-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/02/2012 05:08 PM, antonio montagnani wrote: > Il 02/05/2012 22:54, Daniel J Walsh ha scritto: On 05/02/2012 04:35 PM, > antonio montagnani wrote: >>>> Il 02/05/2012 22:24, Daniel J Walsh ha scritto: On 05/02/2012 04:22 >>>> PM, Adam Williamson wrote: >>>>>>> On Sat, 2012-04-28 at 20:30 +0100, Frank Murphy wrote: >>>>>>>> On 28/04/12 20:26, antonio wrote: >>>>>>>>> I upgraded from F-16 to F-17 Beta, then upgraded to find >>>>>>>>> that I couldn't delete my own files!!! after disabling >>>>>>>>> Selinux and enabling it again (i.e. relabeling) everything >>>>>>>>> is o.k.Anybody experiencing it?? >>>>>>>> >>>>>>>> No, but it's good practice to do a relabel after an update. >>>>>>>> As policies most likely have changed, even if subtly. >>>>>>>> >>>>>>>> I'm surprised a full relabel wasn't done automatically. >>>>>>> >>>>>>> Antonio doesn't really provide much detail on how exactly he >>>>>>> upgraded. I think anaconda-based upgrades do a relabel >>>>>>> automatically, but obviously upgrading via yum won't >>>>>>> necessarily do so. >>>> >>>> We have not done a full relabel on upgrade,since it could take >>>> potentially a very long time. We could just drop the /.autorelabel >>>> file in preupgrade which would trigger the relabel. I have not heard >>>> of other people having SELinux labeling issues on upgrade, I wish we >>>> had the audit.log to see what the problem was. Dan, >>>> >>>> where do I find the audit.log file??? >>>> >>>> Tnx >>>> > > /var/log/audit/audit.log > > ausearch -m avc > > Will extract the parts I care about > >> ausearch -m avc ---- time->Sat Apr 14 18:01:38 2012 type=SYSCALL >> msg=audit(1334419298.900:159): arch=40000003 syscall=11 success=yes >> exit=0 a0=8aee390 a1=8aee400 a2=8aed980 a3=8aed980 items=0 ppid=20996 >> pid=20997 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51 sgid=51 >> fsgid=51 tty=pts0 ses=2 comm="newaliases" >> exe="/usr/sbin/sendmail.sendmail" >> subj=unconfined_u:system_r:system_mail_t:s0-s0:c0.c1023 key=(null) >> type=AVC msg=audit(1334419298.900:159): avc: denied { read } for >> pid=20997 comm="newaliases" path="/home/antonio" dev=dm-2 ino=1048577 >> scontext=unconfined_u:system_r:system_mail_t:s0-s0:c0.c1023 >> tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir type=AVC >> msg=audit(1334419298.900:159): avc: denied { read } for pid=20997 >> comm="newaliases" path="/home/antonio" dev=dm-2 ino=1048577 >> scontext=unconfined_u:system_r:system_mail_t:s0-s0:c0.c1023 >> tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir ---- >> time->Thu Apr 19 18:35:45 2012 type=SYSCALL msg=audit(1334853345.590:66): >> arch=40000003 syscall=5 success=no exit=-13 a0=81159d0 a1=8000 a2=0 a3=0 >> items=0 ppid=1 pid=1845 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 >> egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="NetworkManager" >> exe="/usr/sbin/NetworkManager" subj=system_u:system_r:NetworkManager_t:s0 >> key=(null) type=AVC msg=audit(1334853345.590:66): avc: denied { read } >> for pid=1845 comm="NetworkManager" name="sysctl.conf" dev="dm-1" >> ino=525148 scontext=system_u:system_r:NetworkManager_t:s0 >> tcontext=system_u:object_r:system_conf_t:s0 tclass=file ---- time->Thu >> Apr 19 18:39:05 2012 type=AVC msg=audit(1334853545.115:41): avc: denied >> { read } for pid=892 comm="NetworkManager" name="sysctl.conf" dev="dm-1" >> ino=525148 scontext=system_u:system_r:NetworkManager_t:s0 >> tcontext=system_u:object_r:system_conf_t:s0 tclass=file ---- time->Thu >> Apr 19 21:40:30 2012 type=AVC msg=audit(1334864430.369:41): avc: denied >> { read } for pid=902 comm="NetworkManager" name="sysctl.conf" dev="dm-1" >> ino=525148 scontext=system_u:system_r:NetworkManager_t:s0 >> tcontext=system_u:object_r:system_conf_t:s0 tclass=file ---- time->Fri >> Apr 20 07:02:19 2012 type=AVC msg=audit(1334898139.025:41): avc: denied >> { read } for pid=921 comm="NetworkManager" name="sysctl.conf" dev="dm-1" >> ino=525148 scontext=system_u:system_r:NetworkManager_t:s0 >> tcontext=system_u:object_r:system_conf_t:s0 tclass=file ---- time->Fri >> Apr 20 18:11:40 2012 type=AVC msg=audit(1334938300.294:43): avc: denied >> { read } for pid=886 comm="NetworkManager" name="sysctl.conf" dev="dm-1" >> ino=525148 scontext=system_u:system_r:NetworkManager_t:s0 >> tcontext=system_u:object_r:system_conf_t:s0 tclass=file ---- time->Fri >> Apr 20 22:49:42 2012 type=AVC msg=audit(1334954982.484:40): avc: denied >> { read } for pid=928 comm="NetworkManager" name="sysctl.conf" dev="dm-1" >> ino=525148 scontext=system_u:system_r:NetworkManager_t:s0 >> tcontext=system_u:object_r:system_conf_t:s0 tclass=file ---- time->Sat >> Apr 21 07:31:25 2012 type=AVC msg=audit(1334986285.449:40): avc: denied >> { read } for pid=880 comm="NetworkManager" name="sysctl.conf" dev="dm-1" >> ino=525148 scontext=system_u:system_r:NetworkManager_t:s0 >> tcontext=system_u:object_r:system_conf_t:s0 tclass=file ---- time->Sat >> Apr 21 10:25:11 2012 type=AVC msg=audit(1334996711.727:44): avc: denied >> { read } for pid=914 comm="NetworkManager" name="sysctl.conf" dev="dm-1" >> ino=525148 scontext=system_u:system_r:NetworkManager_t:s0 >> tcontext=system_u:object_r:system_conf_t:s0 tclass=file ---- time->Sat >> Apr 21 12:26:50 2012 type=AVC msg=audit(1335004010.139:41): avc: denied >> { read } for pid=883 comm="NetworkManager" name="sysctl.conf" dev="dm-1" >> ino=525148 scontext=system_u:system_r:NetworkManager_t:s0 >> tcontext=system_u:object_r:system_conf_t:s0 tclass=file ---- time->Sun >> Apr 22 07:07:06 2012 type=AVC msg=audit(1335071226.584:41): avc: denied >> { read } for pid=892 comm="NetworkManager" name="sysctl.conf" dev="dm-1" >> ino=525148 scontext=system_u:system_r:NetworkManager_t:s0 >> tcontext=system_u:object_r:system_conf_t:s0 tclass=file ---- time->Sun >> Apr 22 08:00:32 2012 type=AVC msg=audit(1335074432.589:40): avc: denied >> { read } for pid=903 comm="NetworkManager" name="sysctl.conf" dev="dm-1" >> ino=525148 scontext=system_u:system_r:NetworkManager_t:s0 >> tcontext=system_u:object_r:system_conf_t:s0 tclass=file ---- time->Sat >> Apr 28 19:02:02 2012 type=AVC msg=audit(1335632522.668:9): avc: denied >> { read } for pid=619 comm="dmesg" name="ld.so.cache" dev="dm-1" >> ino=525985 scontext=system_u:system_r:dmesg_t:s0 >> tcontext=unconfined_u:object_r:etc_t:s0 tclass=file [root@exmarco ~]# > The NetworkManager problem and the dmesg problem should be fixed by updating to the latest Fedora policy. restorecon -R /etc/ld.so.cache might also help. newaliases trying to list your home directory seems pretty weird. I guess if you run that command in a directory it tries to list the current directory. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk+igjgACgkQrlYvE4MpobMuJQCfdhAJJGflQ+T/7bUIB/BeH6Mb e2oAni0JGNZer87qNu0MMq1VfmGMsROc =6D1y -----END PGP SIGNATURE----- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test