Re: Relabelling issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/25/2009 09:01 AM, Arthur Dent wrote:
> Hello all,
> 
> I got an avc the other day that made me suspect that I might have
> labelling problems on my Fedora 11 box, so I did a "touch /.autorelabel;
> reboot"
> 
> The avc turned out to be unrelated to this, but I was a little surprised
> to see the following errors during the relabelling process:
> 
> SELinux: initialized (dev sda3, type fuseblk), uses genfs_contexts
> type=1404 audit(1256456979.782:4): enforcing=0 old_enforcing=1 auid=4294967295 ses=4294967295
> SELinux:  Context system_u:object_r:gamin_exec_t:s0 is not valid (left unmapped).
> SELinux:  Context system_u:object_r:pppd_script_exec_t:s0 is not valid (left unmapped).
> SELinux:  Context system_u:object_r:NetworkManager_script_exec_t:s0 is not valid (left unmapped).
> SELinux:  Context system_u:object_r:snmp_script_exec_t:s0 is not valid (left unmapped).
> SELinux:  Context system_u:object_r:auditd_script_exec_t:s0 is not valid (left unmapped).
> SELinux:  Context system_u:object_r:bluetooth_script_exec_t:s0 is not valid (left unmapped).
> SELinux:  Context system_u:object_r:httpd_script_exec_t:s0 is not valid (left unmapped).
> SELinux:  Context system_u:object_r:samba_script_exec_t:s0 is not valid (left unmapped).
> SELinux:  Context system_u:object_r:nscd_script_exec_t:s0 is not valid (left unmapped).
> SELinux:  Context system_u:object_r:tor_script_exec_t:s0 is not valid (left unmapped).
> SELinux:  Context system_u:object_r:mysqld_script_exec_t:s0 is not valid (left unmapped).
> SELinux:  Context system_u:object_r:openvpn_script_exec_t:s0 is not valid (left unmapped).
> SELinux:  Context system_u:object_r:kerneloops_script_exec_t:s0 is not valid (left unmapped).
> SELinux:  Context system_u:object_r:ntpd_script_exec_t:s0 is not valid (left unmapped).
> SELinux:  Context system_u:object_r:dnsmasq_script_exec_t:s0 is not valid (left unmapped).
> SELinux:  Context system_u:object_r:privoxy_script_exec_t:s0 is not valid (left unmapped).
> SELinux:  Context system_u:object_r:syslogd_script_exec_t:s0 is not valid (left unmapped).
> SELinux:  Context system_u:object_r:fsdaemon_script_exec_t:s0 is not valid (left unmapped).
> SELinux:  Context system_u:object_r:setroubleshoot_script_exec_t:s0 is not valid (left unmapped).
> SELinux:  Context system_u:object_r:virtd_script_exec_t:s0 is not valid (left unmapped).
> SELinux:  Context system_u:object_r:rpcbind_script_exec_t:s0 is not valid (left unmapped).
> type=1404 audit(1256457362.896:5): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295
> Adding 2096440k swap on /dev/sdb10.  Priority:-1 extents:1 across:2096440k 
> SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses genfs_contexts
> 
> 
> Should I be concerned?
> 
> Thanks for any suggestions...
> 
> Mark
> 
> p.s.
> 
> Latest yum log entries:
> [root@localhost ~]# cat /var/log/yum.log | grep -i selinux
> Aug 08 21:05:15 Updated: selinux-policy-3.6.12-69.fc11.noarch
> Aug 08 21:08:51 Updated: selinux-policy-targeted-3.6.12-69.fc11.noarch
> Aug 12 13:28:30 Updated: selinux-policy-3.6.12-72.fc11.noarch
> Aug 12 13:29:05 Updated: selinux-policy-targeted-3.6.12-72.fc11.noarch
> Aug 22 10:31:50 Updated: selinux-policy-3.6.12-78.fc11.noarch
> Aug 22 10:32:25 Updated: selinux-policy-targeted-3.6.12-78.fc11.noarch
> Aug 29 16:17:14 Updated: selinux-policy-3.6.12-80.fc11.noarch
> Aug 29 16:17:48 Updated: selinux-policy-targeted-3.6.12-80.fc11.noarch
> Sep 07 18:20:34 Updated: selinux-policy-3.6.12-81.fc11.noarch
> Sep 07 18:21:09 Updated: selinux-policy-targeted-3.6.12-81.fc11.noarch
> Sep 12 09:31:35 Updated: selinux-policy-3.6.12-82.fc11.noarch
> Sep 12 09:32:08 Updated: selinux-policy-targeted-3.6.12-82.fc11.noarch
> Oct 01 19:43:02 Updated: selinux-policy-3.6.12-83.fc11.noarch
> Oct 01 19:43:35 Updated: selinux-policy-targeted-3.6.12-83.fc11.noarch
> Oct 14 22:04:23 Updated: selinux-policy-3.6.12-85.fc11.noarch
> Oct 14 22:04:57 Updated: selinux-policy-targeted-3.6.12-85.fc11.noarch
> 
> 
> 
> 
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
This looks like a mismatch of policy and labels on disk.


*_script_exec_t was all changed to *_initrc_exec_t and we do not have all of the aliases defined for these.

So relabeling is probably a good idea.

gamin_exec_t has disappeared. 

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux