On 14/03/13 06:23, Gordon Messmer wrote:
> On 03/12/2013 04:07 PM, Kahlil Hodgson wrote:
>> If you are upgrading from 6.3 to 6.4 and you use shorewall, you will
>> want to run
>>
>> restorecon -Rv /sbin
>
> That's odd. Part of the selinux postinstall script involves running
> "fixfiles" on any files whose context has changed. I confirmed that the
> iptables contexts changed when I ran restorecon on one system, but I
> can't understand why they weren't fixed by the postinstall script.
My thoughts exactly. Just doubled checked the postinstall script and
can't see any obvious bugs. Hmmm ...
If I compare the old and new file_context files ...
<rizo:~> diff file_contexts.new file_contexts.old | grep ip6?tables-multi
> /sbin/ip6?tables-multi -- system_u:object_r:iptables_exec_t:s0
< /sbin/ip6?tables-multi.* -- system_u:object_r:iptables_exec_t:s0
so the postinstall script runs (esentially)
fixfiles -C file_contexts.old restore
which tries to fix the context for a /sbin/ip6?tables-multi which does
not exist on the updated system (which now uses alternatives trickery to
version these).
K
--
Kahlil (Kal) Hodgson GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty Ltd (w) +61 (0) 3 9008 5281
Suite 1415
401 Docklands Drive
Docklands VIC 3008 Australia
"All parts should go together without forcing. You must remember that
the parts you are reassembling were disassembled by you. Therefore,
if you can't get them together again, there must be a reason. By all
means, do not use a hammer." -- IBM maintenance manual, 1925
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
