(Disclaimer: SELinux haters please reserve your bile for one of the
other many many long "SELinux-sux" threads ... this isn't intended as
one of them as I like SELinux and just want to provide my feedback to
make it better.)
Well ... I didn't put selinux in permissive mode when I did a yum
upgrade. Partially to tempt fate; partially because I figured it
should work regardless.; partially because I forgot :]
Things seem to be working OK but there are a couple of glitches that I
am trying to track down yet.
So here are the setroubleshoot errors that appeared in my logs for the
complete yum upgrade:
Nov 9 02:39:19 localhost setroubleshoot: SELinux is preventing
/sbin/ldconfig (ldconfig_t) "write" to ldconfig (var_t). For
complete SELinux messages. run sealert -l
1594b6a8-1f16-44c9-b7ee-f5ef4621257f
Nov 9 02:41:56 localhost setroubleshoot: SELinux is preventing
/sbin/restorecon (restorecon_t) "write" to pipe:[50470] (rpm_t).
For complete SELinux messages. run sealert -l
6caaa2ac-84bb-4962-a78e-b10e24f8fef0
Nov 9 02:51:46 localhost setroubleshoot: SELinux is preventing
/usr/sbin/nscd (nscd_t) "write" to pipe:[50470] (rpm_t). For
complete SELinux messages. run sealert -l
e7ace06a-0a4b-4832-bdac-1f538535f5a3
Nov 9 02:51:46 localhost setroubleshoot: SELinux is preventing
semanage (semanage_t) "write" to pipe:[50470] (rpm_t). For
complete SELinux messages. run sealert -l
e2c86088-44f8-4e9b-b71c-d1ea72a2b3d3
Nov 9 02:52:14 localhost setroubleshoot: SELinux is preventing
/usr/sbin/useradd (useradd_t) "read write" to faillog (var_log_t).
For complete SELinux messages. run sealert -l
de30be19-d51b-482e-b112-6fa9954a70e9
Nov 9 03:04:27 localhost setroubleshoot: SELinux is preventing
/usr/sbin/semodule (semanage_t) "write" to pipe:[50470] (rpm_t).
For complete SELinux messages. run sealert -l
e2c86088-44f8-4e9b-b71c-d1ea72a2b3d3
Nov 9 03:09:36 localhost setroubleshoot: SELinux prevented
/sbin/setfiles from using the terminal 0. For complete SELinux
messages. run sealert -l 74507fc1-6b02-4285-92d9-d0123f0cea60
Nov 9 03:09:42 localhost setroubleshoot: [rpc.ERROR] exception
DBusException: org.freedesktop.DBus.Error.NoServer: Failed to connect
to socket /var/run/dbus/system_bus_socket: Connection refused
Traceback (most recent call last): File
"/usr/lib/python2.5/site-packages/setroubleshoot/server.py", line 434,
in RunFaultServer setroubleshootd_dbus = SetroubleshootdDBus()
File "/usr/lib/python2.5/site-packages/setroubleshoot/server.py", line
345, in __init__ self.bus = dbus.SystemBus() File
"/usr/lib/python2.5/site-packages/dbus/_dbus.py", line 201, in __new__
private=private) File
"/usr/lib/python2.5/site-packages/dbus/_dbus.py", line 107, in __new__
bus = BusConnection.__new__(subclass, bus_type, mainloop=mainloop)
File "/usr/lib/python2.5/site-packages/dbus/bus.py", line 121, in
__new__ bus = cls._new_for_bus(address_or_type, mainloop=mainloop)
DBusException: org.freedesktop.DBus.Error.NoServer: Failed to connect
to socket /var/run/dbus/system_bus_socket: Connection refused
There were multiple repetitons of each of them (particularly the
ldconfig_t one).
My questions:
1) Should SELinux stay out of the way for a yum upgrade in
enforcing/targetted mode?
2) Is there a straightforward way to go back and reinstall all the
currently installed rpms (while not in enforcing mode) so that some of
these blocked pre-post script activities are allowed to do their
thing? There are just too many affected packages to do this manually.
3) Are these bugzilla-worthy?
/Mike
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
