Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 152827 - kernel - multibooting SELinux disables Fedora Legacy Redhat 9
Summary: kernel - multibooting SELinux disables Fedora Legacy Redhat 9
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: kernel
Version: rhl9
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
URL:
Whiteboard: LEGACY, DEFER, rh73, rh90
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-10-27 14:15 UTC by John Reiser
Modified: 2007-03-27 04:29 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-08-13 13:04:33 UTC


Attachments (Terms of Use)

Description David Lawrence 2005-03-30 23:28:51 UTC
Rebooting into Fedora Legacy Redhat 9 after multibooting any later Linux system
that uses extended attributes (such as SELinux under Fedora Core 2) on the same
box, fails with a kernel console message "attempt to access beyond end of
device".  Most kernels 2.4.20 and younger have a bug in their interpretation of
extended attributes for a symlink on an ext2/ext3 filesystem [the symlink
/bin/sh -> bash is the typical first problem.]  The newer kernel with SELinux
applies extended attributes whenever a file is written, so if the Fedora Legacy
9 root filesystem gets mounted read-write during multiboot, then it will be
"contaminated".

The bug and the fix are known.  I nominate the fix for inclusion in Fedora
Legacy for Redhat 9.  The patch applies to kernel-2.4.20-37.9.legacy with only
small offsets.

bug:  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=137068
fix:  http://lkml.org/lkml/2004/1/1/146

Reproducible test case: multiboot Fedora Core 2 with SELinux in targeted
permissive mode, mount a Fedora Legacy Redhat 9 ext3 root filesystem, and create
a file on it.  Try to reboot into the Fedora Legacy Redhat 9 system.



------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:28 -------

This bug previously known as bug 2205 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2205
Originally filed under the Fedora Legacy product and General component.

Unknown priority P3. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.



Comment 1 Matthew Miller 2005-04-12 14:24:09 UTC
Marking this as low priority since it's not a security update.

Comment 2 Dominic Hargreaves 2005-04-12 14:30:19 UTC
Personally I'd take the priority in the context of the severity, and not bother
making those sorts of changes - but personal preference I guess...

Comment 3 Matthew Miller 2005-04-12 14:38:43 UTC
I guess that's reasonable -- I'll avoid making further changes like that. I'm
used to a bugzilla model where priority is the most important and severity is
basically informational, but I can be flexible. :)

Comment 4 Greg Swift 2005-04-12 18:04:26 UTC
On the other hand, whatever you may want to call it (enhancement or otherwise),
if your older RedHat 9 system is no longer usable, especially if you stupidly
ran e2fsck and "fixed" it, this should be considered a critically important
bug.  Call it a security fix if you wish, it certainly does compromise the
security of the system if it is no longer bootable.  I have personally
toasted three perfectly good systems because of this.  Needless to say,
I am very unhappy.  PLEASE FIX THIS IMMEDIATELY with a new kernel rpm.
I would really rather not have to install it as a patch.  Thank you.

Comment 5 Jesse Keating 2005-04-12 18:27:12 UTC
This will be added into the next kernel we issue for RHL9, not before.

This bug will depend on any future RHL9 kernel bugs.

Comment 6 Matthew Miller 2005-04-12 18:34:42 UTC
bug #152532, say. :)

Comment 7 Pekka Savola 2005-11-16 13:17:37 UTC
This doesn't seem to be important enough to fix just on its own, so mark it DEFER.

Comment 8 Jesse Keating 2006-08-13 13:04:33 UTC
Closing this as we will not be releasing for just this issue.


Note You need to log in before you can comment on or make changes to this bug.