[Pkg-sysvinit-devel] Bug#330592: sysvinit: init panic after creating directory /selinux/

James Westby jw+debian at jameswestby.net
Sun Oct 22 16:11:17 CEST 2006 

Hi,

I have managed to get some more information on this bug. I have included
my findings below, but the short story is that I think it might be
somewhat fixed.

Can you still reproduce this bug? If so it would be interesting to get a
bit more information, for instance a full log of the crashing startup.
It would also be good to have some information about your system when it
is running normally. For instance all the information in /selinux and
/etc/selinux/.

> A few days ago, during boot, just before init startup, I too noticed the
> same message which claimed directory /selinux/ was not found.
> 
> thinking selinux was badly installed I created that directory... and
> forgot about it. Tonight, because of a change in my system, I rebooted,
> to have Init scream this message to me :
> 
> INIT: PANIC: segmentation violation! sleeping for 30 seconds.  INIT:
> PANIC: segmentation violation! sleeping for 30 seconds.  etc ...
> 
> Obviously it took me while to link the 2 events together: I thought my
> disk was corrupt, except the lockup was always happenning at the same
> place, and also I noticed that the message which claimed /selinux/ was
> missing, had changed to: 
> 
> Can't open '/etc/security/selinux/policy.19': no such file or directory.

This is the interesting part. I believe this is where Fedora keeps their
configuration, on Debian it is
/etc/selinux/<policy-name>/policy.<version>
However the above location is considered the "compat" location by
libselinux. The relevant bit of code is in
libselinux1-1.30.28/src/selinux_config.c:169

  if (access(SELINUXDIR, F_OK) != 0) {
    selinux_policyroot = SECURITYDIR;
    selinux_rootpath = SECURITYDIR;
    use_compat_file_path = 1;
    return;
  }

where SECURITYDIR is /etc/security/

so insysvinit-2.86.ds1/src/init.c:189 (after ./debian/rules patch-stamp)

  snprintf(policy_file,sizeof(policy_file),"%s.%d",selinux_binary_policy_path(),policy_version);
  fd = open(policy_file, O_RDONLY);
  if (fd < 0) {
    /* Check previous version to see if old policy is available
     */
    snprintf(policy_file,sizeof(policy_file),"%s.%d",selinux_binary_policy_path(),policy_version-1);
    fd = open(policy_file, O_RDONLY);
    if (fd < 0) {
      printf( "Can't open '%s.%d':  %s\n",
          selinux_binary_policy_path(),policy_version,strerror(errno));
      goto UMOUNT;
    }
  }

which you can see creates the above message.

So I managed to get the above message (for policy version 20) by 
  # rm -rf /etc/selinux

However it did not cause a segfault, and I got a completed boot. I did
however get 

*** glibc detected *** free(): invalid pointer: 0x0804feb5 ***
*** glibc detected *** free(): invalid pointer: 0x0804feb5 ***

so maybe this is what was the segfault before.

I have looked for relevant code changes in bith sysvinit and libselinux
since your report and I can't see anything that seems like it would have
fixed it. However I can't see anything that would cause a segfault
either. 

> 
> Once I removed the offending directory, and rebooted, I noticed the
> normal :
> 
> INIT : Entering run level 2 
> 
> where juste before init panicked.

This is due to the fact that if /selinux can't be mounted it bails out a
lot earlier.

> 
> So, the 'solution' was easy, but the reason this might be a more serious
> bug is because normal users would not be able to restart from a system
> without a functioning init.
> 
> Final note : this crash might happen because I have a custom kernel. I
> did include selinux in the build, though.

I used fresh etch install in a qemu VM, with stock .17 kernel. I
installed selinux-basics and selinux-policy-refpolicy-targeted, did a
couple of reboots, and then did rf -rf /etc/selinux/, and rebooted with 
selinux=1 on the kernel command line. I am using

  libselinux1 1.30.28-2
  sysvinit 2.86.ds1-20
  libc6 2.3.6.ds1-4
  libsepol1 1.12.26-2

So, as I said above it seems this bug might have been fixed along the
way, but I'm not totally convinced that I have matched your setup. It
also seems as if it requires a very broken setup to trigger it
(/etc/selinux/ unreadable).

I have also just noticed that you are on a different arch, so here is a
list of possible candidates for why I cannot reproduce,

  amd64 vs i386
  Kernel 2.6.13 vs 2.6.17
  version of libselinux1
  version of sysvinit
  different setup

Any information you could provide would be useful,

Thanks,

James

-- 
  James Westby   --    GPG Key ID: B577FE13    --     http://jameswestby.net/
  seccure key - (3+)k7|M*edCX/.A:n*N!>|&7U.L#9E)Tu)T0>AM - secp256r1/nistp256

More information about the Pkg-sysvinit-devel mailing list