Re: 2.6.27-rc1: strange fstab issue (Re: 2.6.27-rc1 + selinux new options = no httpd)

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Gene Heskett <gene.heskett@...>

Cc: Rafael J. Wysocki <rjw@...>, James Morris <jmorris@...>, <linux-kernel@...>, Stephen Smalley <sds@...>, <aviro@...>

Subject: Re: 2.6.27-rc1: strange fstab issue (Re: 2.6.27-rc1 + selinux new options = no httpd)

Date: Friday, August 1, 2008 - 9:47 am

On Fri, 2008-08-01 at 09:39 -0400, Gene Heskett wrote:
quoted text> On Thursday 31 July 2008, Rafael J. Wysocki wrote:
> Update by Gene below.
> >On Thursday, 31 of July 2008, James Morris wrote:
> >> On Thu, 31 Jul 2008, Gene Heskett wrote:
> >> > >Which new options?
> >> >
> >> > Make xconfig-->security options:
> >> >
> >> > XFRM Networking security hooks
> >> >
> >> >  and several others just below it.  Unforch, I can't copy/paste the
> >> > screen.
> >>
> >> I can't really imagine what that is (although if you enable the secmark
> >> controls under the main SELinux menu, which are disabled by default,
> >> there could be problems).
> >
> >On a possibly related note, I've been observing a strange issue on one of
> >my test boxes with OpenSUSE 10.3 recently.   Namely, the fsck complains
> >that there's no passno value in the fstab, although it obviously is present.
> >
> >Strangely enough, if the kernel is compiled with CONFIG_SECURITY_SELINUX
> > unset, the fsck doesn't complain about the missing passno field any more.
> >
> >Thanks,
> >Rafael
> 
> I just did a 2.6.27-rc1 rebuild on a pure, all defaults 'make oldconfig' from
> my 2.6.26 final .config moved to that src tree.
> 
> httpd is still being denied access to its log files and dies during the bootup.
> 
> This is a showstopper for me.

Stephen Smalley just sent me a private note.  Apparently he is having
e-mail trouble but he did point out the most likely problem.  Can you
add the patch from

http://marc.info/?l=linux-kernel&m=121726661110266&w=2

And give it a whirl?  Sorry, but we think the problem is that the VFS
stopped passing all of the relevant information down to the security
system.  https is only allowed to append to its log files, not actually
'write.'  Since the VFS is longer differentiating those two operations
you are getting then denial for write.

I'll try to get this pushed into linus's tree quickly.

-Eric

--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

2.6.27-rc1 + selinux new options = no httpd, Gene Heskett, (Wed Jul 30, 10:54 pm)

Re: 2.6.27-rc1 + selinux new options = no httpd, James Morris, (Thu Jul 31, 12:43 am)

Re: 2.6.27-rc1 + selinux new options = no httpd, Gene Heskett, (Thu Jul 31, 9:09 am)

Re: 2.6.27-rc1 + selinux new options = no httpd, James Morris, (Thu Jul 31, 4:02 pm)

2.6.27-rc1: strange fstab issue (Re: 2.6.27-rc1 + selinux ne..., Rafael J. Wysocki, (Thu Jul 31, 6:17 pm)

Re: 2.6.27-rc1: strange fstab issue (Re: 2.6.27-rc1 + selinu..., Gene Heskett, (Fri Aug 1, 9:39 am)

Re: 2.6.27-rc1: strange fstab issue (Re: 2.6.27-rc1 + selinu..., Eric Paris, (Fri Aug 1, 9:47 am)

Re: 2.6.27-rc1: strange fstab issue (Re: 2.6.27-rc1 + selinu..., Gene Heskett, (Fri Aug 1, 10:13 am)

Re: 2.6.27-rc1: strange fstab issue (Re: 2.6.27-rc1 + selinu..., Al Viro, (Fri Aug 1, 10:02 am)

Re: 2.6.27-rc1 + selinux new options = no httpd, Eric Paris, (Thu Jul 31, 10:44 am)

Re: 2.6.27-rc1 + selinux new options = no httpd, Stephen Smalley, (Thu Jul 31, 1:47 pm)

Re: 2.6.27-rc1 + selinux new options = no httpd, Gene Heskett, (Fri Aug 1, 2:52 pm)

Re: 2.6.27-rc1 + selinux new options = no httpd, Stephen Smalley, (Fri Aug 1, 8:51 am)

Re: 2.6.27-rc1 + selinux new options = no httpd, Al Viro, (Fri Aug 1, 10:47 am)

Re: 2.6.27-rc1 + selinux new options = no httpd, , (Wed Jul 30, 11:36 pm)


linux-kernel:
Peter Zijlstra	[PATCH 00/23] per device dirty throttling -v8
david	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Greg Kroah-Hartman	[PATCH 005/196] Chinese: add translation of SubmittingDrivers
Vladislav Bolkhovitin	Re: Integration of SCST in the mainstream Linux kernel
git:

openbsd-misc:

linux-netdev:
Gerrit Renker	[PATCH 03/37] dccp: List management for new feature negotiation
Frans Pop	svc: failed to register lockdv1 RPC service (errno 97).
David Miller	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
David Miller	[GIT]: Networking

Re: 2.6.27-rc1: strange fstab issue (Re: 2.6.27-rc1 + selinux new options = no httpd)

Online users