Greetings;
Its been several days, but I haven't seen any policy updates yet, and setroubleshooter is still hacking away at the lower right corner of the screen.
Call this a ping? :)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Gene Heskett wrote:
Greetings;
Its been several days, but I haven't seen any policy updates yet, and setroubleshooter is still hacking away at the lower right corner of the screen.
Call this a ping? :)
Gene need more info. OS? Problem? AVCs?
Lots of email, lots of bugzillas, 5 different OSs.
RHEL4, RHEL5, F9, F10, Rawhide.
Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Gene Heskett wrote:
Greetings;
Its been several days, but I haven't seen any policy updates yet, and setroubleshooter is still hacking away at the lower right corner of the screen.
Call this a ping? :)
Gene need more info. OS? Problem? AVCs?
Lots of email, lots of bugzillas, 5 different OSs.
RHEL4, RHEL5, F9, F10, Rawhide.
I think Gene was referring to this:
https://www.redhat.com/archives/fedora-selinux-list/2009-March/msg00025.html
Paul.
On Monday 09 March 2009, Paul Howarth wrote:
Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Gene Heskett wrote:
Greetings;
Its been several days, but I haven't seen any policy updates yet, and setroubleshooter is still hacking away at the lower right corner of the screen.
Call this a ping? :)
Gene need more info. OS? Problem? AVCs?
Lots of email, lots of bugzillas, 5 different OSs.
RHEL4, RHEL5, F9, F10, Rawhide.
I think Gene was referring to this:
https://www.redhat.com/archives/fedora-selinux-list/2009-March/msg00025.html
Paul.
Yes, Paul. And to requote from the last of that thread:
"Fetchmail policy does not allow for the creation of a logfile right now. I guess the default is to write to syslog. We need to add a mechansim for fetchmail to create a fetchmail_log_t and allow procmail_t to append to it."
Which would address this particular problem nicely WITH the exception that my procmail keeps its own logs.
Here is my 'mail' script in /etc/logrotate.d: =============================================== # Logrotate file for fetchmail.log and procmail.log
/var/log/fetchmail.log { missingok compress notifempty weekly size=1000k rotate 5 copytruncate create 0600 gene gene prerotate /usr/bin/killall fetchmail sleep 1 endscript postrotate chown gene:gene /var/log/fetchmail.log restorecon -v /var/log/fetchmail.log echo "log rotated on "date -u >>var/log/fetchmail.log su gene -c "/usr/bin/fetchmail -d 90 --fetchmailrc /home/gene/.fetchmailrc" endscript } /var/log/procmail.log { missingok compress notifempty weekly size=1000k rotate 5 copytruncate create 0600 gene gene postrotate restorecon -v /var/log/procmail.log echo "log rotated on "date -u >>/var/log/procmail.log endscript } =========================================== And I should note that doing a head on the two files shows the echo's above, except I need to backtick the date -u :) I'll fix that right now.
FWIW, neither file is up to the trigger size, but close, and this is only noonish Monday: -rw------- 1 gene gene 472824 2009-03-09 12:23 /var/log/fetchmail.log -rw------- 1 gene gene 854970 2009-03-09 12:21 /var/log/procmail.log
From the dates on the rest of the procmail.log-*.gz's it is in fact being
rotated daily, so I should add another 0 to the size, or just remove it & let it use the Sunday morning schedule. Or I should remove the VERBOSE=yes in the ~/.procmailrc :) fetchmail.log is being rotated at 4 day intervals.
At one point someone else whose name is not (I don't think) on the CC: list, said he would do it. So I was expecting to see a new targeted policy show up in yumex in a day or so, but it is still missing.
Thanks everybody.
Gene Heskett wrote:
Greetings;
Its been several days, but I haven't seen any policy updates yet, and setroubleshooter is still hacking away at the lower right corner of the screen.
Call this a ping? :)
Fixed in selinux-policy-3.5.13-48.fc10 and selinux-policy-3.3.1-126.fc9. For now, you can download update from Koji.
On Monday 09 March 2009, Miroslav Grepl wrote:
Gene Heskett wrote:
Greetings;
Its been several days, but I haven't seen any policy updates yet, and setroubleshooter is still hacking away at the lower right corner of the screen.
Call this a ping? :)
Fixed in selinux-policy-3.5.13-48.fc10 and selinux-policy-3.3.1-126.fc9. For now, you can download update from Koji.
Unforch, the rpm -Uvh reports: [root@coyote yum]# rpm -Uvh selinux-policy-*.rpm Freeing locks for locker 0x1de9: 24455/3087005472 Freeing locks for locker 0x1dea: 24455/3087005472 Freeing locks for locker 0x1deb: 24455/3087005472 Preparing... ########################################### [100%] 1:selinux-policy ########################################### [ 50%] 2:selinux-policy-targeted########################################### [100%] libsepol.print_missing_requirements: pki's global requirements were not met: type/attribute initscript libsemanage.semanage_link_sandbox: Link packages failed semodule: Failed!
And I've seen that error before too. :(
Now what, coaches?
Gene Heskett wrote:
On Monday 09 March 2009, Miroslav Grepl wrote:
Gene Heskett wrote:
Greetings;
Its been several days, but I haven't seen any policy updates yet, and setroubleshooter is still hacking away at the lower right corner of the screen.
Call this a ping? :)
Fixed in selinux-policy-3.5.13-48.fc10 and selinux-policy-3.3.1-126.fc9. For now, you can download update from Koji.
Unforch, the rpm -Uvh reports: [root@coyote yum]# rpm -Uvh selinux-policy-*.rpm Freeing locks for locker 0x1de9: 24455/3087005472 Freeing locks for locker 0x1dea: 24455/3087005472 Freeing locks for locker 0x1deb: 24455/3087005472 Preparing... ########################################### [100%] 1:selinux-policy ########################################### [ 50%] 2:selinux-policy-targeted########################################### [100%] libsepol.print_missing_requirements: pki's global requirements were not met: type/attribute initscript libsemanage.semanage_link_sandbox: Link packages failed semodule: Failed!
And I've seen that error before too. :(
Now what, coaches?
Please execute:
su -c rm -f /etc/selinux/targeted/modules/active/modules/pki.pp
and try to update again. Should it work.
On Monday 09 March 2009, Miroslav Grepl wrote:
rm -f /etc/selinux/targeted/modules/active/modules/pki.pp
[root@coyote yum]# rm -f /etc/selinux/targeted/modules/active/modules/pki.pp [root@coyote yum]# rpm -Uvh selinux-policy-*.rpm Preparing... ########################################### [100%] package selinux-policy-3.5.13-48.fc10.noarch is already installed package selinux-policy-targeted-3.5.13-48.fc10.noarch is already installed
And the every 90 second alerts have ceased since I first did the update, thank you very much.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Gene Heskett wrote:
On Monday 09 March 2009, Miroslav Grepl wrote:
rm -f /etc/selinux/targeted/modules/active/modules/pki.pp
[root@coyote yum]# rm -f /etc/selinux/targeted/modules/active/modules/pki.pp [root@coyote yum]# rpm -Uvh selinux-policy-*.rpm Preparing... ########################################### [100%] package selinux-policy-3.5.13-48.fc10.noarch is already installed package selinux-policy-targeted-3.5.13-48.fc10.noarch is already installed
And the every 90 second alerts have ceased since I first did the update, thank you very much.
rpm -Uvh selinux-policy-*.rpm --force
This will cause the postinstall to run.
selinux@lists.fedoraproject.org