Re: post update label checking script

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Steve Grubb wrote:
Hi,

I just wanted to let everyone know that I'm making a test script available to help people testing fedora rawhide updates. What this script does is look at the yum logs to see if you've updated the system today. (Optionally, you can pass a date to the script based on your locale, for example "Sep 03" would be valid in mine.) If updates are found in the logs, it makes a list of rpms and sends that to fixfiles to see if the update has caused any files to be mislabeled. This can happen when post install scriptlets do the wrong thing. This script should not repair anything since its just a test. You can find it here:

http://people.redhat.com/sgrubb/files/testing/selinux-check-new-rpms

Typically, you would run the script after doing "yum update" on a rawhide machine. There were several bug fixes needed in policycoreutils to make the script work and hopefully they will be backported to FC5 sometime soon.

Please report any problems you find against the package that owns the files being reported. For example, when I run the script after today's rawhide update, I get this:

/etc/named.conf
/etc/rndc.conf
/etc/rndc.key
/etc/named.caching-nameserver.conf
/etc/named.conf
/etc/named.rfc1912.zones
/var/named/named.ca

To see the package:

[root~]# rpm -qf /etc/named.conf
caching-nameserver

This would indicate that caching-nameserver probably has post scriptlets that are processing files in a selinux unfriendly way.

Feedback and updates are welcome.

-Steve


I ran the script on FC5 and ended up with named errors as well as kernel module errors. Is there any output needed to flag possible backporting problems with the present FC5 policycoreutils version? Or is adequate information already available to improve policycoreutils for FC5?

Thanks,
Jim

--
Libtool shared library portability is only slightly more believable than
perpetual motion machines.  Especially on AIX :)."
        -- David Leimbach

--
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]