| 1 |
dear Ned, |
| 2 |
|
| 3 |
> > I have a weird problem: when I compile a 2.6.11-kernel (the version is |
| 4 |
> > probably not the culprit though) and try to boot it (in enforcing mode) |
| 5 |
> > it always gives the following error: |
| 6 |
> > ---- |
| 7 |
> > audit(1116881914.014:0): avc: denied { execmod } for pid=1 comm=init |
| 8 |
> > path=/sbin/init dev=hda3 ino=418514 scontext=system_u:system_r:init_t |
| 9 |
> > tcontext=system_u:object_r:init_exec_t tclass=file |
| 10 |
> > /sbin/initKernel panic - not syncing: Attempted to kill init! |
| 11 |
> > |
| 12 |
> > : error while lo ading shared libraries: cannot restore segment prot |
| 13 |
> > : after |
| 14 |
> > |
| 15 |
> > reloc |
| 16 |
> > |
| 17 |
> > : Permission denied |
| 18 |
> > |
| 19 |
> > ----- |
| 20 |
> |
| 21 |
> Does your init have any text relocations in it? |
| 22 |
|
| 23 |
I'm not sure how to interpret this: please forgive my stupidity. I'll try to |
| 24 |
guess: |
| 25 |
|
| 26 |
- In case you meant: are there mountpoints such as "/var/usr/something" which |
| 27 |
would then point to another partition: no. |
| 28 |
|
| 29 |
- In case you meant: do you use a line like "kernel (hd0,0)/boot/bzImage" in |
| 30 |
your grub.conf, which then points to a real kernel-file |
| 31 |
like /boot/kernel-2.6.11-hardened-r13: yes, but the problems are also arising |
| 32 |
when I link directly to /boot/kernel-2.6.11-hardened-r13 in grub.conf. |
| 33 |
|
| 34 |
Moreover, both these kind of configurations are the same on the working |
| 35 |
system. |
| 36 |
|
| 37 |
Did I understand you correctly, or do I fail to understand your mail? |
| 38 |
|
| 39 |
Regards, |
| 40 |
|
| 41 |
Roel |
| 42 |
|
| 43 |
> In the past TEXTREL's were only a problem for hardened toolchain users. |
| 44 |
> But that has changed. Now selinux will be just as non permitting with |
| 45 |
> them as the toolchain. |
| 46 |
> -- |
| 47 |
> Ned Ludd <solar@g.o> |
Archives