On 11/17/2009 03:14 PM, Gene Czarcinski wrote: > On Tuesday 17 November 2009 12:43:58 Jason L Tibbitts III wrote: >>>>>>> "GC" == Gene Czarcinski <gene@xxxxxxxxx> writes: >> >> GC> Quickly?? Ten days to get a package pushed?? >> >> Wow. If you really really want it right this instant and aren't willing >> to wait for the volunteers that provide this operating system to you to >> work through everything they have to do to get Fedora 12 out the door in >> addition to the work of getting updates and such out for Fedora 11 and >> 10, why don't you: >> >> Check the source out of CVS and build it yourself? >> >> Download the build from koji? >> http://koji.fedoraproject.org/koji/packageinfo?packageID=32 and pick a >> build for the OS version you want. Probably >> http://koji.fedoraproject.org/koji/buildinfo?buildID=140508 >> >> It's all made available to you, all the source, the buildsystem, >> everything. If you simply can't wait for the updates process to catch >> up, you have plenty of other means to get the software. >> > > Unfortunately, you have missed the entire point of my email! > > Yes, I can go get an update from koji, or get the source and do it myself, or > simply apply the "fix" suggested by audit2allow, or set permissive mode, or > disable selinux. Any of these would get around the problem. But, this would > not be the "official" selinux-policy package update. > > The problem in https://bugzilla.redhat.com/show_bug.cgi?id=533427 impacts the > abrt package's ability to function properly. The abrt package is a really > good new feature in Fedora 12 and should help resolve problems more quickly > since it provides a lot more information than many users include in the > handcrafted reports (myself included). No it should not. abrt_t is a permissive domain. node=(removed) type=SYSCALL msg=audit(1257529975.949:596): arch=40000003 syscall=39 success=yes exit=0 a0=9779660 a1=1ed a2=38f6868 a3=9259050 items=0 ppid=17113 pid=17114 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="yum" exe="/usr/bin/python" subj=unconfined_u:system_r:abrt_t:s0 key=(null) If you look at the AVC you will see success=yes. Which indicates that the AVC did not block anything. So if abrt is not working properly for some reason, it is not SELinux causing the problem. > > The problem was reported on 6 November 2009 at 13:33 EDT and Dan Walsh > responded on 6 November 2008 at 14:38 EDT (a bit over an hour) that the > problem was fixed in selinux-policy-3.6.32-42.fc12.noarch and the BZ report was > closed as fixed in rawhide (perhaps closing this problem so quickly was an > error). > No the problem was we were frozen while F12 was moving to the Mirrors. I held off on posting an updated selinux-policy package til the last second, so I can fix as many bugs in F12 policy as possible soon after F12 ships (Today). I waited to request the package until I got Mondays AVC's in. Monday is the busiest day of the week for AVC/Bugzillas. Since I do not review them over the weekend. I posted to updates-testing at 2009-11-16 19:36:03 And it now says it is moving to the mirrors. > Today is 17 November 2009 and Fedora 12 is GA but there is no "day zero" fix > for the problem ... not even in updates-testing (last I checked around 1400 > EST). I claim that something in the process of getting fixes out (at least > selinux-policy fixes) is broken. This is what I am trying to get fixed so > users do not set permissive mode or simply disable selinux. > > Gene > > > > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
