Got a bunch of AVCs whilst installing these updates today:
Nov 22 07:50:15 Updated: bind-libs - 32:9.5.0-18.a7.fc8.x86_64
Nov 22 07:50:17 Updated: pilot-link - 2:0.12.2-7.fc8.x86_64
Nov 22 07:50:20 Updated: bind - 32:9.5.0-18.a7.fc8.x86_64
Nov 22 07:50:22 Updated: smolt - 1.0-1.fc8.noarch
Nov 22 07:50:25 Updated: system-config-firewall-tui - 1.0.11-1.fc8.noarch
Nov 22 07:50:25 Updated: bind-utils - 32:9.5.0-18.a7.fc8.x86_64
Nov 22 07:50:29 Updated: system-config-firewall - 1.0.11-1.fc8.noarch
Nov 22 07:50:29 Updated: smolt-firstboot - 1.0-1.fc8.noarch
Nov 22 07:50:35 Updated: bind-chroot - 32:9.5.0-18.a7.fc8.x86_64
Nov 22 07:50:37 Updated: setroubleshoot-plugins - 1.10.4-1.fc8.noarch
Nov 22 07:50:38 Updated: libao - 0.8.8-2.fc8.x86_64
Nov 22 07:50:40 Updated: pilot-link - 2:0.12.2-7.fc8.i386
Piping the AVCs into audit2allow -R yielded:
require {
type named_conf_t;
type setfiles_t;
type proc_t;
class lnk_file relabelfrom;
class dir relabelfrom;
class file relabelfrom;
class filesystem associate;
}
#============= named_conf_t ==============
allow named_conf_t proc_t:filesystem associate;
#============= setfiles_t ==============
allow setfiles_t self:dir relabelfrom;
allow setfiles_t self:file relabelfrom;
allow setfiles_t self:lnk_file relabelfrom;
kernel_getattr_core_if(setfiles_t)
kernel_getattr_message_if(setfiles_t)
kernel_read_device_sysctls(setfiles_t)
kernel_read_kernel_sysctls(setfiles_t)
kernel_read_net_sysctls(setfiles_t)
kernel_read_software_raid_state(setfiles_t)
kernel_read_vm_sysctls(setfiles_t)
As far as I can see, the updates installed OK.
I can post the raw audit messages if it's useful.
Paul.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
