On 10/25/2009 09:01 AM, Arthur Dent wrote: > Hello all, > > I got an avc the other day that made me suspect that I might have > labelling problems on my Fedora 11 box, so I did a "touch /.autorelabel; > reboot" > > The avc turned out to be unrelated to this, but I was a little surprised > to see the following errors during the relabelling process: > > SELinux: initialized (dev sda3, type fuseblk), uses genfs_contexts > type=1404 audit(1256456979.782:4): enforcing=0 old_enforcing=1 auid=4294967295 ses=4294967295 > SELinux: Context system_u:object_r:gamin_exec_t:s0 is not valid (left unmapped). > SELinux: Context system_u:object_r:pppd_script_exec_t:s0 is not valid (left unmapped). > SELinux: Context system_u:object_r:NetworkManager_script_exec_t:s0 is not valid (left unmapped). > SELinux: Context system_u:object_r:snmp_script_exec_t:s0 is not valid (left unmapped). > SELinux: Context system_u:object_r:auditd_script_exec_t:s0 is not valid (left unmapped). > SELinux: Context system_u:object_r:bluetooth_script_exec_t:s0 is not valid (left unmapped). > SELinux: Context system_u:object_r:httpd_script_exec_t:s0 is not valid (left unmapped). > SELinux: Context system_u:object_r:samba_script_exec_t:s0 is not valid (left unmapped). > SELinux: Context system_u:object_r:nscd_script_exec_t:s0 is not valid (left unmapped). > SELinux: Context system_u:object_r:tor_script_exec_t:s0 is not valid (left unmapped). > SELinux: Context system_u:object_r:mysqld_script_exec_t:s0 is not valid (left unmapped). > SELinux: Context system_u:object_r:openvpn_script_exec_t:s0 is not valid (left unmapped). > SELinux: Context system_u:object_r:kerneloops_script_exec_t:s0 is not valid (left unmapped). > SELinux: Context system_u:object_r:ntpd_script_exec_t:s0 is not valid (left unmapped). > SELinux: Context system_u:object_r:dnsmasq_script_exec_t:s0 is not valid (left unmapped). > SELinux: Context system_u:object_r:privoxy_script_exec_t:s0 is not valid (left unmapped). > SELinux: Context system_u:object_r:syslogd_script_exec_t:s0 is not valid (left unmapped). > SELinux: Context system_u:object_r:fsdaemon_script_exec_t:s0 is not valid (left unmapped). > SELinux: Context system_u:object_r:setroubleshoot_script_exec_t:s0 is not valid (left unmapped). > SELinux: Context system_u:object_r:virtd_script_exec_t:s0 is not valid (left unmapped). > SELinux: Context system_u:object_r:rpcbind_script_exec_t:s0 is not valid (left unmapped). > type=1404 audit(1256457362.896:5): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 > Adding 2096440k swap on /dev/sdb10. Priority:-1 extents:1 across:2096440k > SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses genfs_contexts > > > Should I be concerned? > > Thanks for any suggestions... > > Mark > > p.s. > > Latest yum log entries: > [root@localhost ~]# cat /var/log/yum.log | grep -i selinux > Aug 08 21:05:15 Updated: selinux-policy-3.6.12-69.fc11.noarch > Aug 08 21:08:51 Updated: selinux-policy-targeted-3.6.12-69.fc11.noarch > Aug 12 13:28:30 Updated: selinux-policy-3.6.12-72.fc11.noarch > Aug 12 13:29:05 Updated: selinux-policy-targeted-3.6.12-72.fc11.noarch > Aug 22 10:31:50 Updated: selinux-policy-3.6.12-78.fc11.noarch > Aug 22 10:32:25 Updated: selinux-policy-targeted-3.6.12-78.fc11.noarch > Aug 29 16:17:14 Updated: selinux-policy-3.6.12-80.fc11.noarch > Aug 29 16:17:48 Updated: selinux-policy-targeted-3.6.12-80.fc11.noarch > Sep 07 18:20:34 Updated: selinux-policy-3.6.12-81.fc11.noarch > Sep 07 18:21:09 Updated: selinux-policy-targeted-3.6.12-81.fc11.noarch > Sep 12 09:31:35 Updated: selinux-policy-3.6.12-82.fc11.noarch > Sep 12 09:32:08 Updated: selinux-policy-targeted-3.6.12-82.fc11.noarch > Oct 01 19:43:02 Updated: selinux-policy-3.6.12-83.fc11.noarch > Oct 01 19:43:35 Updated: selinux-policy-targeted-3.6.12-83.fc11.noarch > Oct 14 22:04:23 Updated: selinux-policy-3.6.12-85.fc11.noarch > Oct 14 22:04:57 Updated: selinux-policy-targeted-3.6.12-85.fc11.noarch > > > > > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list This looks like a mismatch of policy and labels on disk. *_script_exec_t was all changed to *_initrc_exec_t and we do not have all of the aliases defined for these. So relabeling is probably a good idea. gamin_exec_t has disappeared. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
