n0dalus wrote:
On 12/17/05, Jeff Spaleta <jspaleta@xxxxxxxxx> wrote:
And pam seems to update just fine for me. You'll have to do you best
to figure out why the libpam files didn't install.
-jef
I have done some more looking into the problem, and while
unfortunately I was unable to reproduce the same problem, I did find
some things in the log files.
At the time of the update, lots of scriptlets failed with the
accompianing log message below:
Dec 17 08:53:26 kernel: audit(1134771806.214:1322): avc: denied {
transition } for pid=17748 comm="yum" name="bash" dev=hda7 ino=163054
scontext=root:system_r:ldconfig_t tcontext=root:system_r:rpm_script_t
tclass=process
I recently checked my system for duplicate rpms caused by scriptlet
failures and found quite a few ackages where the rpmdb was not cleaned
from the removed package on the post installation error due to SELinux
at the time of the problem. You might want to check your system for
duplicate entries in the database.
Another problem was preinstall scripts failing. The rpm would be
downloaded but not installed whenever yum was used or rpm directly to
install packages. Selinux-policy-targeted was one such package that
failed installation on the pre scripts.
Do you have the current version of selinux-policy-targeted? Or was it
locked at quite an earlier release?
I have selinux-policy-targeted-2.1.6-4 which exhibited the pam problem
with login denials. I was able to log into a terminal for both root and
user. The other errors with pam seemed to clear with a relabeling of the
system and booting into runlevel 5 with autologin in gdm.
I am pretty new to SELinux, but to me it seems that the scontext and
the tcontext are around the wrong way. I don't know how this could
happen. In policy.20, source rpm_script_t is allowed to run the
ldconfig_t process. What's happening here seems to be that ldconfig_t
is trying to run rpm_script_t (as far as SELinux is concerned), which
would not be what's really happening. I could be completely wrong
though, so hopefully someone more experienced in these matters can
comment.
I can reproduce this error message consistently when doing certain updates.
Check your entries in rpmdb for duplicates, remove just the db entry for
the old packages, reboot with selinux=0. Try to update your system via
yum or using cached packages in /var/cache/yum/development/packages.
Relabel your system for SELinux by using either touch /.autorelabel or
autorelabel via grub appending the entry during boot.
I have no idea personally about SELinux or the chicken or the egg
factors like scontext ...
Jim
n0dalus.
--
"In the fight between you and the world, back the world."
--Frank Zappa
--
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list