Bug#528860: (no subject)

[Bastian Blank <waldi@debian.org>]

On Sun, May 17, 2009 at 09:12:22PM +0200, Markus Meier wrote:
> Am Sonntag, 17. Mai 2009 schrieb Bastian Blank:
> > Please provide the complete kernel log from the failing system.
> I tried to reconstruct the kernel panic with a XEN virtual machine 
> because the machine the bug occurred originally is far off and I have 
> no chance to attach a serial console to it. 
> Log is attached.

Thanks.

> [    4.623569] kernel BUG at security/selinux/avc.c:883!

This check means that the requested permission is undefined, aka 0.

Called from:
> [    4.625786] RIP: e030:[<ffffffff802e61dd>]  [<ffffffff802e61dd>] avc_has_perm_noaudit+0x26/0x379
> [    4.625907]  [<ffffffff802e7049>] ? avc_has_perm+0x2b/0x5b
> [    4.625920]  [<ffffffff802e9ec1>] ? selinux_ip_postroute+0x1eb/0x38b

For sockets != udp, tcp and dccp, the check is wrong. This code was
removed from 2.6.30.

Bastian

-- 
Sometimes a feeling is all we humans have to go on.
		-- Kirk, "A Taste of Armageddon", stardate 3193.9