Hi folks,
I upgraded my system from fedora 17 a few days ago. I forgot to change my selinux mode to permissive before the update and it took me a while to fix my files. I think they're all okay now. However, I still see quite a few denials in the audit.log. Would someone know if these are expected, or if I need to fix a few more files?
Output of 'egrep denied /var/log/audit/audit.log' http://paste.stg.fedoraproject.org/1553
On Thu, 2012-11-08 at 11:27 +1100, Ankur Sinha wrote:
Hi folks,
I upgraded my system from fedora 17 a few days ago. I forgot to change my selinux mode to permissive before the update and it took me a while to fix my files. I think they're all okay now. However, I still see quite a few denials in the audit.log. Would someone know if these are expected, or if I need to fix a few more files?
Output of 'egrep denied /var/log/audit/audit.log' http://paste.stg.fedoraproject.org/1553
If you upgraded with yum, then 'yum history info (transaction number)' will give you all the output from the transaction, including errors from rpm scripts, so you can catch any cases you might not yet have fixed up.
yum history rocks!
On Wed, 2012-11-07 at 16:36 -0800, Adam Williamson wrote:
If you upgraded with yum, then 'yum history info (transaction number)' will give you all the output from the transaction, including errors from rpm scripts, so you can catch any cases you might not yet have fixed up.
yum history rocks!
Hi Adam,
I already went through the logs and reinstalled affected files in the hope of fixing their contexts (I couldn't boot after a fixfiles onboot; reboot for some reason). I'll go look again.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/07/2012 07:27 PM, Ankur Sinha wrote:
Hi folks,
I upgraded my system from fedora 17 a few days ago. I forgot to change my selinux mode to permissive before the update and it took me a while to fix my files. I think they're all okay now. However, I still see quite a few denials in the audit.log. Would someone know if these are expected, or if I need to fix a few more files?
Output of 'egrep denied /var/log/audit/audit.log' http://paste.stg.fedoraproject.org/1553
These AVC's loos le a bunch of stuff was being run as xdm_dbus_t, which means executables started by gdm via dbus session. I have no idea why.
Are you still seeing SELinux issues?
On Thu, 2012-11-08 at 09:07 -0500, Daniel J Walsh wrote:
These AVC's loos le a bunch of stuff was being run as xdm_dbus_t, which means executables started by gdm via dbus session. I have no idea why.
Are you still seeing SELinux issues?
Hi Daniel,
I don't see them in the latest logs. Guess the package reinstalls fixed it.
-
Adam Williamson -
Ankur Sinha -
Daniel J Walsh