Daniel J Walsh wrote:
>
> On 11/26/2014 02:11 PM, m.roth@xxxxxxxxx wrote:
>> Tristan Santore wrote:
>>> On 26/11/14 18:53, m.roth@xxxxxxxxx wrote:
>>>> Tristan Santore wrote:
>>>>> On 26/11/14 18:44, m.roth@xxxxxxxxx wrote:
>>>>>> The admin I work with and I have been updated our CentOS servers to
>>>>>> 6.6. One server that's been running for years, with no issues (it is
>>>>>> in permissive, also), got updated...
>>>>>>
>>>>>> Nov 25 17:26:56 Updated: kexec-tools-2.0.0-280.el6.x86_64
>>>>>> <many, many, many lines of asterisks elided>
>>>>>> Nov 26 01:10:52 Updated:
>>>>>> selinux-policy-targeted-3.7.19-260.el6.noarch
>>>>>> Nov 26 01:10:56 Updated: coolkey-1.1.0-32.el6.x86_64
>>>>>>
>>>>>> Yes, that *is* about 7.5 *hours* to install that policy. I can only
>>>>>> guess that for some reason, it decided to relabel the *ENTIRE*
>>>>>> system.
<snip>
>>>> Nope. A RAID 1 w/ 914G, 37% used. Don't tell me it tried to do any
>>>> NFS-mounted stuff, that I can't believe.
<snip>
> I have no idea why it would have done this. There is an algorithm that
> does a diff between the previous file context and the new and then
> relabels the difference.
That's more or less what I thought.
>
> This could trigger a relabel of /usr or /var. The relabel should
> figure out you are on a NFS share and bale out.
>
> Are there lots of files on a file system other then an NFS share?
>
There are a fair number - find / | wc -l has been running for more than
five minutes now. One thing that is on this system are backups of /etc
from all 170+ servers and workstations, as well as of some home
directories....
But none of our other servers did that, and some include backup of home
directories.
mark
mark
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
