From: Casey Schaufler <casey@schaufler-ca.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Ingo Molnar <mingo@elte.hu>, Tejun Heo <tj@kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-kernel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
Jens Axboe <jens.axboe@oracle.com>,
Thomas Gleixner <tglx@linutronix.de>,
"H. Peter Anvin" <hpa@zytor.com>, Yinghai Lu <yinghai@kernel.org>,
James Morris <jmorris@namei.org>,
Eric Paris <eparis@parisplace.org>
Subject: Re: [bug] latest -git boot hang
Date: Tue, 14 Oct 2008 18:48:16 -0700 [thread overview]
Message-ID: <48F54BE0.3090006@schaufler-ca.com> (raw)
In-Reply-To: <1223997856.5193.81.camel@moss-spartans.epoch.ncsc.mil>
Stephen Smalley wrote:
> On Tue, 2008-10-14 at 17:12 +0200, Ingo Molnar wrote:
>
>> * Stephen Smalley <sds@tycho.nsa.gov> wrote:
>>
>>
>>>> Right now i have about 40 such annotations for -tip testing:
>>>>
>>>> fs/Kconfig: depends on BROKEN_BOOT_ALLOWED
>>>> fs/Kconfig: depends on BROKEN_BOOT_ALLOWED
>>>> security/selinux/Kconfig: depends on BROKEN_BOOT_ALLOWED
>>>> security/smack/Kconfig: depends on BROKEN_BOOT_ALLOWED
>>>> security/Kconfig: depends on BROKEN_BOOT_ALLOWED
>>>>
>>> What in particular under fs/Kconfig and security/*Kconfig falls into
>>> this category, and why? What constitutes a "generic distro bootup"?
>>> For distros that support SELinux, it obviously shouldn't break the
>>> bootup (there have of course been cases where it has, but those were
>>> bugs that have been addressed, including the recent /proc/net
>>> breakage), and for other distros, it should yield no effect as no
>>> policy will be loaded and thus SELinux just allows everything.
>>>
>> got this one for rootplug:
>>
>> --- linux.orig/security/Kconfig
>> +++ linux/security/Kconfig
>> @@ -93,6 +93,11 @@ config SECURITY_FILE_CAPABILITIES
>> config SECURITY_ROOTPLUG
>> bool "Root Plug Support"
>> depends on USB=y && SECURITY
>> +
>> + # fails with hard-to-debug "could not find init" boot failure
>> + depends on BROKEN_BOOT_ALLOWED
>> + select BROKEN_BOOT
>>
>
> Makes sense - rootplug truly is "specialized".
>
>
>> and this one:
>>
>> --- linux.orig/security/selinux/Kconfig
>> +++ linux/security/selinux/Kconfig
>> @@ -97,6 +97,11 @@ config SECURITY_SELINUX_CHECKREQPROT_VAL
>> config SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT
>> bool "NSA SELinux enable new secmark network controls by default"
>> depends on SECURITY_SELINUX
>> +
>> + # old system booted up with this cannot ssh out
>> + depends on BROKEN_BOOT_ALLOWED
>> + select BROKEN_BOOT
>>
>
> What is the oldest distro you test against? This one does need to be
> disabled for distros that predate the policy support for secmark, but
> we'd really like to deprecate and ultimately remove the legacy network
> controls from SELinux.
>
>
>> i also have this temporary annotation:
>>
>> --- linux.orig/security/smack/Kconfig
>> +++ linux/security/smack/Kconfig
>> @@ -1,6 +1,9 @@
>> config SECURITY_SMACK
>> bool "Simplified Mandatory Access Control Kernel Support"
>> depends on NETLABEL && SECURITY_NETWORK
>> + # breaks networking (TCP connections)
>> + depends on BROKEN_BOOT_ALLOWED
>> + select BROKEN_BOOT
>> default n
>> help
>> This selects the Simplified Mandatory Access Control Kernel.
>>
>> has this problem been fixed? A test is only a success if the freshly
>> booted kernel can autonomously ssh out over a real network and can
>> indicate success to the QA server. I've got a good mix of old and new
>> distros as well.
>>
>
> I thought that Casey had changed Smack such that packets wouldn't be
> explicitly labeled by default when they were at the default/ambient
> network label and thus wouldn't break sshd.
>
Stephen is correct. The fix has been in for some time.
next prev parent reply other threads:[~2008-10-15 1:48 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-10 20:30 [bug] latest -git boot hang Ingo Molnar
2008-10-10 20:40 ` Ingo Molnar
2008-10-10 20:56 ` Ingo Molnar
2008-10-10 21:10 ` Linus Torvalds
2008-10-11 0:50 ` Tejun Heo
2008-10-11 1:42 ` H. Peter Anvin
2008-10-13 9:13 ` Tejun Heo
2008-10-13 11:07 ` [PATCH] block: add partition attribute for partition number Tejun Heo
2008-10-13 11:27 ` Jens Axboe
2008-10-11 7:11 ` [bug] latest -git boot hang Jens Axboe
2008-10-11 7:19 ` Ingo Molnar
2008-10-11 14:08 ` Jens Axboe
2008-10-11 14:33 ` Ingo Molnar
2008-10-11 14:39 ` Jens Axboe
2008-10-11 14:58 ` Ingo Molnar
2008-10-11 17:58 ` Jens Axboe
2008-10-13 6:41 ` [PATCH] block: add BIG FAT WARNING to CONFIG_DEBUG_BLOCK_EXT_DEVT Tejun Heo
2008-10-13 8:46 ` Jens Axboe
2008-10-14 15:15 ` Christoph Hellwig
2008-10-14 17:31 ` Tejun Heo
2008-10-14 15:07 ` [bug] latest -git boot hang Stephen Smalley
2008-10-14 15:12 ` Ingo Molnar
2008-10-14 15:24 ` Stephen Smalley
2008-10-15 1:48 ` Casey Schaufler [this message]
2008-10-13 8:41 ` Takashi Iwai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48F54BE0.3090006@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=akpm@linux-foundation.org \
--cc=eparis@parisplace.org \
--cc=hpa@zytor.com \
--cc=jens.axboe@oracle.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=sds@tycho.nsa.gov \
--cc=tglx@linutronix.de \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=yinghai@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.