oops on policy load (PPC)

oops on policy load (PPC)

[Chris PeBenito]

I get this oops on the first time the policy is loaded (2.6.0-test2-bk3
on PPC):

security:  4 users, 6 roles, 334 types
security:  30 classes, 22358 rules
SELinux:  Completing initialization.
SELinux:  Setting up existing superblocks.
SELinux: initialized (dev 0:d, type nfs), uses genfs_contexts
SELinux: initialized (dev , type rpc_pipefs), not configured for
labeling
SELinux: initialized (dev , type selinuxfs), uses genfs_contexts
Oops: kernel access of bad area, sig: 11 [#1]
NIP: C00F5208 LR: C00F5FFC SP: CCFD7C30 REGS: ccfd7b80 TRAP: 0301    Not
tainted
MSR: 00001032 EE: 0 PR: 0 FP: 0 ME: 1 IR/DR: 11
DAR: 01000003, DSISR: 40000000
TASK = cd3eaa80[3202] 'load_policy' Last syscall: 4
GPR00: 0000000C CCFD7C30 CD3EAA80 01000003 FFFFFFFE C01E9BC8 CCFD7CD0
0000000A
GPR08: 00000000 01000003 FFFFFFFF CCFD7C68 53000033
Call trace:
 [c001a598] printk+0x9c/0x204
 [c00e5d30] superblock_doinit+0x184/0x270
 [c00eabe4] selinux_complete_init+0x108/0x220
 [c00f17f4] security_load_policy+0x10c/0x2f0
 [c00eb11c] sel_write_load+0xd4/0x118
 [c00561d0] vfs_write+0x10c/0x154
 [c00562cc] sys_write+0x40/0x74
 [c0005abc] ret_from_syscall+0x0/0x44
note: load_policy[3202] exited with preempt_count 1

The policy actually does get loaded, as I start getting denials.  It
looks like the oops is related to the filesystem initializations; if I
load the policy after this, it doesn't oops.  If I unmount /boot and
then mount it, the mount command hangs, and I dont get the kernel
messages saying that it was initialized for SELinux.


I also get a problem relabeling:

beta policy-dev # make relabel
/usr/sbin/setfiles file_contexts/file_contexts `mount | awk
'/ext[23]/{print $3}'`
/usr/sbin/setfiles:  Using extended attributes (default)
/usr/sbin/setfiles:  read 389 specifications
/usr/sbin/setfiles:  labeling files under /
/: Function not implemented
/usr/sbin/setfiles:  unable to obtain attribute for file /
/usr/sbin/setfiles:  error while labeling files under /
make: *** [relabel] Error 1

but I suspect its related to that oops, since it never says / is
initialized.  I can use getfattr and setfattr to manually set
security.selinux, so the xattr support is certainly enabled.

-- 
Chris PeBenito
<pebenito@gentoo.org>
Developer, SELinux
Hardened Gentoo Linux
 
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
Key fingerprint = B0E6 877A 883F A57A 8E6A  CB00 BC8E E42D E6AF 9243

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: oops on policy load (PPC)

[Stephen Smalley]

On Mon, 2003-08-04 at 16:33, Chris PeBenito wrote:
> I get this oops on the first time the policy is loaded (2.6.0-test2-bk3
> on PPC):

Did you perform the initial policy load from an initrd before the real
root filesystem is mounted, as described in the selinux-doc README?  You
still shouldn't encounter an Oops, but you do need to perform the
initial policy load early in order for the system to operate properly,
e.g. initial domain transitions upon executing init.

-- 
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: oops on policy load (PPC)

[Chris PeBenito]

I get the oops the first time policy is loaded any way its loaded, from
the initrd, or otherwise.

On Tue, 2003-08-05 at 07:34, Stephen Smalley wrote:
> On Mon, 2003-08-04 at 16:33, Chris PeBenito wrote:
> > I get this oops on the first time the policy is loaded (2.6.0-test2-bk3
> > on PPC):
> 
> Did you perform the initial policy load from an initrd before the real
> root filesystem is mounted, as described in the selinux-doc README?  You
> still shouldn't encounter an Oops, but you do need to perform the
> initial policy load early in order for the system to operate properly,
> e.g. initial domain transitions upon executing init.
-- 
Chris PeBenito
<pebenito@gentoo.org>
Developer, SELinux
Hardened Gentoo Linux
 
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
Key fingerprint = B0E6 877A 883F A57A 8E6A  CB00 BC8E E42D E6AF 9243

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: oops on policy load (PPC)

[Chris PeBenito]

Ok, sorry I take it back.  I finally got it to load w/o oopsing in the
initrd.  Perhaps it was lack of sleep.  :\  While its not useful to do
the initial policy load after the machine is already started up, it
still shouldn't have oopsed, however.

On Tue, 2003-08-05 at 23:58, Chris PeBenito wrote:
> I get the oops the first time policy is loaded any way its loaded, from
> the initrd, or otherwise.
-- 
Chris PeBenito
<pebenito@gentoo.org>
Developer, SELinux
Hardened Gentoo Linux
 
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
Key fingerprint = B0E6 877A 883F A57A 8E6A  CB00 BC8E E42D E6AF 9243

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.