SELinux Troubleshooter messages from upgrade from F7->F8

Michael Wiktowy michael.wiktowy at gmail.com
Mon Nov 12 11:53:44 UTC 2007


(Disclaimer: SELinux haters please reserve your bile for one of the
other many many long "SELinux-sux" threads ... this isn't intended as
one of them as I like SELinux and just want to provide my feedback to
make it better.)

Well ... I didn't put selinux in permissive mode when I did a yum
upgrade. Partially to tempt fate; partially because I figured it
should work regardless.; partially because I forgot :]

Things seem to be working OK but there are a couple of glitches that I
am trying to track down yet.

So here are the setroubleshoot errors that appeared in my logs for the
complete yum upgrade:

Nov  9 02:39:19 localhost setroubleshoot:      SELinux is preventing
/sbin/ldconfig (ldconfig_t) "write" to ldconfig (var_t).      For
complete SELinux messages. run sealert -l
1594b6a8-1f16-44c9-b7ee-f5ef4621257f
Nov  9 02:41:56 localhost setroubleshoot:      SELinux is preventing
/sbin/restorecon (restorecon_t) "write" to pipe:[50470] (rpm_t).
For complete SELinux messages. run sealert -l
6caaa2ac-84bb-4962-a78e-b10e24f8fef0
Nov  9 02:51:46 localhost setroubleshoot:      SELinux is preventing
/usr/sbin/nscd (nscd_t) "write" to pipe:[50470] (rpm_t).      For
complete SELinux messages. run sealert -l
e7ace06a-0a4b-4832-bdac-1f538535f5a3
Nov  9 02:51:46 localhost setroubleshoot:      SELinux is preventing
semanage (semanage_t) "write" to pipe:[50470] (rpm_t).      For
complete SELinux messages. run sealert -l
e2c86088-44f8-4e9b-b71c-d1ea72a2b3d3
Nov  9 02:52:14 localhost setroubleshoot:      SELinux is preventing
/usr/sbin/useradd (useradd_t) "read write" to faillog (var_log_t).
 For complete SELinux messages. run sealert -l
de30be19-d51b-482e-b112-6fa9954a70e9
Nov  9 03:04:27 localhost setroubleshoot:      SELinux is preventing
/usr/sbin/semodule (semanage_t) "write" to pipe:[50470] (rpm_t).
For complete SELinux messages. run sealert -l
e2c86088-44f8-4e9b-b71c-d1ea72a2b3d3
Nov  9 03:09:36 localhost setroubleshoot:      SELinux prevented
/sbin/setfiles from using the terminal 0.      For complete SELinux
messages. run sealert -l 74507fc1-6b02-4285-92d9-d0123f0cea60
Nov  9 03:09:42 localhost setroubleshoot: [rpc.ERROR] exception
DBusException: org.freedesktop.DBus.Error.NoServer: Failed to connect
to socket /var/run/dbus/system_bus_socket: Connection refused
Traceback (most recent call last):   File
"/usr/lib/python2.5/site-packages/setroubleshoot/server.py", line 434,
in RunFaultServer     setroubleshootd_dbus = SetroubleshootdDBus()
File "/usr/lib/python2.5/site-packages/setroubleshoot/server.py", line
345, in __init__     self.bus = dbus.SystemBus()   File
"/usr/lib/python2.5/site-packages/dbus/_dbus.py", line 201, in __new__
    private=private)   File
"/usr/lib/python2.5/site-packages/dbus/_dbus.py", line 107, in __new__
    bus = BusConnection.__new__(subclass, bus_type, mainloop=mainloop)
  File "/usr/lib/python2.5/site-packages/dbus/bus.py", line 121, in
__new__     bus = cls._new_for_bus(address_or_type, mainloop=mainloop)
DBusException: org.freedesktop.DBus.Error.NoServer: Failed to connect
to socket /var/run/dbus/system_bus_socket: Connection refused

There were multiple repetitons of each of them (particularly the
ldconfig_t one).

My questions:
1) Should SELinux stay out of the way for a yum upgrade in
enforcing/targetted mode?
2) Is there a straightforward way to go back and reinstall all the
currently installed rpms (while not in enforcing mode) so that some of
these blocked pre-post script activities are allowed to do their
thing? There are just too many affected packages to do this manually.
3) Are these bugzilla-worthy?

/Mike




More information about the devel mailing list