-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andrew Farris wrote:
> On Mon, Mar 17, 2008 at 7:33 AM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>>
>> Andrew Farris wrote:
>> > These happen on two machines during updates, I'm also noticing many
>> > %post scriptlets failing when these pop up, though I don't know if
>> > they are related or not.
>
>> > Raw Audit Messages
>> >
>> > host=durthangnix type=AVC msg=audit(1205476368.460:1339): avc: denied
>> > { transition } for pid=28100 comm="yum" path="/sbin/ldconfig"
>> > dev=sda3 ino=858775 scontext=user_u:system_r:bootloader_t:s0
>> > tcontext=user_u:system_r:rpm_script_t:s0 tclass=process
>> >
>> > host=durthangnix type=SYSCALL msg=audit(1205476368.460:1339):
>> > arch=c000003e syscall=59 success=no exit=-13 a0=7ff2034c2aca
>> > a1=7fff1bd22350 a2=7ff20aa927d0 a3=3b8896c9f0 items=0 ppid=27144
>> > pid=28100 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
>> > fsgid=0 tty=pts1 ses=4 comm="yum" exe="/usr/bin/python"
>> > subj=user_u:system_r:bootloader_t:s0 key=(null)
>> >
>
>> > Raw Audit Messages
>> >
>> > host=durthangnix type=AVC msg=audit(1205476368.64:1338): avc: denied
>> > { transition } for pid=28099 comm="yum" path="/bin/bash" dev=sda3
>> > ino=835647 scontext=user_u:system_r:bootloader_t:s0
>> > tcontext=user_u:system_r:rpm_script_t:s0 tclass=process
>> >
>> > host=durthangnix type=SYSCALL msg=audit(1205476368.64:1338):
>> > arch=c000003e syscall=59 success=no exit=-13 a0=7ff20063e90d
>> > a1=7fff1bd22350 a2=7ff20aa927d0 a3=3b8896c9f0 items=0 ppid=27144
>> > pid=28099 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
>> > fsgid=0 tty=pts1 ses=4 comm="yum" exe="/usr/bin/python"
>> > subj=user_u:system_r:bootloader_t:s0 key=(null)
>> >
>> >
>> >
>> THis looks like you are logged in as bootloader_t? Something is very
>> wrong with your system.
>>
>> What does
>> id -Z
>>
>> Show?
>
> On one system I am logged in as bootloader_t:
> My user id -Z: user_u:system_r:bootloader_t:s0
> And root (su - from my user): user_u:system_r:bootloader_t:s0
>
> On the other system I am not, instead I am:
> unconfined_u:unconfined_r:unconfined_t:SystemLow-SystemHigh
>
> The first is kernel-2.6.25-0.121.rc5.git4.fc9.x86_64 and look at this:
>
> 04:11:39 |root.durthangnix:1| |28 files:848K@yum| |0 jobs|
> - rpm -q selinux-policy-targeted
> package selinux-policy-targeted is not installed
>
> 04:12:00 |root.durthangnix:1| |28 files:848K@yum| |0 jobs|
> - rpm -qa | grep selinux
> libselinux-python-2.0.57-1.fc9.x86_64
> libselinux-2.0.59-1.fc9.x86_64
> selinux-policy-3.3.1-16.fc9.noarch
> selinux-policy-devel-3.3.1-16.fc9.noarch
> libselinux-2.0.57-1.fc9.x86_64
> libselinux-python-2.0.59-1.fc9.x86_64
> libselinux-2.0.59-1.fc9.i386
> selinux-policy-3.3.1-14.fc9.noarch
>
> 04:12:08 |root.durthangnix:1| |28 files:848K@yum| |0 jobs|
> - yum list selinux-policy-targeted
> Loaded plugins: basearchonly, fastestmirror, fedorakmod, priorities, security,
> : versionlock
> Loading mirror speeds from cached hostfile
> * livna-development: mirrors.tummy.com
> * livna-development-debuginfo: mirrors.tummy.com
> * rawhide: limestone.uoregon.edu
> * upstart-debuginfo: notting.fedorapeople.org
> * upstart: notting.fedorapeople.org
> Reading version lock configuration
> Available Packages
> selinux-policy-targeted.noarch 3.3.1-16.fc9 rawhide
>
> 04:12:36 |root.durthangnix:1| |28 files:848K@yum| |0 jobs|
> - cat /etc/sysconfig/selinux
>
> # This file controls the state of SELinux on the system.
> # SELINUX= can take one of these three values:
> # enforcing - SELinux security policy is enforced.
> # permissive - SELinux prints warnings instead of enforcing.
> # disabled - No SELinux policy is loaded.
> SELINUX=enforcing
> # SELINUXTYPE= can take one of these two values:
> # targeted - Targeted processes are protected,
> # mls - Multi Level Security protection.
> SELINUXTYPE=targeted
> # SETLOCALDEFS= Check local definition changes
> SETLOCALDEFS=0
>
> So the configured policy is not even installed... it was previously,
> so I'm not sure where it went. This is from /var/log/yum.log:
> - cat /var/log/yum.log | grep selinux
> Mar 13 23:21:49 Updated: selinux-policy-3.3.1-16.fc9.noarch
> Mar 13 23:24:46 Updated: selinux-policy-targeted-3.3.1-16.fc9.noarch
> Mar 13 23:24:51 Updated: selinux-policy-devel-3.3.1-16.fc9.noarch
> Mar 13 23:31:17 selinux-policy-targeted: ts_done name in te is yum
> should be selinux-policy-targeted
> Mar 13 23:31:17 rpm: ts_done name in te is selinux-policy-targeted should be rpm
> Mar 13 23:31:20 selinux-policy-devel: ts_done name in te is
> totem-gstreamer should be selinux-policy-devel
> Mar 13 23:31:49 xulrunner-debuginfo: ts_done name in te is
> selinux-policy-devel should be xulrunner-debuginfo
> Mar 13 23:32:37 selinux-policy: ts_done name in te is mesa-libGL
> should be selinux-policy
> Mar 13 23:32:49 pulseaudio-module-gconf: ts_done name in te is
> selinux-policy should be pulseaudio-module-gconf
>
> The second system does have selinux-policy-targeted installed and
> thats the one chosen in config. This is the system that is logged in
> unconfined.
>
>> You might need to relabel. Are you using a different login program?
>
> Was logged in from gdm on both systems, AFTER a fresh autorelabel on
> both that I did yesterday. I'll try it again after I pull today's
> updates and autorelabel.
>
Well install selinux-policy-targeted on both machine/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkfe4goACgkQrlYvE4MpobOYKQCfSfrZO5FVfaHtv2b2qv3p1mRX
8FoAoOl2dMK7mOv9jVTEmETp63X7Y1y8
=u4SZ
-----END PGP SIGNATURE-----
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
