1 |
dear Ned, |
2 |
|
3 |
> > I have a weird problem: when I compile a 2.6.11-kernel (the version is |
4 |
> > probably not the culprit though) and try to boot it (in enforcing mode) |
5 |
> > it always gives the following error: |
6 |
> > ---- |
7 |
> > audit(1116881914.014:0): avc: denied { execmod } for pid=1 comm=init |
8 |
> > path=/sbin/init dev=hda3 ino=418514 scontext=system_u:system_r:init_t |
9 |
> > tcontext=system_u:object_r:init_exec_t tclass=file |
10 |
> > /sbin/initKernel panic - not syncing: Attempted to kill init! |
11 |
> > |
12 |
> > : error while lo ading shared libraries: cannot restore segment prot |
13 |
> > : after |
14 |
> > |
15 |
> > reloc |
16 |
> > |
17 |
> > : Permission denied |
18 |
> > |
19 |
> > ----- |
20 |
> |
21 |
> Does your init have any text relocations in it? |
22 |
|
23 |
I'm not sure how to interpret this: please forgive my stupidity. I'll try to |
24 |
guess: |
25 |
|
26 |
- In case you meant: are there mountpoints such as "/var/usr/something" which |
27 |
would then point to another partition: no. |
28 |
|
29 |
- In case you meant: do you use a line like "kernel (hd0,0)/boot/bzImage" in |
30 |
your grub.conf, which then points to a real kernel-file |
31 |
like /boot/kernel-2.6.11-hardened-r13: yes, but the problems are also arising |
32 |
when I link directly to /boot/kernel-2.6.11-hardened-r13 in grub.conf. |
33 |
|
34 |
Moreover, both these kind of configurations are the same on the working |
35 |
system. |
36 |
|
37 |
Did I understand you correctly, or do I fail to understand your mail? |
38 |
|
39 |
Regards, |
40 |
|
41 |
Roel |
42 |
|
43 |
> In the past TEXTREL's were only a problem for hardened toolchain users. |
44 |
> But that has changed. Now selinux will be just as non permitting with |
45 |
> them as the toolchain. |
46 |
> -- |
47 |
> Ned Ludd <solar@g.o> |