[SELinux] Boot fail due to checking root file system fail

Simon Brandmair Sat, 29 Jan 2011 08:42:14 -0800

Hi,

booting debian squeeze with selinux fails with following error (without 
selinux it boots fine):


"Checking root file system...failed (code8)."
and I get a root login prompt.

What am I missing to make my standard installation boot?

# sestatus 
        SELinux status:                 enabled
        SELinuxfs mount:                /selinux
        Current mode:                   permissive
        Mode from config file:          permissive
        Policy version:                 24
        Policy from config file:        default


# dmesg after boot fail

SELinux: 8192 avtab hash slots, 37757 rules.
SELinux: 8192 avtab hash slots, 37757 rules.
SELinux:  6 users, 7 roles, 1142 types, 42 bools, 1 sens, 1024 cats
SELinux:  73 classes, 37757 rules
SELinux:  class kernel_service not defined in policy
SELinux:  class tun_socket not defined in policy
SELinux:  permission open in class sock_file not defined in policy
SELinux:  permission module_request in class system not defined in policy
SELinux:  permission nlmsg_tty_audit in class netlink_audit_socket not 
defined in policy
SELinux: the above unknown classes and permissions will be denied
SELinux:  Completing initialization.
SELinux:  Setting up existing superblocks.
SELinux: initialized (dev sda2, type ext3), uses xattr
SELinux: initialized (dev selinuxfs, type selinuxfs), uses genfs_contexts
SELinux: initialized (dev mqueue, type mqueue), uses transition SIDs
SELinux: initialized (dev devpts, type devpts), uses transition SIDs
SELinux: initialized (dev inotifyfs, type inotifyfs), uses genfs_contexts
SELinux: initialized (dev anon_inodefs, type anon_inodefs), uses 
genfs_contexts
SELinux: initialized (dev pipefs, type pipefs), uses task SIDs
SELinux: initialized (dev sockfs, type sockfs), uses task SIDs
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
SELinux: initialized (dev proc, type proc), uses genfs_contexts
SELinux: initialized (dev bdev, type bdev), uses genfs_contexts
SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts
SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts
type=1403 audit(1296317333.486:2): policy loaded auid=4294967295 
ses=4294967295
type=1400 audit(1296317333.798:3): avc:  denied  { read write } for  
pid=348 comm="mountpoint" name="console" dev=sda2 ino=1262391 
scontext=system_u:system_r:mount_t:s
0 tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317333.798:4): avc:  denied  { read write } for  
pid=348 comm="mountpoint" path="/dev/console" dev=sda2 ino=1262391 
scontext=system_u:system_r:moun
t_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317333.798:5): avc:  denied  { read write } for  
pid=348 comm="mountpoint" path="/dev/console" dev=sda2 ino=1262391 
scontext=system_u:system_r:mount_t:s0 
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317333.798:6): avc:  denied  { read write } for  
pid=348 comm="mountpoint" path="/dev/console" dev=sda2 ino=1262391 
scontext=system_u:system_r:mount_t:s0 
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317333.890:7): avc:  denied  { read write } for  
pid=355 comm="mount" name="console" dev=sda2 ino=1262391 
scontext=system_u:system_r:mount_t:s0 
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317333.890:8): avc:  denied  { read write } for  
pid=355 comm="mount" path="/dev/console" dev=sda2 ino=1262391 
scontext=system_u:system_r:mount_t:s0 
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317333.890:9): avc:  denied  { read write } for  
pid=355 comm="mount" path="/dev/console" dev=sda2 ino=1262391 
scontext=system_u:system_r:mount_t:s0 
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317333.890:10): avc:  denied  { read write } for  
pid=355 comm="mount" path="/dev/console" dev=sda2 ino=1262391 
scontext=system_u:system_r:mount_t:s0 
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
__ratelimit: 333 callbacks suppressed
type=1400 audit(1296317345.187:122): avc:  denied  { read write } for  
pid=466 comm="mountpoint" name="console" dev=sda2 ino=1262391 
scontext=system_u:system_r:mount_t
:s0 tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317345.187:123): avc:  denied  { read write } for  
pid=466 comm="mountpoint" path="/dev/console" dev=sda2 ino=1262391 
scontext=system_u:system_r:mount_t:s0 
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317345.187:124): avc:  denied  { read write } for  
pid=466 comm="mountpoint" path="/dev/console" dev=sda2 ino=1262391 
scontext=system_u:system_r:mount_t:s0 
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317345.191:125): avc:  denied  { read write } for  
pid=467 comm="mountpoint" name="console" dev=sda2 ino=1262391 
scontext=system_u:system_r:mount_t:s0 
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317345.191:126): avc:  denied  { read write } for  
pid=467 comm="mountpoint" path="/dev/console" dev=sda2 ino=1262391 
scontext=system_u:system_r:mount_t:s0 
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317345.191:127): avc:  denied  { read write } for  
pid=467 comm="mountpoint" path="/dev/console" dev=sda2 ino=1262391 
scontext=system_u:system_r:mount_t:s0 
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317345.191:128): avc:  denied  { read write } for  
pid=468 comm="mountpoint" name="console" dev=sda2 ino=1262391 
scontext=system_u:system_r:mount_t:s0 
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317345.191:129): avc:  denied  { read write } for  
pid=468 comm="mountpoint" path="/dev/console" dev=sda2 ino=1262391 
scontext=system_u:system_r:mount_t:s0 
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317345.191:130): avc:  denied  { read write } for  
pid=468 comm="mountpoint" path="/dev/console" dev=sda2 ino=1262391 
scontext=system_u:system_r:mount_t:s0 
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317345.199:131): avc:  denied  { read write } for  
pid=472 comm="mount" name="console" dev=sda2 ino=1262391 
scontext=system_u:system_r:mount_t:s0 
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
__ratelimit: 63 callbacks suppressed
type=1400 audit(1296317352.483:153): avc:  denied  { search } for  pid=496 
comm="sulogin" name="root" dev=sda2 ino=491521 
scontext=system_u:system_r:sulogin_t:s0 
tcontext=unconfined_u:object_r:unconfined_home_dir_t:s0 tclass=dir
type=1400 audit(1296317352.515:154): avc:  denied  { module_request } 
for  pid=496 comm="bash" scontext=system_u:system_r:sysadm_t:s0 
tcontext=system_u:system_r:kernel_t:s0 tclass=system
type=1400 audit(1296317352.515:155): avc:  denied  { module_request } 
for  pid=496 comm="bash" scontext=system_u:system_r:sysadm_t:s0 
tcontext=system_u:system_r:kernel_t:s0 tclass=system
type=1400 audit(1296317374.037:156): avc:  denied  { module_request } 
for  pid=502 comm="ls" scontext=system_u:system_r:sysadm_t:s0 
tcontext=system_u:system_r:kernel_t:s0 tclass=system
type=1400 audit(1296317374.037:157): avc:  denied  { module_request } 
for  pid=502 comm="ls" scontext=system_u:system_r:sysadm_t:s0 
tcontext=system_u:system_r:kernel_t:s0 tclass=system
type=1400 audit(1296317374.037:158): avc:  denied  { module_request } 
for  pid=502 comm="ls" scontext=system_u:system_r:sysadm_t:s0 
tcontext=system_u:system_r:kernel_t:s0 tclass=system
type=1400 audit(1296317374.037:159): avc:  denied  { module_request } 
for  pid=502 comm="ls" scontext=system_u:system_r:sysadm_t:s0 
tcontext=system_u:system_r:kernel_t:s0 tclass=system
type=1400 audit(1296317374.037:160): avc:  denied  { module_request } 
for  pid=502 comm="ls" scontext=system_u:system_r:sysadm_t:s0 
tcontext=system_u:system_r:kernel_t:s0 tclass=system
type=1400 audit(1296317374.049:161): avc:  denied  { module_request } 
for  pid=502 comm="ls" scontext=system_u:system_r:sysadm_t:s0 
tcontext=system_u:system_r:kernel_t:s0 tclass=system
type=1400 audit(1296317374.049:162): avc:  denied  { module_request } 
for  pid=502 comm="ls" scontext=system_u:system_r:sysadm_t:s0 
tcontext=system_u:system_r:kernel_t:s0 tclass=system
type=1400 audit(1296317374.049:163): avc:  denied  { module_request } 
for  pid=502 comm="ls" scontext=system_u:system_r:sysadm_t:s0 
tcontext=system_u:system_r:kernel_t:s0 tclass=system
type=1400 audit(1296317374.049:164): avc:  denied  { module_request } 
for  pid=502 comm="ls" scontext=system_u:system_r:sysadm_t:s0 
tcontext=system_u:system_r:kernel_t:s0 tclass=system
type=1400 audit(1296317374.049:165): avc:  denied  { module_request } 
for  pid=502 comm="ls" scontext=system_u:system_r:sysadm_t:s0 
tcontext=system_u:system_r:kernel_t:s0 tclass=system


Cheers,
Simon


-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/ii1f3l$mpu$00$1...@news.t-online.com

[SELinux] Boot fail due to checking root file system fail

Reply via email to