On 10/28/2009 11:14 AM, Arthur Dent wrote: > On Wed, 2009-10-28 at 08:50 -0400, Daniel J Walsh wrote: >> On 10/28/2009 05:38 AM, Arthur Dent wrote: >>> On Mon, 2009-10-26 at 11:39 -0400, Daniel J Walsh wrote: >>>> On 10/25/2009 09:01 AM, Arthur Dent wrote: >>>>> Hello all, >>>>> >>>>> I got an avc the other day that made me suspect that I might have >>>>> labelling problems on my Fedora 11 box, so I did a "touch /.autorelabel; >>>>> reboot" >>>>> >>>>> The avc turned out to be unrelated to this, but I was a little surprised >>>>> to see the following errors during the relabelling process: >>>>> >>>>> SELinux: initialized (dev sda3, type fuseblk), uses genfs_contexts >>>>> type=1404 audit(1256456979.782:4): enforcing=0 old_enforcing=1 auid=4294967295 ses=4294967295 >>>>> SELinux: Context system_u:object_r:gamin_exec_t:s0 is not valid (left unmapped). >>>>> SELinux: Context system_u:object_r:pppd_script_exec_t:s0 is not valid (left unmapped). >>>>> SELinux: Context system_u:object_r:NetworkManager_script_exec_t:s0 is not valid (left unmapped). >>>>> SELinux: Context system_u:object_r:snmp_script_exec_t:s0 is not valid (left unmapped). >>>>> SELinux: Context system_u:object_r:auditd_script_exec_t:s0 is not valid (left unmapped). >>>>> SELinux: Context system_u:object_r:bluetooth_script_exec_t:s0 is not valid (left unmapped). >>>>> SELinux: Context system_u:object_r:httpd_script_exec_t:s0 is not valid (left unmapped). >>>>> SELinux: Context system_u:object_r:samba_script_exec_t:s0 is not valid (left unmapped). >>>>> SELinux: Context system_u:object_r:nscd_script_exec_t:s0 is not valid (left unmapped). >>>>> SELinux: Context system_u:object_r:tor_script_exec_t:s0 is not valid (left unmapped). >>>>> SELinux: Context system_u:object_r:mysqld_script_exec_t:s0 is not valid (left unmapped). >>>>> SELinux: Context system_u:object_r:openvpn_script_exec_t:s0 is not valid (left unmapped). >>>>> SELinux: Context system_u:object_r:kerneloops_script_exec_t:s0 is not valid (left unmapped). >>>>> SELinux: Context system_u:object_r:ntpd_script_exec_t:s0 is not valid (left unmapped). >>>>> SELinux: Context system_u:object_r:dnsmasq_script_exec_t:s0 is not valid (left unmapped). >>>>> SELinux: Context system_u:object_r:privoxy_script_exec_t:s0 is not valid (left unmapped). >>>>> SELinux: Context system_u:object_r:syslogd_script_exec_t:s0 is not valid (left unmapped). >>>>> SELinux: Context system_u:object_r:fsdaemon_script_exec_t:s0 is not valid (left unmapped). >>>>> SELinux: Context system_u:object_r:setroubleshoot_script_exec_t:s0 is not valid (left unmapped). >>>>> SELinux: Context system_u:object_r:virtd_script_exec_t:s0 is not valid (left unmapped). >>>>> SELinux: Context system_u:object_r:rpcbind_script_exec_t:s0 is not valid (left unmapped). >>>>> type=1404 audit(1256457362.896:5): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 >>>>> Adding 2096440k swap on /dev/sdb10. Priority:-1 extents:1 across:2096440k >>>>> SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses genfs_contexts >>>>> >>>>> >>>>> Should I be concerned? >>>>> >>>>> Thanks for any suggestions... >>>>> >>>>> Mark >>>>> >>>>> p.s. >>>>> >>>>> Latest yum log entries: >>>>> [root@localhost ~]# cat /var/log/yum.log | grep -i selinux >>>>> Oct 14 22:04:23 Updated: selinux-policy-3.6.12-85.fc11.noarch >>>>> Oct 14 22:04:57 Updated: selinux-policy-targeted-3.6.12-85.fc11.noarch >>>>> >>> >>>>> -- >>>>> fedora-selinux-list mailing list >>>>> fedora-selinux-list@xxxxxxxxxx >>>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list >>>> This looks like a mismatch of policy and labels on disk. >>>> >>>> >>>> *_script_exec_t was all changed to *_initrc_exec_t and we do not have all of the aliases defined for these. >>>> >>>> So relabeling is probably a good idea. >>>> >>>> gamin_exec_t has disappeared. >>> >>> OK - I finally got round to doing another relabel - this time in >>> permissive mode (I wanted to watch for error messages and couldn't face >>> the thought of sitting watching little asterisks march across the screen >>> until today). >>> >>> Unfortunately I get exactly the same messages during the relabelling >>> process: >>> SELinux: initialized (dev sdb6, type ext3), uses xattr >>> SELinux: initialized (dev sdb11, type vfat), uses genfs_contexts >>> SELinux: initialized (dev sdb12, type vfat), uses genfs_contexts >>> fuse init (API version 7.11) >>> SELinux: initialized (dev sda3, type fuseblk), uses genfs_contexts >>> SELinux: Context system_u:object_r:gamin_exec_t:s0 is not valid (left unmapped). >>> SELinux: Context system_u:object_r:pppd_script_exec_t:s0 is not valid (left unmapped). >>> SELinux: Context system_u:object_r:NetworkManager_script_exec_t:s0 is not valid (left unmapped). >>> SELinux: Context system_u:object_r:snmp_script_exec_t:s0 is not valid (left unmapped). >>> SELinux: Context system_u:object_r:auditd_script_exec_t:s0 is not valid (left unmapped). >>> SELinux: Context system_u:object_r:bluetooth_script_exec_t:s0 is not valid (left unmapped). >>> SELinux: Context system_u:object_r:httpd_script_exec_t:s0 is not valid (left unmapped). >>> SELinux: Context system_u:object_r:samba_script_exec_t:s0 is not valid (left unmapped). >>> SELinux: Context system_u:object_r:nscd_script_exec_t:s0 is not valid (left unmapped). >>> SELinux: Context system_u:object_r:tor_script_exec_t:s0 is not valid (left unmapped). >>> SELinux: Context system_u:object_r:mysqld_script_exec_t:s0 is not valid (left unmapped). >>> SELinux: Context system_u:object_r:openvpn_script_exec_t:s0 is not valid (left unmapped). >>> SELinux: Context system_u:object_r:kerneloops_script_exec_t:s0 is not valid (left unmapped). >>> SELinux: Context system_u:object_r:ntpd_script_exec_t:s0 is not valid (left unmapped). >>> SELinux: Context system_u:object_r:dnsmasq_script_exec_t:s0 is not valid (left unmapped). >>> SELinux: Context system_u:object_r:privoxy_script_exec_t:s0 is not valid (left unmapped). >>> SELinux: Context system_u:object_r:syslogd_script_exec_t:s0 is not valid (left unmapped). >>> SELinux: Context system_u:object_r:fsdaemon_script_exec_t:s0 is not valid (left unmapped). >>> SELinux: Context system_u:object_r:setroubleshoot_script_exec_t:s0 is not valid (left unmapped). >>> SELinux: Context system_u:object_r:virtd_script_exec_t:s0 is not valid (left unmapped). >>> SELinux: Context system_u:object_r:rpcbind_script_exec_t:s0 is not valid (left unmapped). >>> Adding 2096440k swap on /dev/sdb10. Priority:-1 extents:1 across:2096440k >>> SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses genfs_contexts >>> >>> So now I'm not sure what to do - just ignore it and wait until I rebuild >>> with Fedora 12 - or do something now? >>> >>> Thanks for any advice... >>> >>> Mark >>> >>> >>> >>> >>> -- >>> fedora-selinux-list mailing list >>> fedora-selinux-list@xxxxxxxxxx >>> https://www.redhat.com/mailman/listinfo/fedora-selinux-l >> If you do a load_policy do you see these messages? >> >> What version of policy and which version of the OS are you using? >> > > Hi Daniel, > > Thanks for helping... > > If you look a little further up this thread you will see that I am using > Fedora 11 and... > >> Latest yum log entries: >> [root@localhost ~]# cat /var/log/yum.log | grep -i selinux >> Oct 14 22:04:23 Updated: selinux-policy-3.6.12-85.fc11.noarch >> Oct 14 22:04:57 Updated: selinux-policy-targeted-3.6.12-85.fc11.noarch > > I have not come across "load_policy" before. I just typed "load_policy" > on the command line (as root) and got no errors and no feedback at all. > > From reading the man page for load_policy I presume that this means exit > status 0 - and therefore that all is well with the command? > > What next? > > Thanks for the help so far... > > Mark > > > > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list I guess now reboot and see if you see these errors. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
