View Full Version : Kernel Panic error on boot due to selinux policy strict !

19th February 2006, 05:49 AM
Hi everyone,

I was browsing for some extra apps on YUM extender today and I noticed one for "selinux ploicy strict", I wanted to try that one, so I installed it through YUM from the fedora repo, and went to my selinux configuration and switched my policy to strict just to see what it's about really, then suddenly my programs started to lag, and I had to forcequit some apps I had running, so I decided to shutdown as I had no idea what caused the issue, then after I restarted I get a Kernel Panic error as follows on my bootup :

Red Hat nash version 4.2.15 starting
Reading all physical volumes. This may take a while...
Found volume group "VolGroup00" using metadata type lvm2
2 logical volume(s) in volume group "VolGroup00"now active

load_booleans: boolean mozilla_readhome no longer in policy
load_booleans: boolean mozilla_writehome no longer in policy
sepol_genbools: Warning! Error while reading /etc/selinux/strict/booleans
/sbin/init: error while loading shared libraries: libsepol.so.1: failed to map
segment form shared object : Permession denied
Kernel panic - not syncing: Attempted to kill init!

I had no idea that this will happen and now I am stuck with this problem.

The machine is a Thinkpad R50e running Fedora Core 4 and the latest kernel, the worst part is that I was worknig on some important documents that are due tomorrow ,when this happened and I can't afford to lose my data !

I have the Fedora Core 4 Installation media and I was wondering how can I fix this maybe in rescue mode or any other approach.

Thanks in advance.

19th February 2006, 07:55 AM
at the "kernel" version screen--blue one at bootup--hit an arrow key quickly and seclect the kernel you want to boot up into with an arrow key--hit an "e" key to edit--cursor down to the line with "rhgb quiet" at the end and remove the rhgb quiet part and type in it's place 'selinux=0" no quotes and that's a zero at the end--hit an enter key and then a "b" key to boot---
after booting up get into a terminal and run
and reset to run trargeted policy (if you want it to run as it used to do)
reboot and problem should be solved...
or you can use yum to remove the policy and reboot
or use the gui security setup to switch policies
several ways to do it.

19th February 2006, 06:51 PM
Thanks , that fixed the problem, but I have one more question, for personal use, how necessary is selinux, let's say if my machine doesn't act as a server in any way nor it utilizes things like SSH,FTP ...etc is it necessary to have it enabled , or is it just an overkill for personal use ?

19th February 2006, 07:09 PM
matter of personal opinion--I use it as targeted policy.
And using that as a personal Desktop (usually) isn't a lot of protection added to the system used that way. Although it does help with fumbly typing fingers sometimes!
If using an Apache server along with desktop usage--there could be a few benifits.
I do it as just a testing thing--I look in the logs from time to time to see what/when something did outside of currant policy.
And I'm trying to study the usage/in's/out's of SELinux too.
You might try it as "permissive" if targeted policy interferrs with your normal usage.(it'll still be logged)
Although the targeted and normal usage is kind of honed down now to a fine usable edge.
SELinux is still fairly young in the developement stages--as with wine it'll get better with age.