when I ran up2date today it appeared to install kernel 2.6.4-1.298. There were no errors reported. But it did not update grub as usual, it did not put any files in /boot, and when I do rpm -q kernel it does not show 2.6.4-1.298 (It shows the other kernels 253 etc) [root@old1 boot]# rpm -q kernel kernel-2.6.3-2.1.242 kernel-2.6.3-2.1.253 kernel-2.6.3-2.1.246 kernel-2.6.3-2.1.253.2.1
Below are the messages in the up2date log file.
[Tue Mar 30 20:50:28 2004] up2date installing packages: ['GConf2-2.6.0-1', 'GConf2-devel-2.6.0-1', 'Guppi-0.40.3-18', 'Guppi-devel-0.40.3-18', 'ImageMagick-5.5.7.15-1.3', 'ImageMagick-c++-5.5.7.15-1.3', 'ImageMagick-c++-devel-5.5.7.15-1.3', 'ImageMagick-devel-5.5.7.15-1.3', 'ImageMagick-perl-5.5.7.15-1.3', 'Maelstrom-3.0.6-3', 'a2ps-4.13b-37', 'amanda-2.4.4p2-3', 'amanda-client-2.4.4p2-3', 'amanda-devel-2.4.4p2-3', 'amanda-server-2.4.4p2-3', 'anaconda-9.92-0.20040323181753', 'anaconda-runtime-9.92-0.20040323181753', 'apr-0.9.4-11', 'apr-devel-0.9.4-11', 'apr-util-0.9.4-12', 'apr-util-devel-0.9.4-12', 'aumix-2.8-8', 'beecrypt-3.1.0-3', 'beecrypt-devel-3.1.0-3', 'beecrypt-python-3.1.0-3', 'bind-9.2.3-13', 'bind-chroot-9.2.3-13', 'bind-devel-9.2.3-13', 'bind-libs-9.2.3-13', 'bind-utils-9.2.3-13', 'binutils-2.15.90.0.1.1-2', 'busybox-1.00.pre8-2', 'busybox-anaconda-1.00.pre8-2', 'control-center-2.5.4-2', 'dhclient-3.0.1rc12-4', 'dhcp-3.0.1rc12-4', 'dhcp-devel-3.0.1rc12-4', 'esound-0.2.34-1', 'esound-devel-0.2.34-1', 'file-4.07-3', 'freeglut-2.2.0-11', 'freeglut-devel-2.2.0-11', 'gaim-0.75.99-20040328cvs', 'gedit-2.5.92-1', 'gedit-devel-2.5.92-1', 'glibc-2.3.3-20', 'glibc-common-2.3.3-20', 'glibc-devel-2.3.3-20', 'glibc-headers-2.3.3-20', 'glibc-profile-2.3.3-20', 'glibc-utils-2.3.3-20', 'gnome-mime-data-2.4.1-3', 'gnome-vfs2-2.6.0-1', 'gnome-vfs2-devel-2.6.0-1', 'gnome-vfs2-smb-2.6.0-1', 'gok-0.9.10-2', 'gpm-1.20.1-45', 'gpm-devel-1.20.1-45', 'hotplug-2004_03_11-1', 'htdig-3.2.0b5-7', 'htdig-web-3.2.0b5-7', 'httpd-2.0.49-1', 'httpd-devel-2.0.49-1', 'httpd-manual-2.0.49-1', 'hwdata-0.114-1', 'initscripts-7.49-1', 'ipxutils-2.2.4-1', 'kdebase-3.2.1-1.5', 'kdebase-devel-3.2.1-1.5', 'kdegames-3.2.1-2', 'kdegames-devel-3.2.1-2', 'kdenetwork-3.2.1-3', 'kdenetwork-devel-3.2.1-3', 'kdepim-3.2.1-4', 'kdepim-devel-3.2.1-4', 'kernel-2.6.4-1.298', 'kernel-doc-2.6.4-1.298', 'kernel-source-2.6.4-1.298', 'kernel-utils-2.4-9.1.126', 'kinput2-canna-wnn6-v3.1-17', 'less-382-3', 'libbonobo-2.6.0-2', 'libbonobo-devel-2.6.0-2', 'libselinux-1.6-5', 'libselinux-devel-1.6-5', 'libwnck-2.5.90-3', 'libwnck-devel-2.5.90-3', 'libxml2-2.6.8-1', 'libxml2-devel-2.6.8-1', 'libxml2-python-2.6.8-1', 'lm_sensors-2.8.3-5', 'lm_sensors-devel-2.8.3-5', 'man-1.5m2-5', 'mod_ssl-2.0.49-1', 'modutils-2.4.26-14', 'ncpfs-2.2.4-1', 'neon-0.24.4-4', 'neon-devel-0.24.4-4', 'net-snmp-5.1.1-1', 'net-snmp-devel-5.1.1-1', 'net-snmp-perl-5.1.1-1', 'net-snmp-utils-5.1.1-1', 'nptl-devel-2.3.3-20', 'nscd-2.3.3-20', 'nss_ldap-217-1', 'openssl-0.9.7a-35', 'openssl-devel-0.9.7a-35', 'openssl-perl-0.9.7a-35', 'pcre-4.5-2', 'pcre-devel-4.5-2', 'policy-1.9.1-2', 'policy-sources-1.9.1-2', 'policycoreutils-1.9-16', 'qt-3.3.1-0.7', 'qt-MySQL-3.3.1-0.7', 'qt-ODBC-3.3.1-0.7', 'qt-PostgreSQL-3.3.1-0.7', 'qt-designer-3.3.1-0.7', 'qt-devel-3.3.1-0.7', 'rhythmbox-0.7.1-2', 'rp-pppoe-3.5-12', 'rpmdb-fedora-1.91-0.20040330', 'samba-3.0.3-1.pre1', 'samba-client-3.0.3-1.pre1', 'samba-common-3.0.3-1.pre1', 'samba-swat-3.0.3-1.pre1', 'sash-3.7-3', 'setools-1.2.1-3', 'setools-devel-1.2.1-3', 'setools-gui-1.2.1-3', 'shared-mime-info-0.14-1', 'slocate-2.7-8', 'sylpheed-0.9.10-2', 'system-config-bind-2.0.2-4', 'system-config-date-1.7.3-1', 'system-config-display-1.0.12-1', 'system-config-netboot-0.1.3-4', 'system-config-printer-0.6.98-1', 'system-config-printer-gui-0.6.98-1', 'system-config-samba-1.2.9-1', 'system-config-securitylevel-1.3.9-1', 'system-config-securitylevel-tui-1.3.9-1', 'system-config-services-0.8.8-4', 'tetex-2.0.2-13', 'tetex-afm-2.0.2-13', 'tetex-doc-2.0.2-13', 'tetex-dvips-2.0.2-13', 'tetex-fonts-2.0.2-13', 'tetex-latex-2.0.2-13', 'tetex-xdvi-2.0.2-13', 'udev-023-1', 'util-linux-2.12-15', 'vim-X11-6.2.403-1', 'vim-common-6.2.403-1', 'vim-enhanced-6.2.403-1', 'vim-minimal-6.2.403-1', 'vnc-4.0-1.beta4.9', 'vnc-server-4.0-1.beta4.9', 'w3m-0.5-1', 'webalizer-2.01_10-22', 'xinitrc-3.38-1', 'zip-2.3-22'] [Tue Mar 30 22:05:51 2004] up2date Modifying bootloader config to include the new kernel info [Tue Mar 30 22:05:51 2004] up2date Adding 2.6.4-1.298 to bootloader config [Tue Mar 30 22:05:51 2004] up2date Adding 2.6.4-1.298 to bootloader config [Tue Mar 30 22:05:52 2004] up2date Running lilo with the new configuration [Tue Mar 30 22:05:53 2004] up2date Modifying bootloader config to include the new kernel info [Tue Mar 30 22:05:53 2004] up2date Adding 2.6.4-1.298 to bootloader config [Tue Mar 30 22:05:53 2004] up2date Running lilo with the new configuration [root@old1 boot]#
This shows (supposedly) that all those packages were updated. If the kernel was not installed when the log says it was, how many others were not really updated?
another problem is that I use grub! ( have never used lilo on this box) and it was not updated. the log shows that the kernel install tried to update lilo.
btw I am running in enforcing mode as root (with role sysmgr_r): Where do I start with the bug reports? the kernel 'cause it did not install? up2date because it did not report any errors when something was very worng? selinux policy? there are hundreds of avc denied messages... please let me know how to proceed with getting my system updated in enforcing mode and if there is additional information I can provide. the messages file is 796261 bytes and I have saved a copy. thanks, Richard Hally Richard Hally
On Tue, 2004-03-30 at 22:58, Richard Hally wrote:
when I ran up2date today it appeared to install kernel 2.6.4-1.298. There were no errors reported. But it did not update grub as usual, it did not put any files in /boot, and when I do rpm -q kernel it does not show 2.6.4-1.298 (It shows the other kernels 253 etc) [root@old1 boot]# rpm -q kernel kernel-2.6.3-2.1.242 kernel-2.6.3-2.1.253 kernel-2.6.3-2.1.246 kernel-2.6.3-2.1.253.2.1
I had similar problems. Clean install of test2 with selinux in enforcing mode followed by a yum update. Many of the postinstall scripts reported failures and after a reboot (to boot the new kernel that didn't get installed) lots of things were very broken. Permissions on directories in /var were all messed up (as root I couldn't cd to /var/log to try to figure out what was going). So I did a clean install of test2 again, setting selinux to warn only, and things are much happier. It seems like the default policy of selinux kept many files from being updated properly.
Let me know if you file a bug report so I can add to it.
tjb
On Wednesday 31 March 2004 10:50, Thomas J. Baker wrote:
On Tue, 2004-03-30 at 22:58, Richard Hally wrote:
when I ran up2date today it appeared to install kernel 2.6.4-1.298. There were no errors reported. But it did not update grub as usual, it did not put any files in /boot, and when I do rpm -q kernel it does not show 2.6.4-1.298 (It shows the other kernels 253 etc) [root@old1 boot]# rpm -q kernel kernel-2.6.3-2.1.242 kernel-2.6.3-2.1.253 kernel-2.6.3-2.1.246 kernel-2.6.3-2.1.253.2.1
I had similar problems. Clean install of test2 with selinux in enforcing mode followed by a yum update. Many of the postinstall scripts reported failures and after a reboot (to boot the new kernel that didn't get installed) lots of things were very broken. Permissions on directories in /var were all messed up (as root I couldn't cd to /var/log to try to figure out what was going). So I did a clean install of test2 again, setting selinux to warn only, and things are much happier. It seems like the default policy of selinux kept many files from being updated properly.
Let me know if you file a bug report so I can add to it.
This is an selinux - rpm problem ... see: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=119538
Gene
On Thu, 1 Apr 2004 02:46, Gene Czarcinski gene@czarc.net wrote:
I had similar problems. Clean install of test2 with selinux in enforcing mode followed by a yum update. Many of the postinstall scripts reported failures and after a reboot (to boot the new kernel that didn't get installed) lots of things were very broken. Permissions on directories in /var were all messed up (as root I couldn't cd to /var/log to try to figure out what was going). So I did a clean install of test2 again, setting selinux to warn only, and things are much happier. It seems like the default policy of selinux kept many files from being updated properly.
Let me know if you file a bug report so I can add to it.
This is an selinux - rpm problem ... see: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=119538
That one is due to installing packages as staff_r. The general idea with SE Linux is that you use sysadm_r for such things. In Fedora su and sudo should change to sysadm_r. If you login at the console as root you will get sysadm_r. It should just work.
That one is due to installing packages as staff_r. The general idea with SE Linux is that you use sysadm_r for such things. In Fedora su and sudo should change to sysadm_r. If you login at the console as root you will get sysadm_r. It should just work.
I think if you ssh in as root, you are left as staff_r and need to use newrole to switch.
j.
On Thu, 1 Apr 2004 12:33, Jeff Needle jneedle@redhat.com wrote:
That one is due to installing packages as staff_r. The general idea with SE Linux is that you use sysadm_r for such things. In Fedora su and sudo should change to sysadm_r. If you login at the console as root you will get sysadm_r. It should just work.
I think if you ssh in as root, you are left as staff_r and need to use newrole to switch.
That is the default. Giving ultimate access over ssh isn't desirable, but it can be changed via the ssh_sysadm_login option.
Russell Coker wrote:
On Thu, 1 Apr 2004 02:46, Gene Czarcinski gene@czarc.net wrote:
I had similar problems. Clean install of test2 with selinux in enforcing mode followed by a yum update. Many of the postinstall scripts reported failures and after a reboot (to boot the new kernel that didn't get installed) lots of things were very broken. Permissions on directories in /var were all messed up (as root I couldn't cd to /var/log to try to figure out what was going). So I did a clean install of test2 again, setting selinux to warn only, and things are much happier. It seems like the default policy of selinux kept many files from being updated properly.
Let me know if you file a bug report so I can add to it.
This is an selinux - rpm problem ... see: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=119538
That one is due to installing packages as staff_r. The general idea with SE Linux is that you use sysadm_r for such things. In Fedora su and sudo should change to sysadm_r. If you login at the console as root you will get sysadm_r. It should just work.
Russel, if you look at the original post of this thread you will see that I was root and was in sysadm_r and ran into this problem. thanks for your help, Richard Hally
On 31.03.2004 18:37, Richard Hally wrote:
Russel, if you look at the original post of this thread you will see that I was root and was in sysadm_r and ran into this problem.
The problem is tha up2date is not marked as rpm_exec_t. See https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=119208
A temporary workaround is to run
/usr/bin/setfilecon system_u:object_r:rpm_exec_t /usr/sbin/up2date
to temporarily fix the file context of the up2date program.
selinux@lists.fedoraproject.org