Re: [Bug #11500] /proc/net bug related to selinux

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Andrew Morton

Subject: Re: [Bug #11500] /proc/net bug related to selinux

Date: Saturday, September 13, 2008 - 12:37 pm

On Sat, 13 Sep 2008 10:15:43 +1000 (EST) James Morris <jmorris@namei.org> wrote:

quoted text> On Fri, 12 Sep 2008, Andrew Morton wrote:
> 
> > > > Bug-Entry	: http://bugzilla.kernel.org/show_bug.cgi?id=11500
> > > > Subject		: /proc/net bug related to selinux
> > > > Submitter	: Andrew Morton <akpm@linux-foundation.org>
> > > > Date		: 2008-09-04 17:45 (9 days old)
> > > > References	: http://marc.info/?l=linux-kernel&m=122055041313270&w=4
> > > 
> > > I think this might be a regression caused by namespace changes which we 
> 
> By which I mean, this was caused by a non-SELinux change to the upstream 
> kernel many, many eons ago.

hm, seems that 2.6.24 is OK but 2.6.25 is not.  I must have missed the
bug when testing 2.6.25-based kernels.

I started a git bisection search but after half an hour I hit bad
bisection breakage: a complete machine hang in fib_rules_init().

quoted text> > > addressed in SELinux policy.  Which distro version & policy version is 
> > > this seen with?
> > > 
> > 
> > FC5 on x86_32 and FC6 on x86_64.
> 
> As mentioned in the bugzilla, any related avc messages would be useful.

2.6.25 dmesg: http://userweb.kernel.org/~akpm/dmesg-sony.txt
/var/log/messages: http://userweb.kernel.org/~akpm/messages-sony.txt

The latter includes this:

Sep 13 12:32:43 sony kernel: SELinux:  class key not defined in policy
Sep 13 12:32:43 sony kernel: SELinux:  class dccp_socket not defined in policy
Sep 13 12:32:43 sony kernel: SELinux:  class memprotect not defined in policy
Sep 13 12:32:43 sony kernel: SELinux:  class peer not defined in policy
Sep 13 12:32:43 sony kernel: SELinux:  class capability2 not defined in policy
Sep 13 12:32:43 sony kernel: SELinux:  permission open in class dir not defined in policy
Sep 13 12:32:43 sony kernel: SELinux:  permission open in class file not defined in policy
Sep 13 12:32:43 sony kernel: SELinux:  permission open in class chr_file not defined in policy
Sep 13 12:32:43 sony kernel: SELinux:  permission open in class blk_file not defined in policy
Sep 13 12:32:43 sony kernel: SELinux:  permission open in class fifo_file not defined in policy
Sep 13 12:32:43 sony kernel: SELinux:  permission dccp_recv in class node not defined in policy
Sep 13 12:32:43 sony kernel: SELinux:  permission dccp_send in class node not defined in policy
Sep 13 12:32:43 sony kernel: SELinux:  permission recvfrom in class node not defined in policy
Sep 13 12:32:43 sony kernel: SELinux:  permission sendto in class node not defined in policy
Sep 13 12:32:43 sony kernel: SELinux:  permission dccp_recv in class netif not defined in policy
Sep 13 12:32:43 sony kernel: SELinux:  permission dccp_send in class netif not defined in policy
Sep 13 12:32:43 sony kernel: SELinux:  permission ingress in class netif not defined in policy
Sep 13 12:32:43 sony kernel: SELinux:  permission egress in class netif not defined in policy
Sep 13 12:32:44 sony kernel: SELinux:  permission setkeycreate in class process not defined in policy
Sep 13 12:32:44 sony kernel: SELinux:  permission setsockcreate in class process not defined in policy
Sep 13 12:32:44 sony kernel: SELinux:  permission setfcap in class capability not defined in policy
Sep 13 12:32:44 sony kernel: SELinux:  permission polmatch in class association not defined in policy
Sep 13 12:32:44 sony kernel: SELinux:  permission flow_in in class packet not defined in policy
Sep 13 12:32:44 sony kernel: SELinux:  permission flow_out in class packet not defined in policy
Sep 13 12:32:44 sony kernel: SELinux:  permission forward_in in class packet not defined in policy
Sep 13 12:32:44 sony kernel: SELinux:  permission forward_out in class packet not defined in policy
Sep 13 12:32:44 sony kernel: SELinux: the above unknown classes and permissions will be denied
Sep 13 12:32:44 sony kernel: type=1403 audit(1221309118.644:3): policy loaded auid=4294967295 ses=4294967295
Sep 13 12:32:44 sony kernel: type=1400 audit(1221334321.726:4): avc:  denied  { audit_write } for  pid=400 comm="hwclock" capability=29 scontext=system_u:system_r:hwclock_t:s0 tcontext=system_u:system_r:hwclock_t:s0 tclass=capability


Why am I seeing this on two machines and two vanilla-installed distros
but nobody else is reporting it?


--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

2.6.27-rc6-git2: Reported regressions from 2.6.26, Rafael J. Wysocki, (Fri Sep 12, 11:59 am)

[Bug #11207] VolanoMark regression with 2.6.27-rc1, Rafael J. Wysocki, (Fri Sep 12, 11:59 am)

[Bug #11215] INFO: possible recursive locking detected ps2 ..., Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11220] Screen stays black after resume, Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11210] libata badness, Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11237] corrupt PMD after resume, Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11230] Kconfig no longer outputs a .config with fres ..., Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11224] Only three cores found on quad-core machine., Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11272] BUG: parport_serial in 2.6.27-rc1 for NetMos ..., Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11276] build error: CONFIG_OPTIMIZE_INLINING=y cause ..., Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11271] BUG: fealnx in 2.6.27-rc1, Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11264] Invalid op opcode in kernel/workqueue, Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11340] LTP overnight run resulted in unusable box, Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11336] 2.6.27-rc2:stall while mounting root fs, Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11335] 2.6.27-rc2-git5 BUG: unable to handle kernel ..., Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11308] tbench regression on each kernel release from ..., Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11357] Can not boot up with zd1211rw USB-Wlan Stick, Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11358] net: forcedeth call restore mac addr in nv_sh ..., Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11380] lockdep warning: cpu_add_remove_lock at:cpu_m ..., Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11343] SATA Cold Boot Problems with 2.6.27-rc[23] on ..., Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11398] hda_intel: IRQ timing workaround is activated ..., Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11382] e1000e: 2.6.27-rc1 corrupts EEPROM/NVM, Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11404] BUG: in 2.6.23-rc3-git7 in do_cciss_intr, Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11465] Linux-2.6.27-rc5, drm errors in log, Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11463] sshd hangs on close, Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11459] kernel crash after wifi connection established, Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11442] btusb hibernation/suspend breakage in current ..., Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11439] [2.6.27-rc4-git4] compilation warnings, Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11407] suspend: unable to handle kernel paging request, Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11471] GPE storm detected, kernel freezes, Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11501] Failed to open destination file: Permission d ..., Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11485] 2.6.27-rc xen pvops regression?, Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11500] /proc/net bug related to selinux, Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11476] failure to associate after resume from suspen ..., Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11507] usb: sometimes dead keyboard after boot, Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11506] oops during unmount - ext3? (2.6.27-rc5), Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11505] oltp ~10% regression with 2.6.27-rc5 on stoak ..., Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11547] build issue #565 for v2.6.27-rc5 : undefined ..., Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11548] kernel BUG at drivers/pci/intel-iommu.c:1373!, Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11549] 2.6.27-rc5 acpi: EC Storm error message on bootup, Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11516] severe performance degradation on x86_64 goin ..., Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11512] sort-of regression due to "kconfig: speed up ..., Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11554] Partition check considered as error is breaki ..., Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11553] Strange looking line from "ps aux", Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11551] Semi-repeatable hard lockup on 2.6.27-rc6, Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11550] pnp: Huge number of "io resource overlap" mes ..., Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11552] Disabling IRQ #23, Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11559] 2.6.27-rc6: nohz + s2ram = need to press keys ..., Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11557] Controlling backlight on thinkpad x60, Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

[Bug #11556] e100: PCI wake-up handling rework causes "Err ..., Rafael J. Wysocki, (Fri Sep 12, 12:06 pm)

Re: [Bug #11276] build error: CONFIG_OPTIMIZE_INLINING=y c ..., Randy Dunlap, (Fri Sep 12, 1:46 pm)

Re: [Bug #11407] suspend: unable to handle kernel paging r ..., Vegard Nossum, (Fri Sep 12, 1:50 pm)

Re: [Bug #11548] kernel BUG at drivers/pci/intel-iommu.c:1373!, Chris Mason, (Fri Sep 12, 1:56 pm)

Re: [Bug #11276] build error: CONFIG_OPTIMIZE_INLINING=y c ..., Rafael J. Wysocki, (Fri Sep 12, 2:19 pm)

Re: [Bug #11548] kernel BUG at drivers/pci/intel-iommu.c:1373!, Rafael J. Wysocki, (Fri Sep 12, 2:21 pm)

Re: [Bug #11308] tbench regression on each kernel release ..., Christoph Lameter, (Fri Sep 12, 3:05 pm)

Re: [Bug #11500] /proc/net bug related to selinux, James Morris, (Fri Sep 12, 3:14 pm)

Re: [Bug #11500] /proc/net bug related to selinux, Andrew Morton, (Fri Sep 12, 3:24 pm)

Re: [Bug #11550] pnp: Huge number of "io resource overlap" ..., Rene Herman, (Fri Sep 12, 3:52 pm)

Re: [Bug #11500] /proc/net bug related to selinux, James Morris, (Fri Sep 12, 5:15 pm)

Re: [Bug #11552] Disabling IRQ #23, Justin Mattock, (Fri Sep 12, 8:24 pm)

Re: [Bug #11398] hda_intel: IRQ timing workaround is activ ..., Frans Pop, (Sat Sep 13, 12:37 am)

Re: [Bug #11271] BUG: fealnx in 2.6.27-rc1, Jaswinder Singh, (Sat Sep 13, 1:47 am)

Re: [Bug #11553] Strange looking line from "ps aux", Alan Jenkins, (Sat Sep 13, 1:51 am)

Re: [Bug #11308] tbench regression on each kernel release ..., Mike Galbraith, (Sat Sep 13, 4:44 am)

Re: [Bug #11308] tbench regression on each kernel release ..., Mike Galbraith, (Sat Sep 13, 4:57 am)

Re: [Bug #11557] Controlling backlight on thinkpad x60, Matthew Garrett, (Sat Sep 13, 8:13 am)

Re: [Bug #11398] hda_intel: IRQ timing workaround is activ ..., Takashi Iwai, (Sat Sep 13, 10:23 am)

Re: [Bug #11500] /proc/net bug related to selinux, Andrew Morton, (Sat Sep 13, 12:37 pm)

Re: [Bug #11554] Partition check considered as error is br ..., Herton Ronaldo Krzes ..., (Sat Sep 13, 4:37 pm)

Re: [Bug #11308] tbench regression on each kernel release ..., Mike Galbraith, (Sat Sep 13, 11:24 pm)

Re: [Bug #11308] tbench regression on each kernel release ..., Mike Galbraith, (Sun Sep 14, 12:02 am)

Re: [Bug #11557] Controlling backlight on thinkpad x60, Pavel Machek, (Sun Sep 14, 3:18 am)

Re: [Bug #11308] tbench regression on each kernel release ..., Christoph Lameter, (Sun Sep 14, 7:18 am)

Re: [Bug #11308] tbench regression on each kernel release ..., Mike Galbraith, (Sun Sep 14, 12:51 pm)

Re: [Bug #11398] hda_intel: IRQ timing workaround is activ ..., Rafael J. Wysocki, (Sun Sep 14, 5:13 pm)

Re: [Bug #11500] /proc/net bug related to selinux, Rafael J. Wysocki, (Sun Sep 14, 5:16 pm)

Re: [Bug #11554] Partition check considered as error is br ..., Rafael J. Wysocki, (Sun Sep 14, 5:25 pm)

Re: [Bug #11308] tbench regression on each kernel release ..., Mike Galbraith, (Mon Sep 15, 3:44 am)

Re: [Bug #11500] /proc/net bug related to selinux, Stephen Smalley, (Mon Sep 15, 6:05 am)

Re: [Bug #11500] /proc/net bug related to selinux, Stephen Smalley, (Mon Sep 15, 6:42 am)

Re: [Bug #11471] GPE storm detected, kernel freezes, Zhang Rui, (Mon Sep 15, 10:50 pm)

Re: [Bug #11308] tbench regression on each kernel release ..., Mike Galbraith, (Tue Sep 16, 5:28 am)

Re: [Bug #11308] tbench regression on each kernel release ..., Ilpo Järvinen, (Tue Sep 16, 7:07 am)

Re: [Bug #11272] BUG: parport_serial in 2.6.27-rc1 for Net ..., Jaswinder Singh, (Tue Sep 16, 8:25 am)

Re: [Bug #11308] tbench regression on each kernel release ..., Mike Galbraith, (Tue Sep 16, 9:39 pm)

Re: [Bug #11308] tbench regression on each kernel release ..., Mike Galbraith, (Tue Sep 16, 10:01 pm)

Re: [Bug #11308] tbench regression on each kernel release ..., Ingo Molnar, (Wed Sep 17, 3:40 am)

Re: [Bug #11308] tbench regression on each kernel release ..., Mike Galbraith, (Wed Sep 17, 4:41 am)

Re: [Bug #11308] tbench regression on each kernel release ..., Ingo Molnar, (Wed Sep 17, 5:49 am)

Re: [Bug #11308] tbench regression on each kernel release ..., Mike Galbraith, (Wed Sep 17, 6:11 am)

Re: [Bug #11308] tbench regression on each kernel release ..., Ilpo Järvinen, (Wed Sep 17, 6:36 am)

Re: [Bug #11308] tbench regression on each kernel release ..., Mike Galbraith, (Wed Sep 17, 6:57 am)

Re: [Bug #11276] build error: CONFIG_OPTIMIZE_INLINING=y c ..., Bjorn Helgaas, (Wed Sep 17, 7:26 am)

Re: [Bug #11308] tbench regression on each kernel release ..., Eric Dumazet, (Wed Sep 17, 7:47 am)

Re: [Bug #11308] tbench regression on each kernel release ..., Eric Dumazet, (Wed Sep 17, 7:50 am)

Re: [Bug #11308] tbench regression on each kernel release ..., Ilpo Järvinen, (Wed Sep 17, 10:04 am)

Re: [Bug #11308] tbench regression on each kernel release ..., Mike Galbraith, (Wed Sep 17, 11:16 am)

Re: [Bug #11500] /proc/net bug related to selinux, Andrew Morton, (Wed Sep 17, 12:50 pm)

Re: [Bug #11500] /proc/net bug related to selinux, Paul Moore, (Wed Sep 17, 2:24 pm)

Re: [Bug #11500] /proc/net bug related to selinux, Eric W. Biederman, (Wed Sep 17, 2:39 pm)

Re: [Bug #11500] /proc/net bug related to selinux, Andrew Morton, (Wed Sep 17, 2:48 pm)

Re: [Bug #11500] /proc/net bug related to selinux, Eric W. Biederman, (Wed Sep 17, 2:56 pm)

Re: [Bug #11500] /proc/net bug related to selinux, Andrew Morton, (Wed Sep 17, 3:11 pm)

Re: [Bug #11500] /proc/net bug related to selinux, Paul Moore, (Wed Sep 17, 3:12 pm)

Re: [Bug #11500] /proc/net bug related to selinux, David Miller, (Wed Sep 17, 3:23 pm)

Re: [Bug #11500] /proc/net bug related to selinux, Andrew Morton, (Wed Sep 17, 3:24 pm)

Re: [Bug #11500] /proc/net bug related to selinux, Eric W. Biederman, (Wed Sep 17, 3:32 pm)

Re: [Bug #11500] /proc/net bug related to selinux, Eric W. Biederman, (Wed Sep 17, 3:53 pm)

Re: [Bug #11308] tbench regression on each kernel release ..., Mike Galbraith, (Thu Sep 18, 12:12 am)

Re: [Bug #11308] tbench regression on each kernel release ..., Mike Galbraith, (Thu Sep 18, 12:25 am)

Re: [Bug #11308] tbench regression on each kernel release ..., Ilpo Järvinen, (Thu Sep 18, 12:58 am)

Re: [Bug #11500] /proc/net bug related to selinux, Stephen Smalley, (Thu Sep 18, 5:38 am)

Re: [Bug #11500] /proc/net bug related to selinux, Stephen Smalley, (Thu Sep 18, 6:03 am)

Re: [Bug #11500] /proc/net bug related to selinux, Eric W. Biederman, (Thu Sep 18, 11:09 am)

Re: [Bug #11500] /proc/net bug related to selinux, Stephen Smalley, (Thu Sep 18, 11:34 am)

Re: [Bug #11506] oops during unmount - ext3? (2.6.27-rc5), Marcin Slusarz, (Fri Sep 19, 9:17 am)

Re: [Bug #11500] /proc/net bug related to selinux, david, (Fri Sep 19, 9:58 am)

Re: [Bug #11500] /proc/net bug related to selinux, Stephen Smalley, (Fri Sep 19, 10:07 am)

Re: [Bug #11500] /proc/net bug related to selinux, Stephen Smalley, (Mon Sep 29, 9:49 am)

Navigation

Popular discussions


linux-kernel:
Greg KH	Og dreams of kernels
Jens Axboe	[PATCH 31/33] Fusion: sg chaining support
Arnd Bergmann	Re: finding your own dead &quo