[Pkg-sysvinit-devel] Bug#330592: init segfault when /selinux exists but a policy can't be loaded

James Westby jw+debian at jameswestby.net
Wed Nov 1 23:08:16 CET 2006 

On (01/11/06 13:53), David Härdeman wrote:
> tags 330592 +unreproducible
> thanks
> 
> James Westby wrote:
> > So I managed to get the above message (for policy version 20) by
> >   # rm -rf /etc/selinux
> >
> > However it did not cause a segfault, and I got a completed boot. I did
> > however get
> >
> > *** glibc detected *** free(): invalid pointer: 0x0804feb5 ***
> > *** glibc detected *** free(): invalid pointer: 0x0804feb5 ***
> >
> > so maybe this is what was the segfault before.
> 
> I've also tried to reproduce this. I did a fresh install of testing in a
> qemu VM, and then followed the steps listed by James (install some SELinux
> package, make sure /selinux is created, boot with selinux=1 a couple of
> times, mv /etc/selinux /etc/selinux.gone, reboot).
> 

Hi,

It seems clear that the actions I described do not trigger a segfault
like the original report, however it is not clear to me that these
actions are the ones from the original report.

Ernest has stated that he did not have a policy installed, which I find
very odd, as I believe SELinux will not try and load a policy if one has
not been installed. Ernest, can you confirm that you have *never* had
an SELinux policy installed? Have you ever changed any SELinux related
settings? Does your kernel command line include selinux=1 (or your
kernel have the equivalent .config setting?).

Thinking about it now it is conceivable that the bug was fixed by a
change in a different package, either:

  * The kernel no longer tries to initialise SELinux by default (I doubt
    it ever did though).

  * SELinux used to try and load a policy even if one has not been
    configured/installed.

It might be worth investigating this, and I might find time to do so at
some point.

What I think is important is that it seems like you now have to do something
bad to your system to get to the state that it cannot load a policy,
unless there is another way to trigger this that I have overlooked.

James

-- 
  James Westby   --    GPG Key ID: B577FE13    --     http://jameswestby.net/
  seccure key - (3+)k7|M*edCX/.A:n*N!>|&7U.L#9E)Tu)T0>AM - secp256r1/nistp256

More information about the Pkg-sysvinit-devel mailing list