If you are running r9, there is a bug in security/selinux/hooks.c that will cause kernel panics for various reasons, eg if you try to resolve a hostname before a /etc/resolve.conf is filled. Steps to reproduce: 1. Compile kerenel with my config (see next attachment) 2. echo > /etc/resolve.conf: 3. Compile and run: #include <netdb.h> int main(int argc, char *argv[]) { gethostbyname("google.com"); return 0; } 4. Kernel panic Workaround: cat "nameserver 1.2.3.4" > /etc/resolv.conf Real Fix: http://patchwork.kernel.org/patch/29146/ This patch fixes a bug in "the compat_net code", which is deprecated and was removed from newer kernels, but is in hardened-sources-2.6.28-r9. I encountered this problem on my amd64 machine, and my friend gets the same problem on a hardened x86 server with the same kernel version. This patch fixes it.
Created attachment 195312 [details] .config used at the time
More on this issue: http://groups.google.com/group/linux.kernel/browse_thread/thread/fedc7fa04e7f5266/d2a8094509baaf80?#d2a8094509baaf80
I am able to reproduce this critical bug. The patch fixes the problem for me.
Does this only happen with SELinux actually *enabled*?
I would like to add that this problem still exists. It presented itself as KSplash locking up: a full system freeze (so, probably, a kernel panic in the background). Using sys-kernel/hardened-sources-2.6.28-r9. Resolved by using the workaround suggested in comment #2, which is booting the kernel with selinux_compat_net=0 as additional parameter in Grub.
The latest stable hardened-source is 2.6.32-r9. It should have the patch in Comment #1. Would the reporter please test it and see if this issue still persists.
This kernel is off the tree so I'm closing this bug.
