Wind River Support Network

HomeDefectsCGP5-703
Fixed

CGP5-703 : [Feature Testing][Networking]kdump does not work when selinux in enforcing mode

Created: Mar 11, 2013    Updated: Mar 11, 2016
Resolved Date: Apr 22, 2013
Found In Version: 5.0.1
Fix Version: 5.0.1.3,6.0
Severity: Severe
Applicable for: Wind River Linux 5
Component/s: Networking

Description

Problem Description
======================
kdump can not run when selinux in enforcing mode. Does wrlinux support
this operation?
Or must run kdump with selinux disabled/permissive mode?
root@localhost:~# kexec -p /boot/bzImage --append="console=ttyS0,115200
root=/dev/sda1 rw ip=dhcp"
Cannot open /proc/kcore: Permission denied
Cannot read /proc/kcore: Permission denied
Cannot load /boot/bzImage
root@localhost:~# newrole -r secadm_r
Password:
root@localhost:~# ls -Z /proc/kcore
ls: cannot access /proc/kcore: Permission denied
root@localhost:~#  kexec -p /boot/bzImage --append="console=ttyS0,115200
root=/dev/sda1 rw ip=dhcp"
Cannot open `/boot/bzImage': (null)
Cannot open `/boot/bzImage': (null)

BTW, kexec work correctly when selinux enforcing.

Expected Behavior
======================
kdump can work when selinux in enforcing mode

Observed Behavior
======================
root@localhost:~# kexec -p /boot/bzImage --append="console=ttyS0,115200
root=/dev/sda1 rw ip=dhcp"
Cannot open /proc/kcore: Permission denied
Cannot read /proc/kcore: Permission denied
Cannot load /boot/bzImage
root@localhost:~# newrole -r secadm_r
Password:
root@localhost:~# ls -Z /proc/kcore
ls: cannot access /proc/kcore: Permission denied
root@localhost:~#  kexec -p /boot/bzImage --append="console=ttyS0,115200
root=/dev/sda1 rw ip=dhcp"
Cannot open `/boot/bzImage': (null)
Cannot open `/boot/bzImage': (null)

Steps to Reproduce

Reproduce on intel-xeon-core
1.build project
--enable-board=intel-xeon-core --enable-kernel=cgl --enable-rootfs=glibc_cgl --enable-parallel-pkgbuilds=8 --enable-jobs=8
2.boot up target with crashkernel=256M@64M
3.Boot the system kernel and then load the capture kernel
  $ kexec -p capture_kernel --append="`cat /proc/cmdline|sed "s/ crashkernel=X@Y//`"
  $ echo c > /proc/sysrq-trigger
4.After system reboot with capture kernel, copy /proc/vmcore out, then reboot target.
  $ cp /proc/vmcore /root
5.use crash to analyze vmcore
  $ crash /boot/vmlinux*** /root/vmcore

also can get test approach from
http://pek-git.wrs.com/cgi-bin/cgit.cgi/layers/wr-testing/tree/cgl/doc/kexec_kdump.txt

Other Downloads


Live chat
Online