-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rick Stevens wrote: > Jerry Amundson wrote: >> On Mon, Mar 2, 2009 at 3:25 PM, Mike Cloaked <mike.cloaked@xxxxxxxxx> >> wrote: >>> Joshua Armstrong-2 wrote: >>>> Mike Cloaked wrote: >>>>> I have just updated some f10 boxes a few minutes ago. On logging on >>>>> again >>>>> after rebooting to the new kernel this evening, the main user >>>>> directories >>>>> have had their contexts changed to usr_t so I presume some kind of >>>>> relabelling has been done - but not correctly! After restorecon -vR >>>>> /home/user the contexts have mostly reverted to where they should >>>>> be - I >>>>> initially noticed because ssh suddenly started demanding a passphrase >>>>> when >>>>> it should not need one - and then I noted avc denials..... >>>>> >>>>> I hope not too many users are going to have their home directories >>>>> messed >>>>> up >>>>> as a result! The relevant update is >>>>> selinux-policy-targeted-3.5.13-46.fc10.noarch.rpm >>>>> >>>>> This is not good - especially for a stable release! >>>>> >>>> I second this - I just verified this on my f10 webserver. Thankfully, >>>> all the important files are set to httpd_sys_content_t and in read-only >>>> directories. But it did break being able to read home directories over >>>> CIFS share. >>>> >>>> >>> I guess these lines in the /var/log/messages are relevant: >>> Mar 2 19:49:25 home1 yum: Updated: selinux-policy-3.5.13-46.fc10.noarch >>> Mar 2 19:49:49 home1 dbus: avc: received policyload notice (seqno=2) >>> Mar 2 19:49:49 home1 dbus: avc: received policyload notice (seqno=2) >>> >>> I guess it will be in BZ before too long - and I notice that -47 is in >>> updates testing - hopefully this problem will be fixed before -48 is >>> released! >> >> Works for me. My f10 updates-testing laptop installed >> selinux-policy-targeted-3.5.13-46.fc10.noarch last Thursday, Feb 26. I >> see one "dbus: avc: received policyload notice (seqno=2)" from then, >> but user_home_dir_t is still set as expected. > > Have you rebooted since you installed it? I believe the RPM touches > /.autorelabel and that triggers the relabel on a reboot. No it does not. Limited relabeling happens in the post install of the policy package. Touching /.autorelabel should almost never be required. > ---------------------------------------------------------------------- > - Rick Stevens, Systems Engineer ricks@xxxxxxxx - > - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - > - - > - A day for firm decisions!!! Well, then again, maybe not! - > ---------------------------------------------------------------------- > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkmtPskACgkQrlYvE4MpobPNVQCgkYH+XGADlUQfS7Jzz0Y3sYR1 xG8AniS0U27wxl5pPLfJEELJKZPECdtl =UX9P -----END PGP SIGNATURE----- -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
