queued up for the next stable release.  Does FC pull updated 
stable kernels (i.e. will this get fixed before FC7)?

-- 
paul moore
linux security @ hp

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Kernel oops on fc6 with non-mls policy

[Eric Paris]

On Thu, 2007-02-01 at 19:40 -0500, Paul Moore wrote:
> On Thursday 01 February 2007 3:20 pm, Eric Paris wrote:
> > On Thu, 2007-02-01 at 14:58 -0500, Joshua Brindle wrote:
> > > There seems to be a kernel oops on non-mls policies with the fc6 kernel.
> > > It appears that netlabel is the culprit but I couldn't immediately track
> > > down the issue, the mls functions all seem to be returning if mls is
> > > disabled. The oops and ksymoops output is available at
> > > http://pastebin.com/872996.
> > >
> > > I have seen another that isn't there that happens on unix_stream_connect
> > > and oopses in security_sid_mls_copy->ebitmap_cpy.
> > >
> > > Is this a known issue?
> >
> > http://marc2.theaimsgroup.com/?l=selinux&m=116920292206962&w=2
> >
> > I believe.
> >
> > Will get fixed in FC7 when the kernel gets new enough to pick it up from
> > upstream.  Will not get fixed in RHEL5 until U1.
> 
> Sorry, I hit send on the other email too soon ...
> 
> I also pushed this to the 2.6.19-stable tree and I received mail this Tuesday 
> that it has been queued up for the next stable release.  Does FC pull updated 
> stable kernels (i.e. will this get fixed before FC7)?

Yes they do.  I meant FC6.  (but it will work in 7 too)

-Eric


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Kernel oops on fc6 with non-mls policy

[Brian M. Williams]

>-----Original Message-----
>From: owner-selinux@tycho.nsa.gov [mailto:owner-selinux@tycho.nsa.gov]
On Behalf Of Eric Paris
>Sent: Thursday, February 01, 2007 3:20 PM
>To: Joshua Brindle
>Cc: selinux@tycho.nsa.gov; Stephen Smalley; Karl MacMillan; Paul Moore;
James Morris
>Subject: Re: Kernel oops on fc6 with non-mls policy
>
>On Thu, 2007-02-01 at 14:58 -0500, Joshua Brindle wrote:
>> There seems to be a kernel oops on non-mls policies with the fc6
kernel.
>> It appears that netlabel is the culprit but I couldn't immediately
track
>> down the issue, the mls functions all seem to be returning if mls is
>> disabled. The oops and ksymoops output is available at
>> http://pastebin.com/872996.
>>
>> I have seen another that isn't there that happens on
unix_stream_connect
>> and oopses in security_sid_mls_copy->ebitmap_cpy.
>>
>> Is this a known issue?
>
>http://marc2.theaimsgroup.com/?l=selinux&m=116920292206962&w=2
>
>I believe.
>
>Will get fixed in FC7 when the kernel gets new enough to pick it up
from
>upstream.  Will not get fixed in RHEL5 until U1.

I just tried to run a RHEL5 U1 system with a non-mls policy and this
appears to still be a problem, are there plans to fix the bug in U2?

Brian

>
>-Eric
>
>
>--
>This message was distributed to subscribers of the selinux mailing
list.
>If you no longer wish to subscribe, send mail to
majordomo@tycho.nsa.gov with
>the words "unsubscribe selinux" without quotes as the message.


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Kernel oops on fc6 with non-mls policy

[Eric Paris]

On Wed, 2007-11-14 at 16:23 -0500, Brian M. Williams wrote:
> >-----Original Message-----
> >From: owner-selinux@tycho.nsa.gov [mailto:owner-selinux@tycho.nsa.gov]
> On Behalf Of Eric Paris
> >Sent: Thursday, February 01, 2007 3:20 PM
> >To: Joshua Brindle
> >Cc: selinux@tycho.nsa.gov; Stephen Smalley; Karl MacMillan; Paul Moore;
> James Morris
> >Subject: Re: Kernel oops on fc6 with non-mls policy
> >
> >On Thu, 2007-02-01 at 14:58 -0500, Joshua Brindle wrote:
> >> There seems to be a kernel oops on non-mls policies with the fc6
> kernel.
> >> It appears that netlabel is the culprit but I couldn't immediately
> track
> >> down the issue, the mls functions all seem to be returning if mls is
> >> disabled. The oops and ksymoops output is available at
> >> http://pastebin.com/872996.
> >>
> >> I have seen another that isn't there that happens on
> unix_stream_connect
> >> and oopses in security_sid_mls_copy->ebitmap_cpy.
> >>
> >> Is this a known issue?
> >
> >http://marc2.theaimsgroup.com/?l=selinux&m=116920292206962&w=2
> >
> >I believe.
> >
> >Will get fixed in FC7 when the kernel gets new enough to pick it up
> from
> >upstream.  Will not get fixed in RHEL5 until U1.
> 
> I just tried to run a RHEL5 U1 system with a non-mls policy and this
> appears to still be a problem, are there plans to fix the bug in U2?

Yeah, it got oh the wrong list internally and wasn't posted until Oct
22.  So U1 is busted as well and you won't see a public fix until
RHEL5U2.  I'm really sorry to everyone who want to turn MLS off.

-Eric "bad at filing paperwork" Paris


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.