Denials when installing from updates-testing
Daniel J Walsh
dwalsh at redhat.com
Mon Apr 21 19:32:43 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Adam Huffman wrote:
> This morning I used yum to install the latest packages from the
> updates-testing repository for F8. Some SELinux denials meant that
> problems were reported with a lot of these updates e.g.
>
> Updating : libxml2 ##################### [ 1/145]
> error: %post(libxml2-2.6.32-1.fc8.x86_64) scriptlet failed, exit status 255
> Updating : gtk2 ##################### [ 2/145]
> error: %post(gtk2-2.12.8-2.fc8.x86_64) scriptlet failed, exit status 255
> Updating : libxslt ##################### [ 3/145]
> error: %post(libxslt-1.1.23-1.fc8.x86_64) scriptlet failed, exit status 255
> Updating : evolution-data-server ##################### [ 4/145]
> error: %post(evolution-data-server-1.12.3-5.fc8.x86_64) scriptlet
> failed, exit status 255
>
> and here are excerpts of the sealert messages:
>
> Summary:
>
> SELinux is preventing yum (mono_t) "transition" to /sbin/ldconfig
> (rpm_script_t).
>
> Source Context unconfined_u:system_r:mono_t:SystemLow-SystemHigh
> Target Context
> unconfined_u:system_r:rpm_script_t:SystemLow-SystemHigh
> Target Objects /sbin/ldconfig [ process ]
> Source yum
> Source Path /usr/bin/python
> Port <Unknown>
>
> Source RPM Packages python-2.5.1-15.fc8
> Target RPM Packages glibc-2.7-2
> Policy RPM selinux-policy-3.0.8-95.fc8
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name catchall
>
>
> Raw Audit Messages
>
> type=AVC msg=audit(1208774766.511:30956): avc: denied { transition }
> for pid=4487 comm="yum" path="/sbin/ldconfig" dev=dm-0 ino=852080
> scontext=unconfined_u:system_r:mono_t:s0-s0:c0.c1023
> tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023
> tclass=process
>
> type=SYSCALL msg=audit(1208774766.511:30956): arch=c000003e syscall=59
> success=no exit=-13 a0=1637234f a1=7fff43a32a40 a2=947ac50
> a3=3d4fc13bb2 items=0 ppid=4089 pid=4487 auid=500 uid=0 gid=0 euid=0
> suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts9 comm="yum"
> exe="/usr/bin/python" subj=unconfined_u:system_r:mono_t:s0-s0:c0.c1023
> key=(null)
>
> and
>
> Summary:
>
> SELinux is preventing yum (mono_t) "transition" to /bin/bash (rpm_script_t).
>
> Additional Information:
>
> Source Context unconfined_u:system_r:mono_t:SystemLow-SystemHigh
> Target Context
> unconfined_u:system_r:rpm_script_t:SystemLow-SystemHigh
> Target Objects /bin/bash [ process ]
> Source yum
> Source Path /usr/bin/python
> Port <Unknown>
> Source RPM Packages python-2.5.1-15.fc8
> Target RPM Packages bash-3.2-20.fc8
> Policy RPM selinux-policy-3.0.8-95.fc8
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name catchall
> Alert Count 69
> First Seen Mon 07 Apr 2008 13:02:19 BST
> Last Seen Mon 21 Apr 2008 11:46:06 BST
> Local ID e148a133-5374-43a6-953b-45076d5c667b
> Line Numbers
>
> Raw Audit Messages
>
> type=AVC msg=audit(1208774766.470:30955): avc: denied { transition }
> for pid=4486 comm="yum" path="/bin/bash" dev=dm-0 ino=65580
> scontext=unconfined_u:system_r:mono_t:s0-s0:c0.c1023
> tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023
> tclass=process
>
> type=SYSCALL msg=audit(1208774766.470:30955): arch=c000003e syscall=59
> success=no exit=-13 a0=1658931a a1=7fff43a32a40 a2=947ac50
> a3=3d4fc13bb2 items=0 ppid=4089 pid=4486 auid=500 uid=0 gid=0 euid=0
> suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts9 comm="yum"
> exe="/usr/bin/python" subj=unconfined_u:system_r:mono_t:s0-s0:c0.c1023
> key=(null)
>
> Does this look like a local problem and relabelling is needed?
>
Well why would yum be running as mono_t? So this looks like something
is definitely wrong with your machine. Probably labeling.
> Adam
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkgM69sACgkQrlYvE4MpobPiZQCghe5p/qVzmYGqeW6mwnXtvhuH
lgIAn0TMStfqPnh/DNDgwDESiPm3Sghh
=5SWY
-----END PGP SIGNATURE-----
More information about the selinux
mailing list