Re: Permission denied during rpm installation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Deepak Shrestha wrote:
On 7/29/06, Paul Howarth <paul@xxxxxxxxxxxx> wrote:
Deepak Shrestha wrote:
>> The problem appears to be depmod trying to unlink (delete) a file of
>> context type modules_object_t. I can't see any need for it to delete
>> anything that's actually a kernel module, so perhaps you have a
>> labelling problem?
>>
>> Can you post the output of the following commands:
>>
>> $ ls -lZ /lib/modules//2.6.17-1.2157_FC5
>>
>> $ rpm -q --scripts kernel-module-ntfs-2.6.17-1.2157_FC5
>>
>> Paul.
>
>
> Ok
>
> output of
>
> $ ls -lZ /lib/modules//2.6.17-1.2157_FC5
>
> ============
> lrwxrwxrwx  root root system_u:object_r:modules_object_t build ->
> ../../../usr/src/kernels/2.6.17-1.2157_FC5-i686
> drwxr-xr-x  root root system_u:object_r:modules_object_t extra
> drwxr-xr-x  root root system_u:object_r:modules_object_t kernel
> -rw-r--r--  root root user_u:object_r:modules_dep_t    modules.alias
> -rw-r--r--  root root user_u:object_r:modules_dep_t    modules.ccwmap
> -rw-r--r--  root root user_u:object_r:modules_dep_t    modules.dep
> -rw-r--r-- root root user_u:object_r:modules_dep_t modules.ieee1394map
> -rw-r--r--  root root user_u:object_r:modules_dep_t    modules.inputmap
> -rw-r--r-- root root user_u:object_r:modules_dep_t modules.isapnpmap
> -rw-r--r--  root root user_u:object_r:modules_dep_t    modules.ofmap
> -rw-r--r--  root root user_u:object_r:modules_dep_t    modules.pcimap
> -rw-r--r--  root root user_u:object_r:modules_dep_t    modules.seriomap
> -rw-r--r--  root root user_u:object_r:modules_dep_t    modules.symbols
> -rw-r--r--  root root user_u:object_r:modules_dep_t    modules.usbmap
> lrwxrwxrwx root root system_u:object_r:modules_object_t source -> build
> drwxr-xr-x  root root system_u:object_r:modules_object_t updates
> ==============
>
> and output of
>
> $ rpm -q --scripts kernel-module-ntfs-2.6.17-1.2157_FC5
>
> ==============
> preinstall program: /bin/sh
> postinstall scriptlet (using /bin/sh):
> if [ -f /boot/System.map-2.6.17-1.2157_FC5 ]; then
>        /sbin/depmod -a -F /boot/System.map-2.6.17-1.2157_FC5
> 2.6.17-1.2157_FC5 || :
> else
>        /sbin/depmod -a || :
> fi
> postuninstall scriptlet (using /bin/sh):
> if [ -f /boot/System.map-2.6.17-1.2157_FC5 ]; then
>        /sbin/depmod -a -F /boot/System.map-2.6.17-1.2157_FC5
> 2.6.17-1.2157_FC5 || :
> else
>        /sbin/depmod -a || :
> fi
> ======================

Nothing looks particularly odd to me there. If you were running the
audit daemon we might have found the name of the actual file that depmod
was trying to remove, which would have helped.

The only thing I can think of now would be to try reinstalling the
package and if the problem is repeated. If not, it's likely that it was
a labelling issue that has "fixed itself" by having depmod write a new
file with the correct context type when you did the original install in
permissive mode.

Paul.


I can't remember the particular package which got denied when I did
the yum update but its not giving me touble at this moment. Hope next
update will solve this problem.

D'oh, silly me. The answer was there is the first post of this thread. The file concerned was /lib/modules/2.6.17-1.2157_FC5/modules.dep.temp, probably created during installation of the kernel-module-ntfs-2.6.17-1.2157_FC5 package.

If a file of that name is created by depmod, it should have the modules_dep_t file context type. However, if it's created by an unconfined process (e.g. by just doing "touch /lib/modules/2.6.17-1.2157_FC5/modules.dep.temp"), it'll get the modules_object_t context type, which is what caused the problem. So the question is, how did that file get created?

It would be useful if you could try uninstalling kernel-module-ntfs-2.6.17-1.2157_FC5, making sure that /lib/modules/2.6.17-1.2157_FC5/modules.dep.temp does not exist, making sure that you're in enforcing mode, then trying to reinstall kernel-module-ntfs-2.6.17-1.2157_FC5 and see if the problem happens again.

Paul.

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux