Can't remove old kernel with SELinux enabled
Daniel J Walsh
dwalsh at redhat.com
Thu Dec 8 21:00:49 UTC 2005
Stanton Finley wrote:
> Daniel J Walsh wrote:
>
>> What policy do you have installed and what AVC messages to you see in /var/log/audit/audit.log?
>>
>
> The policy is default enforcing and I have not modified this since the initial install. I have some messages such as "type=AVC msg=audit(1134058129.602:21): avc: denied { transition } for pid=3016 comm="yum" name="bash" dev=dm-0 ino=393269 scontext=root:system_r:xdm_t:s0-s0:c0.c255 tcontext=root:system_r:rpm_script_t:s0-s0:c0.c255 tclass=process" in /var/log/audit/audit.log.
>
> Stanton Finley
> http://stanton-finley.net/
>
>
Yes this caused because of a bug in policy.
When you log in you are not transitioning to the proper context. Your
shell is running as xdm_t instead of unconfined_t. If you
switch to a console login you should be able to login with the right
context and do a yum update.
This line
system_r:xdm_t:s0 system_r:unconfined_t:s0
Needs to be added to /etc/selinux/targeted/contexts/default_contexts
And then if you logout and log back you should get the correct context.
policy selinux-policy-targeted-2.1.0-3 fixes this problem.
--
More information about the test
mailing list