[SELinux] Boot fail due to checking root file system fail
Hi,
booting debian squeeze with selinux fails with following error (without
selinux it boots fine):
"Checking root file system...failed (code8)."
and I get a root login prompt.
What am I missing to make my standard installation boot?
# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: permissive
Policy version: 24
Policy from config file: default
# dmesg after boot fail
SELinux: 8192 avtab hash slots, 37757 rules.
SELinux: 8192 avtab hash slots, 37757 rules.
SELinux: 6 users, 7 roles, 1142 types, 42 bools, 1 sens, 1024 cats
SELinux: 73 classes, 37757 rules
SELinux: class kernel_service not defined in policy
SELinux: class tun_socket not defined in policy
SELinux: permission open in class sock_file not defined in policy
SELinux: permission module_request in class system not defined in policy
SELinux: permission nlmsg_tty_audit in class netlink_audit_socket not
defined in policy
SELinux: the above unknown classes and permissions will be denied
SELinux: Completing initialization.
SELinux: Setting up existing superblocks.
SELinux: initialized (dev sda2, type ext3), uses xattr
SELinux: initialized (dev selinuxfs, type selinuxfs), uses genfs_contexts
SELinux: initialized (dev mqueue, type mqueue), uses transition SIDs
SELinux: initialized (dev devpts, type devpts), uses transition SIDs
SELinux: initialized (dev inotifyfs, type inotifyfs), uses genfs_contexts
SELinux: initialized (dev anon_inodefs, type anon_inodefs), uses
genfs_contexts
SELinux: initialized (dev pipefs, type pipefs), uses task SIDs
SELinux: initialized (dev sockfs, type sockfs), uses task SIDs
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
SELinux: initialized (dev proc, type proc), uses genfs_contexts
SELinux: initialized (dev bdev, type bdev), uses genfs_contexts
SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts
SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts
type=1403 audit(1296317333.486:2): policy loaded auid=4294967295
ses=4294967295
type=1400 audit(1296317333.798:3): avc: denied { read write } for
pid=348 comm="mountpoint" name="console" dev=sda2 ino=1262391
scontext=system_u:system_r:mount_t:s
0 tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317333.798:4): avc: denied { read write } for
pid=348 comm="mountpoint" path="/dev/console" dev=sda2 ino=1262391
scontext=system_u:system_r:moun
t_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317333.798:5): avc: denied { read write } for
pid=348 comm="mountpoint" path="/dev/console" dev=sda2 ino=1262391
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317333.798:6): avc: denied { read write } for
pid=348 comm="mountpoint" path="/dev/console" dev=sda2 ino=1262391
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317333.890:7): avc: denied { read write } for
pid=355 comm="mount" name="console" dev=sda2 ino=1262391
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317333.890:8): avc: denied { read write } for
pid=355 comm="mount" path="/dev/console" dev=sda2 ino=1262391
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317333.890:9): avc: denied { read write } for
pid=355 comm="mount" path="/dev/console" dev=sda2 ino=1262391
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317333.890:10): avc: denied { read write } for
pid=355 comm="mount" path="/dev/console" dev=sda2 ino=1262391
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
__ratelimit: 333 callbacks suppressed
type=1400 audit(1296317345.187:122): avc: denied { read write } for
pid=466 comm="mountpoint" name="console" dev=sda2 ino=1262391
scontext=system_u:system_r:mount_t
:s0 tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317345.187:123): avc: denied { read write } for
pid=466 comm="mountpoint" path="/dev/console" dev=sda2 ino=1262391
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317345.187:124): avc: denied { read write } for
pid=466 comm="mountpoint" path="/dev/console" dev=sda2 ino=1262391
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317345.191:125): avc: denied { read write } for
pid=467 comm="mountpoint" name="console" dev=sda2 ino=1262391
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317345.191:126): avc: denied { read write } for
pid=467 comm="mountpoint" path="/dev/console" dev=sda2 ino=1262391
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317345.191:127): avc: denied { read write } for
pid=467 comm="mountpoint" path="/dev/console" dev=sda2 ino=1262391
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317345.191:128): avc: denied { read write } for
pid=468 comm="mountpoint" name="console" dev=sda2 ino=1262391
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317345.191:129): avc: denied { read write } for
pid=468 comm="mountpoint" path="/dev/console" dev=sda2 ino=1262391
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317345.191:130): avc: denied { read write } for
pid=468 comm="mountpoint" path="/dev/console" dev=sda2 ino=1262391
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
type=1400 audit(1296317345.199:131): avc: denied { read write } for
pid=472 comm="mount" name="console" dev=sda2 ino=1262391
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=chr_file
__ratelimit: 63 callbacks suppressed
type=1400 audit(1296317352.483:153): avc: denied { search } for pid=496
comm="sulogin" name="root" dev=sda2 ino=491521
scontext=system_u:system_r:sulogin_t:s0
tcontext=unconfined_u:object_r:unconfined_home_dir_t:s0 tclass=dir
type=1400 audit(1296317352.515:154): avc: denied { module_request }
for pid=496 comm="bash" scontext=system_u:system_r:sysadm_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=system
type=1400 audit(1296317352.515:155): avc: denied { module_request }
for pid=496 comm="bash" scontext=system_u:system_r:sysadm_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=system
type=1400 audit(1296317374.037:156): avc: denied { module_request }
for pid=502 comm="ls" scontext=system_u:system_r:sysadm_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=system
type=1400 audit(1296317374.037:157): avc: denied { module_request }
for pid=502 comm="ls" scontext=system_u:system_r:sysadm_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=system
type=1400 audit(1296317374.037:158): avc: denied { module_request }
for pid=502 comm="ls" scontext=system_u:system_r:sysadm_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=system
type=1400 audit(1296317374.037:159): avc: denied { module_request }
for pid=502 comm="ls" scontext=system_u:system_r:sysadm_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=system
type=1400 audit(1296317374.037:160): avc: denied { module_request }
for pid=502 comm="ls" scontext=system_u:system_r:sysadm_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=system
type=1400 audit(1296317374.049:161): avc: denied { module_request }
for pid=502 comm="ls" scontext=system_u:system_r:sysadm_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=system
type=1400 audit(1296317374.049:162): avc: denied { module_request }
for pid=502 comm="ls" scontext=system_u:system_r:sysadm_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=system
type=1400 audit(1296317374.049:163): avc: denied { module_request }
for pid=502 comm="ls" scontext=system_u:system_r:sysadm_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=system
type=1400 audit(1296317374.049:164): avc: denied { module_request }
for pid=502 comm="ls" scontext=system_u:system_r:sysadm_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=system
type=1400 audit(1296317374.049:165): avc: denied { module_request }
for pid=502 comm="ls" scontext=system_u:system_r:sysadm_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=system
Cheers,
Simon
Reply to: