Il 02/05/2012 22:54, Daniel J Walsh ha scritto:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/02/2012 04:35 PM, antonio montagnani wrote:
Il 02/05/2012 22:24, Daniel J Walsh ha scritto: On 05/02/2012 04:22 PM,
Adam Williamson wrote:
On Sat, 2012-04-28 at 20:30 +0100, Frank Murphy wrote:
On 28/04/12 20:26, antonio wrote:
I upgraded from F-16 to F-17 Beta, then upgraded to find that I
couldn't delete my own files!!! after disabling Selinux and
enabling it again (i.e. relabeling) everything is o.k.Anybody
experiencing it??
No, but it's good practice to do a relabel after an update. As
policies most likely have changed, even if subtly.
I'm surprised a full relabel wasn't done automatically.
Antonio doesn't really provide much detail on how exactly he
upgraded. I think anaconda-based upgrades do a relabel automatically,
but obviously upgrading via yum won't necessarily do so.
We have not done a full relabel on upgrade,since it could take potentially
a very long time. We could just drop the /.autorelabel file in preupgrade
which would trigger the relabel. I have not heard of other people having
SELinux labeling issues on upgrade, I wish we had the audit.log to see what
the problem was. Dan,
where do I find the audit.log file???
Tnx
/var/log/audit/audit.log
ausearch -m avc
Will extract the parts I care about
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk+hnv0ACgkQrlYvE4MpobNQAwCcDXO81RqSGRnrmloonTDc4Yxz
my8AoNUYPshpqgTcYhcotVi4I3w1XGxJ
=mrUV
-----END PGP SIGNATURE-----
ausearch -m avc
----
time->Sat Apr 14 18:01:38 2012
type=SYSCALL msg=audit(1334419298.900:159): arch=40000003 syscall=11 success=yes exit=0 a0=8aee390 a1=8aee400 a2=8aed980 a3=8aed980 items=0 ppid=20996 pid=20997 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51 sgid=51 fsgid=51 tty=pts0 ses=2 comm="newaliases" exe="/usr/sbin/sendmail.sendmail" subj=unconfined_u:system_r:system_mail_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1334419298.900:159): avc: denied { read } for pid=20997 comm="newaliases" path="/home/antonio" dev=dm-2 ino=1048577 scontext=unconfined_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir
type=AVC msg=audit(1334419298.900:159): avc: denied { read } for pid=20997 comm="newaliases" path="/home/antonio" dev=dm-2 ino=1048577 scontext=unconfined_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir
----
time->Thu Apr 19 18:35:45 2012
type=SYSCALL msg=audit(1334853345.590:66): arch=40000003 syscall=5 success=no exit=-13 a0=81159d0 a1=8000 a2=0 a3=0 items=0 ppid=1 pid=1845 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=system_u:system_r:NetworkManager_t:s0 key=(null)
type=AVC msg=audit(1334853345.590:66): avc: denied { read } for pid=1845 comm="NetworkManager" name="sysctl.conf" dev="dm-1" ino=525148 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:system_conf_t:s0 tclass=file
----
time->Thu Apr 19 18:39:05 2012
type=AVC msg=audit(1334853545.115:41): avc: denied { read } for pid=892 comm="NetworkManager" name="sysctl.conf" dev="dm-1" ino=525148 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:system_conf_t:s0 tclass=file
----
time->Thu Apr 19 21:40:30 2012
type=AVC msg=audit(1334864430.369:41): avc: denied { read } for pid=902 comm="NetworkManager" name="sysctl.conf" dev="dm-1" ino=525148 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:system_conf_t:s0 tclass=file
----
time->Fri Apr 20 07:02:19 2012
type=AVC msg=audit(1334898139.025:41): avc: denied { read } for pid=921 comm="NetworkManager" name="sysctl.conf" dev="dm-1" ino=525148 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:system_conf_t:s0 tclass=file
----
time->Fri Apr 20 18:11:40 2012
type=AVC msg=audit(1334938300.294:43): avc: denied { read } for pid=886 comm="NetworkManager" name="sysctl.conf" dev="dm-1" ino=525148 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:system_conf_t:s0 tclass=file
----
time->Fri Apr 20 22:49:42 2012
type=AVC msg=audit(1334954982.484:40): avc: denied { read } for pid=928 comm="NetworkManager" name="sysctl.conf" dev="dm-1" ino=525148 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:system_conf_t:s0 tclass=file
----
time->Sat Apr 21 07:31:25 2012
type=AVC msg=audit(1334986285.449:40): avc: denied { read } for pid=880 comm="NetworkManager" name="sysctl.conf" dev="dm-1" ino=525148 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:system_conf_t:s0 tclass=file
----
time->Sat Apr 21 10:25:11 2012
type=AVC msg=audit(1334996711.727:44): avc: denied { read } for pid=914 comm="NetworkManager" name="sysctl.conf" dev="dm-1" ino=525148 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:system_conf_t:s0 tclass=file
----
time->Sat Apr 21 12:26:50 2012
type=AVC msg=audit(1335004010.139:41): avc: denied { read } for pid=883 comm="NetworkManager" name="sysctl.conf" dev="dm-1" ino=525148 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:system_conf_t:s0 tclass=file
----
time->Sun Apr 22 07:07:06 2012
type=AVC msg=audit(1335071226.584:41): avc: denied { read } for pid=892 comm="NetworkManager" name="sysctl.conf" dev="dm-1" ino=525148 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:system_conf_t:s0 tclass=file
----
time->Sun Apr 22 08:00:32 2012
type=AVC msg=audit(1335074432.589:40): avc: denied { read } for pid=903 comm="NetworkManager" name="sysctl.conf" dev="dm-1" ino=525148 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:system_conf_t:s0 tclass=file
----
time->Sat Apr 28 19:02:02 2012
type=AVC msg=audit(1335632522.668:9): avc: denied { read } for pid=619 comm="dmesg" name="ld.so.cache" dev="dm-1" ino=525985 scontext=system_u:system_r:dmesg_t:s0 tcontext=unconfined_u:object_r:etc_t:s0 tclass=file
[root@exmarco ~]#
--
Antonio Montagnani
Fedora 17 Beta
Acer 5670
________________________
http://www.campingmonterosa.com
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
