Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Review Request: cyphesis - WorldForge game server https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200976 ------- Additional Comments From wart@xxxxxxxxxx 2006-08-05 19:02 EST ------- (In reply to comment #21) > (In reply to comment #18) > > When the -selinux subpackage is installed on a system with selinux disabled, > > then semanage will spit out error messages of the sort: > > > > libsepol.context_from_record: MLS is enabled, but no MLS context found > > libsepol.context_from_record: could not create context structure > > libsepol.port_from_record: could not create port structure for range 6767:6767 > (tcp) > > libsepol.sepol_port_modify: could not load port range 6767 - 6767 (tcp) > > libsemanage.dbase_policydb_modify: could not modify record value > > libsemanage.semanage_base_merge_components: could not merge local modifications > > into policy > > /usr/sbin/semanage: Could not add port tcp/6767 > > > > Redirecting the output of semanage to /dev/null should silence these warnings. > > > > The use of semanage isn't described in the selinux module guidelines, but > > perhaps it should be, with a note to redirect stderr. > > Perhaps that sort of thing should be on the parent page (SELinux) rather than > the SELinux/PolicyModules page since it's not really specific to use with > modules. The parent page will need a fair bit of editing as much of its content > is now in the PolicyModules page. Putting the use of semanage on the parent page is fine, but the PolicyModules page should probably include an example of its usage. However, using semanage in %post and %preun might not be the best place, as the port contexts won't be set if the admin starts with selinux turned off and later turns it on: (turn off selinux and reboot) # yum install cyphesis cyphesis-selinux (turn on selinux and reboot) # service cyphesis start (look in /var/log/messages: Aug 5 16:09:45 localhost kernel: audit(1154819384.688:23): avc: denied { name_bind } for pid=2420 comm="cyphesis" src=6767 scontext=user_u:system_r:cyphesis_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket # semanage port -l | grep cyphesis (no match) Maybe semanage should be called to add/remove the port contexts in the init script instead? Or should semanage be able to set such contexts even if selinux is disabled? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review