Re: selinux-policy-3.5.13-46.fc10.noarch - slight hiccup!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tony Molloy wrote:
> 
> 
> I have to agree with Daniel here. I've just done an upgrade and rebooted 
> without any problems.
> 
> [molloyt@nogs ~]$ rpm -qa --last | grep selinux
> selinux-policy-targeted-3.5.13-46.fc10        Tue Mar  3 08:13:10 2009
> selinux-policy-3.5.13-46.fc10                 Tue Mar  3 08:12:51 2009
> 
> 

There are other problems now and it seems to depend on the setup on each
machine - on one machine I am now getting an avc denial with:

"Summary
SELinux is preventing procmail (procmail_t) "write" to ./tmp (usr_t). 
Detailed Description
SELinux denied access requested by procmail. It is not expected that this
access is required by procmail and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of
the application is causing it to require additional access. 
Allowing Access
Sometimes labeling problems can cause SELinux denials. You could try to
restore the default system file context for ./tmp, restorecon -v './tmp' If
this does not work, there is currently no automatic way to allow this
access. Instead, you can generate a local policy module to allow this access
- see FAQ Or you can disable SELinux protection altogether. Disabling
SELinux protection is not recommended. Please file a bug report against this
package. 
Additional Information
Source Context:  system_u:system_r:procmail_t:s0
Target Context:  system_u:object_r:usr_t:s0
Target Objects:  ./tmp [ dir ]
Source:  procmail
Source Path:  /usr/bin/procmail"

I have rebooted and I have restorecon -vR /home as user - and of course this
refers to ./tmp which is not in my home area so there is somewhere else that
there is a wrongly set tmp directory now - and I can't find it!

This is not good - really not good.
-- 
View this message in context: http://www.nabble.com/selinux-policy-3.5.13-46.fc10.noarch---slight-hiccup%21-tp22296524p22305312.html
Sent from the Fedora List mailing list archive at Nabble.com.


-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux