1 |
Markus Bartl wrote: |
2 |
|
3 |
> Sep 29 20:20:22 odin type=1400 audit(1222712401.300:3): avc: denied { |
4 |
> read write } for pid=1 comm="init" path="/dev/console" dev=sda3 |
5 |
> ino=1485226 scontext=system_u:system_r:init_t |
6 |
> tcontext=system_u:object_r:file_t tclass=chr_file |
7 |
> Sep 29 20:20:22 odin type=1400 audit(1222712401.304:4): avc: denied { |
8 |
> ioctl } for pid=1 comm="init" path="/dev/tty0" dev=sda3 ino=1485112 |
9 |
> scontext=system_u:system_r:init_t tcontext=system_u:object_r:file_t |
10 |
> tclass=chr_file |
11 |
> Sep 29 20:20:22 odin type=1400 audit(1222712401.316:5): avc: denied { |
12 |
> read write } for pid=1081 comm="rc" name="console" dev=sda3 ino=1485226 |
13 |
> scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:file_t |
14 |
> tclass=chr_file |
15 |
> Sep 29 20:20:22 odin type=1400 audit(1222712401.364:6): avc: denied { |
16 |
> read write } for pid=1083 comm="consoletype" name="console" dev=sda3 |
17 |
> ino=1485226 scontext=system_u:system_r:consoletype_t |
18 |
> tcontext=system_u:object_r:file_t tclass=chr_file |
19 |
> Sep 29 20:20:22 odin type=1400 audit(1222712401.364:7): avc: denied { |
20 |
> getattr } for pid=1083 comm="consoletype" path="/dev/console" dev=sda3 |
21 |
> ino=1485226 scontext=system_u:system_r:consoletype_t |
22 |
> tcontext=system_u:object_r:file_t tclass=chr_file |
23 |
|
24 |
These are actually pretty harmless -- it just means your static /dev |
25 |
isn't labeled correctly. This is because the stage3 tarballs don't have |
26 |
any SELinux information in them, so when you unpack it the /dev files |
27 |
are there with no labels, but by the time you get SELinux working enough |
28 |
to relabel your filesystems, udev has taken over /dev. |
29 |
|
30 |
If you want to get rid of these AVC's from your dmesg, you just need to |
31 |
relabel the static dev entries. It's a bit tricky but you only need to |
32 |
do it once: |
33 |
|
34 |
# mkdir -p /mnt/realroot |
35 |
# mount -o bind / /mnt/realroot |
36 |
# setfiles -r /mnt/realroot \ |
37 |
/etc/selinux/strict/contexts/files/file_contexts \ |
38 |
/mnt/realroot/dev |
39 |
# umount /mnt/realroot |
40 |
|
41 |
*However*, I don't this this is really the cause of your problems. |
42 |
Gentoo's boot process is capable of continuing without access to |
43 |
/dev/console (though /dev/null may give it problems), and very early on |
44 |
udev mounted and everything fixes itself. |
45 |
|
46 |
Have you manually unmasked any packages related to booting? In |
47 |
particular, openrc/baselayout2 won't work with the SELinux userland from |
48 |
portage, and have given me similar boot failures. |
49 |
|
50 |
Also, can you be more precise about what failed on boot? How far does |
51 |
your boot process get? Do you get any of the normal Gentoo boot messages |
52 |
(the colorized ones)? |
53 |
|
54 |
--Mike |