Re: BZ 533427

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/17/2009 03:14 PM, Gene Czarcinski wrote:
> On Tuesday 17 November 2009 12:43:58 Jason L Tibbitts III wrote:
>>>>>>> "GC" == Gene Czarcinski <gene@xxxxxxxxx> writes:
>>
>> GC> Quickly??  Ten days to get a package pushed??
>>
>> Wow.  If you really really want it right this instant and aren't willing
>> to wait for the volunteers that provide this operating system to you to
>> work through everything they have to do to get Fedora 12 out the door in
>> addition to the work of getting updates and such out for Fedora 11 and
>> 10, why don't you:
>>
>> Check the source out of CVS and build it yourself?
>>
>> Download the build from koji?
>> http://koji.fedoraproject.org/koji/packageinfo?packageID=32 and pick a
>> build for the OS version you want.  Probably
>> http://koji.fedoraproject.org/koji/buildinfo?buildID=140508
>>
>> It's all made available to you, all the source, the buildsystem,
>> everything.  If you simply can't wait for the updates process to catch
>> up, you have plenty of other means to get the software.
>>
> 
> Unfortunately, you have missed the entire point of my email!
> 
> Yes, I can go get an update from koji, or get the source and do it myself, or 
> simply apply the "fix" suggested by audit2allow, or set permissive mode, or 
> disable selinux.  Any of these would get around the problem.  But, this would 
> not be the "official" selinux-policy package update.
> 
> The problem in https://bugzilla.redhat.com/show_bug.cgi?id=533427 impacts the 
> abrt package's ability to function properly.  The abrt package is a really 
> good new feature in Fedora 12 and should help resolve problems more quickly 
> since it provides a lot more information than many users include in the 
> handcrafted reports (myself included).
No it should not.  abrt_t is a permissive domain.

node=(removed) type=SYSCALL msg=audit(1257529975.949:596): arch=40000003
syscall=39 success=yes exit=0 a0=9779660 a1=1ed a2=38f6868 a3=9259050 items=0
ppid=17113 pid=17114 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=(none) ses=2 comm="yum" exe="/usr/bin/python"
subj=unconfined_u:system_r:abrt_t:s0 key=(null)

If you look at the AVC you will see success=yes.  Which indicates that the AVC did not block anything.
So if abrt is not working properly for some reason, it is not SELinux causing the problem.
> 
> The problem was reported on 6 November 2009 at 13:33 EDT and Dan Walsh 
> responded on 6 November 2008 at 14:38 EDT (a bit over an hour) that the 
> problem was fixed in selinux-policy-3.6.32-42.fc12.noarch and the BZ report was 
> closed as fixed in rawhide (perhaps closing this problem so quickly was an 
> error).
> 
No the problem was we were frozen while F12 was moving to the Mirrors.  I held off on posting an updated selinux-policy package til the last second, so I can fix as many bugs in F12 policy as possible soon after F12 ships (Today).  I waited to request the package until I got Mondays AVC's in.  Monday is the busiest day of the week for AVC/Bugzillas. Since I do not review them over the weekend.
I posted to updates-testing at 2009-11-16 19:36:03  And it now says it is moving to the mirrors.

> Today is 17 November 2009 and Fedora 12 is GA but there is no "day zero" fix 
> for the problem ... not even in updates-testing (last I checked around 1400 
> EST).  I claim that something in the process of getting fixes out (at least 
> selinux-policy fixes) is broken.  This is what I am trying to get fixed so 
> users do not set permissive mode or simply disable selinux.
> 
> Gene
> 


> 
> 
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux