Denials when installing from updates-testing

Daniel J Walsh dwalsh at redhat.com
Mon Apr 21 19:32:43 UTC 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Adam Huffman wrote:
> This morning I used yum to install the latest packages from the
> updates-testing repository for F8.  Some SELinux denials meant that
> problems were reported with a lot of these updates e.g.
> 
>   Updating  : libxml2                      ##################### [  1/145]
> error: %post(libxml2-2.6.32-1.fc8.x86_64) scriptlet failed, exit status 255
>   Updating  : gtk2                         ##################### [  2/145]
> error: %post(gtk2-2.12.8-2.fc8.x86_64) scriptlet failed, exit status 255
>   Updating  : libxslt                      ##################### [  3/145]
> error: %post(libxslt-1.1.23-1.fc8.x86_64) scriptlet failed, exit status 255
>   Updating  : evolution-data-server        ##################### [  4/145]
> error: %post(evolution-data-server-1.12.3-5.fc8.x86_64) scriptlet
> failed, exit status 255
> 
> and here are excerpts of the sealert messages:
> 
> Summary:
> 
> SELinux is preventing yum (mono_t) "transition" to /sbin/ldconfig
> (rpm_script_t).
> 
> Source Context                unconfined_u:system_r:mono_t:SystemLow-SystemHigh
> Target Context
> unconfined_u:system_r:rpm_script_t:SystemLow-SystemHigh
> Target Objects                /sbin/ldconfig [ process ]
> Source                        yum
> Source Path                   /usr/bin/python
> Port                          <Unknown>
> 
> Source RPM Packages           python-2.5.1-15.fc8
> Target RPM Packages           glibc-2.7-2
> Policy RPM                    selinux-policy-3.0.8-95.fc8
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   catchall
> 
> 
> Raw Audit Messages
> 
> type=AVC msg=audit(1208774766.511:30956): avc:  denied  { transition }
> for  pid=4487 comm="yum" path="/sbin/ldconfig" dev=dm-0 ino=852080
> scontext=unconfined_u:system_r:mono_t:s0-s0:c0.c1023
> tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023
> tclass=process
> 
> type=SYSCALL msg=audit(1208774766.511:30956): arch=c000003e syscall=59
> success=no exit=-13 a0=1637234f a1=7fff43a32a40 a2=947ac50
> a3=3d4fc13bb2 items=0 ppid=4089 pid=4487 auid=500 uid=0 gid=0 euid=0
> suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts9 comm="yum"
> exe="/usr/bin/python" subj=unconfined_u:system_r:mono_t:s0-s0:c0.c1023
> key=(null)
> 
> and
> 
> Summary:
> 
> SELinux is preventing yum (mono_t) "transition" to /bin/bash (rpm_script_t).
> 
> Additional Information:
> 
> Source Context                unconfined_u:system_r:mono_t:SystemLow-SystemHigh
> Target Context
> unconfined_u:system_r:rpm_script_t:SystemLow-SystemHigh
> Target Objects                /bin/bash [ process ]
> Source                        yum
> Source Path                   /usr/bin/python
> Port                          <Unknown>
> Source RPM Packages           python-2.5.1-15.fc8
> Target RPM Packages           bash-3.2-20.fc8
> Policy RPM                    selinux-policy-3.0.8-95.fc8
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   catchall
> Alert Count                   69
> First Seen                    Mon 07 Apr 2008 13:02:19 BST
> Last Seen                     Mon 21 Apr 2008 11:46:06 BST
> Local ID                      e148a133-5374-43a6-953b-45076d5c667b
> Line Numbers
> 
> Raw Audit Messages
> 
> type=AVC msg=audit(1208774766.470:30955): avc:  denied  { transition }
> for  pid=4486 comm="yum" path="/bin/bash" dev=dm-0 ino=65580
> scontext=unconfined_u:system_r:mono_t:s0-s0:c0.c1023
> tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023
> tclass=process
> 
> type=SYSCALL msg=audit(1208774766.470:30955): arch=c000003e syscall=59
> success=no exit=-13 a0=1658931a a1=7fff43a32a40 a2=947ac50
> a3=3d4fc13bb2 items=0 ppid=4089 pid=4486 auid=500 uid=0 gid=0 euid=0
> suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts9 comm="yum"
> exe="/usr/bin/python" subj=unconfined_u:system_r:mono_t:s0-s0:c0.c1023
> key=(null)
> 
> Does this look like a local problem and relabelling is needed?
> 
Well why would yum be running as mono_t?  So this looks like something
is definitely wrong with your machine.  Probably labeling.

> Adam
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkgM69sACgkQrlYvE4MpobPiZQCghe5p/qVzmYGqeW6mwnXtvhuH
lgIAn0TMStfqPnh/DNDgwDESiPm3Sghh
=5SWY
-----END PGP SIGNATURE-----

More information about the selinux mailing list