Tom London wrote:
The warnings seem to be caused by 'rpm' not assigning the proper contexts to 'installed' files.
The 'FATAL' message from 'mkinitrd' seems to be due to a problem with 'ulimit' defaults.
A workaround until fixed, install/update kernel only in permissive mode, and make sure you do a 'ulimit -l unlimited' before running 'yum' (so you'll enter 'setenforce 0; ulimit -l unlimited'). I think you'll still get the warnings, but the command will succeed without the fatal error.
<snip>
<snip>-------------------------------------- * From: Richard Hally <rhallyx mindspring com> * To: fedora-selinux-list redhat com * Subject: avc denied from kernel 427 update * Date: Sun, 13 Jun 2004 02:29:05 -0400
Below a few of the over 100 warning and error messages from doing yum update today.(6/12/04) Of the ones that didn't scroll off, they are all about the 427/build directory tree.
This is in enforcing mode using the most recent strict policy that existed before todays update to
selinux-policy-strict-sources-1.13.4-5. The avc denied messages are further below.
HTH
Richard Hally
Thanks for the reminders about ulimit and resetting file contexts after an update of policy.
My simplistic approach is: setenforce 0 rpm -e kernel-2.6.6-1.427 ulimit -l unlimited yum install kernel reboot single enforcing=0 (with the 422 kernel, the 427 kernel is FUBAR)
fixfiles relabel rpm -e kernel-2.6.6-1.427 ! Richard Hally
