LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Kernel (https://www.linuxquestions.org/questions/linux-kernel-70/)
-   -   rhel 4 - new kernel 2.6.27-10 - now SELinux causes kernel panic (https://www.linuxquestions.org/questions/linux-kernel-70/rhel-4-new-kernel-2-6-27-10-now-selinux-causes-kernel-panic-699976/)

legcard 01-26-2009 12:20 PM
rhel 4 - new kernel 2.6.27-10 - now SELinux causes kernel panic
 
After a lot of research and flailing, I have updated/compiled a new kernel (2.6.27.10) on one of my RHEL 4.6 test servers. Bugs in kernel 2.6. 25 and below were reason for kernel upgrade.

After successful rebuild, and everything works after a reboot, I decided to turn on SELinux (enforcing - targeted). I editted the /etc/selinux/config file for that. We had policy.18 in /etc/selinux/targeted/policy. Rebooted.

I got a kernel panic: policy not loaded.

I had specifically not asked for SELinux (during xconfig) as 2.6.27-10 offers policy.19 and I had learned that RHEL 4 only works with policy.18.

So I got an selinux-policy-targeted.1.17.30-2.150.el4.rpm from RHN and installed that after doing a rpm -e selinux-policy-targeted. I installed (rpm -ivh) the new copy of policy.18 and still got the panic. If I put it in permissive mode, it boots ok. Hmm, I need enforcing.

I thought that maybe I needed to compile the policy so I downloaded the src (selinux-policy-targeted.1.17.30-2.150.el4.src.rpm)

rpm -ivh --replacepkgs selinux-policy-targeted.1.17.30-2.150.el4.src.rpm

and got several errors about missing brewbuild user and brewbuilder group ...using root and then got the 100%.

I went to /etc/selinux/targeted/policy expecting to find a src directory. No source. And an rpm -q says that selinux-policy-targeted is not loaded. Huh? /selinux exists but is empty. There is no /etc/selinux/sestatus.conf file as described in man pages. Did a "find / -name src" and found only known sources. Where did it put this so-called source. And maybe I could just load a binary source (vice compile) but it kernel panics for binary policy files, too.

I would appreciate any advice about getting past this "policy not loaded" error.

unSpawn 02-05-2009 04:36 PM
Quote:
Originally Posted by legcard (Post 3421835)
I had specifically not asked for SELinux (during xconfig)
If you compile the kernel with all or one of SE Linux options, CONFIG_AUDIT or XATTRs missing (that si, if I understand your post correctly), then I can't understand why loading any policy into such a kernel should work?

anomie 02-05-2009 04:56 PM
@legcard: You downloaded / compiled / installed a vanilla kernel or what? Is there a reason you are still not using up2date?

slimm609 02-09-2009 08:09 PM
Sorry to be a little late but if you installed the src rpm it installs to /usr/src/redhat/

it would be in the SOURCES dir in that folder


All times are GMT -5. The time now is 07:59 PM.