On Wed, 2009-10-28 at 08:50 -0400, Daniel J Walsh wrote: > On 10/28/2009 05:38 AM, Arthur Dent wrote: > > On Mon, 2009-10-26 at 11:39 -0400, Daniel J Walsh wrote: > >> On 10/25/2009 09:01 AM, Arthur Dent wrote: > >>> Hello all, > >>> > >>> I got an avc the other day that made me suspect that I might have > >>> labelling problems on my Fedora 11 box, so I did a "touch /.autorelabel; > >>> reboot" > >>> > >>> The avc turned out to be unrelated to this, but I was a little surprised > >>> to see the following errors during the relabelling process: > >>> > >>> SELinux: initialized (dev sda3, type fuseblk), uses genfs_contexts > >>> type=1404 audit(1256456979.782:4): enforcing=0 old_enforcing=1 auid=4294967295 ses=4294967295 > >>> SELinux: Context system_u:object_r:gamin_exec_t:s0 is not valid (left unmapped). > >>> SELinux: Context system_u:object_r:pppd_script_exec_t:s0 is not valid (left unmapped). > >>> SELinux: Context system_u:object_r:NetworkManager_script_exec_t:s0 is not valid (left unmapped). > >>> SELinux: Context system_u:object_r:snmp_script_exec_t:s0 is not valid (left unmapped). > >>> SELinux: Context system_u:object_r:auditd_script_exec_t:s0 is not valid (left unmapped). > >>> SELinux: Context system_u:object_r:bluetooth_script_exec_t:s0 is not valid (left unmapped). > >>> SELinux: Context system_u:object_r:httpd_script_exec_t:s0 is not valid (left unmapped). > >>> SELinux: Context system_u:object_r:samba_script_exec_t:s0 is not valid (left unmapped). > >>> SELinux: Context system_u:object_r:nscd_script_exec_t:s0 is not valid (left unmapped). > >>> SELinux: Context system_u:object_r:tor_script_exec_t:s0 is not valid (left unmapped). > >>> SELinux: Context system_u:object_r:mysqld_script_exec_t:s0 is not valid (left unmapped). > >>> SELinux: Context system_u:object_r:openvpn_script_exec_t:s0 is not valid (left unmapped). > >>> SELinux: Context system_u:object_r:kerneloops_script_exec_t:s0 is not valid (left unmapped). > >>> SELinux: Context system_u:object_r:ntpd_script_exec_t:s0 is not valid (left unmapped). > >>> SELinux: Context system_u:object_r:dnsmasq_script_exec_t:s0 is not valid (left unmapped). > >>> SELinux: Context system_u:object_r:privoxy_script_exec_t:s0 is not valid (left unmapped). > >>> SELinux: Context system_u:object_r:syslogd_script_exec_t:s0 is not valid (left unmapped). > >>> SELinux: Context system_u:object_r:fsdaemon_script_exec_t:s0 is not valid (left unmapped). > >>> SELinux: Context system_u:object_r:setroubleshoot_script_exec_t:s0 is not valid (left unmapped). > >>> SELinux: Context system_u:object_r:virtd_script_exec_t:s0 is not valid (left unmapped). > >>> SELinux: Context system_u:object_r:rpcbind_script_exec_t:s0 is not valid (left unmapped). > >>> type=1404 audit(1256457362.896:5): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 > >>> Adding 2096440k swap on /dev/sdb10. Priority:-1 extents:1 across:2096440k > >>> SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses genfs_contexts > >>> > >>> > >>> Should I be concerned? > >>> > >>> Thanks for any suggestions... > >>> > >>> Mark > >>> > >>> p.s. > >>> > >>> Latest yum log entries: > >>> [root@localhost ~]# cat /var/log/yum.log | grep -i selinux > >>> Oct 14 22:04:23 Updated: selinux-policy-3.6.12-85.fc11.noarch > >>> Oct 14 22:04:57 Updated: selinux-policy-targeted-3.6.12-85.fc11.noarch > >>> > > > >>> -- > >>> fedora-selinux-list mailing list > >>> fedora-selinux-list@xxxxxxxxxx > >>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list > >> This looks like a mismatch of policy and labels on disk. > >> > >> > >> *_script_exec_t was all changed to *_initrc_exec_t and we do not have all of the aliases defined for these. > >> > >> So relabeling is probably a good idea. > >> > >> gamin_exec_t has disappeared. > > > > OK - I finally got round to doing another relabel - this time in > > permissive mode (I wanted to watch for error messages and couldn't face > > the thought of sitting watching little asterisks march across the screen > > until today). > > > > Unfortunately I get exactly the same messages during the relabelling > > process: > > SELinux: initialized (dev sdb6, type ext3), uses xattr > > SELinux: initialized (dev sdb11, type vfat), uses genfs_contexts > > SELinux: initialized (dev sdb12, type vfat), uses genfs_contexts > > fuse init (API version 7.11) > > SELinux: initialized (dev sda3, type fuseblk), uses genfs_contexts > > SELinux: Context system_u:object_r:gamin_exec_t:s0 is not valid (left unmapped). > > SELinux: Context system_u:object_r:pppd_script_exec_t:s0 is not valid (left unmapped). > > SELinux: Context system_u:object_r:NetworkManager_script_exec_t:s0 is not valid (left unmapped). > > SELinux: Context system_u:object_r:snmp_script_exec_t:s0 is not valid (left unmapped). > > SELinux: Context system_u:object_r:auditd_script_exec_t:s0 is not valid (left unmapped). > > SELinux: Context system_u:object_r:bluetooth_script_exec_t:s0 is not valid (left unmapped). > > SELinux: Context system_u:object_r:httpd_script_exec_t:s0 is not valid (left unmapped). > > SELinux: Context system_u:object_r:samba_script_exec_t:s0 is not valid (left unmapped). > > SELinux: Context system_u:object_r:nscd_script_exec_t:s0 is not valid (left unmapped). > > SELinux: Context system_u:object_r:tor_script_exec_t:s0 is not valid (left unmapped). > > SELinux: Context system_u:object_r:mysqld_script_exec_t:s0 is not valid (left unmapped). > > SELinux: Context system_u:object_r:openvpn_script_exec_t:s0 is not valid (left unmapped). > > SELinux: Context system_u:object_r:kerneloops_script_exec_t:s0 is not valid (left unmapped). > > SELinux: Context system_u:object_r:ntpd_script_exec_t:s0 is not valid (left unmapped). > > SELinux: Context system_u:object_r:dnsmasq_script_exec_t:s0 is not valid (left unmapped). > > SELinux: Context system_u:object_r:privoxy_script_exec_t:s0 is not valid (left unmapped). > > SELinux: Context system_u:object_r:syslogd_script_exec_t:s0 is not valid (left unmapped). > > SELinux: Context system_u:object_r:fsdaemon_script_exec_t:s0 is not valid (left unmapped). > > SELinux: Context system_u:object_r:setroubleshoot_script_exec_t:s0 is not valid (left unmapped). > > SELinux: Context system_u:object_r:virtd_script_exec_t:s0 is not valid (left unmapped). > > SELinux: Context system_u:object_r:rpcbind_script_exec_t:s0 is not valid (left unmapped). > > Adding 2096440k swap on /dev/sdb10. Priority:-1 extents:1 across:2096440k > > SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses genfs_contexts > > > > So now I'm not sure what to do - just ignore it and wait until I rebuild > > with Fedora 12 - or do something now? > > > > Thanks for any advice... > > > > Mark > > > > > > > > > > -- > > fedora-selinux-list mailing list > > fedora-selinux-list@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/fedora-selinux-l > If you do a load_policy do you see these messages? > > What version of policy and which version of the OS are you using? > Hi Daniel, Thanks for helping... If you look a little further up this thread you will see that I am using Fedora 11 and... >Latest yum log entries: >[root@localhost ~]# cat /var/log/yum.log | grep -i selinux >Oct 14 22:04:23 Updated: selinux-policy-3.6.12-85.fc11.noarch >Oct 14 22:04:57 Updated: selinux-policy-targeted-3.6.12-85.fc11.noarch I have not come across "load_policy" before. I just typed "load_policy" on the command line (as root) and got no errors and no feedback at all. From reading the man page for load_policy I presume that this means exit status 0 - and therefore that all is well with the command? What next? Thanks for the help so far... Mark
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
