Fedora Core 5 Test Update: selinux-policy-2.2.36-2.fc5
Rodd Clarkson
rodd at clarkson.id.au
Thu May 4 01:18:10 UTC 2006
On Thu, 2006-05-04 at 11:10 +1000, Rodd Clarkson wrote:
> On Tue, 2006-05-02 at 12:09 -0400, Daniel Walsh wrote:
> > ---------------------------------------------------------------------
> > Fedora Test Update Notification
> > FEDORA-2006-479
> > 2006-05-02
> > ---------------------------------------------------------------------
> >
> > Product : Fedora Core 5
> > Name : selinux-policy
> > Version : 2.2.36
> > Release : 2.fc5
> > Summary : SELinux policy configuration
> > Description :
> > SELinux Reference Policy - modular.
> >
> > ---------------------------------------------------------------------
> >
> > * Mon May 1 2006 Dan Walsh <dwalsh at redhat.com> 2.2.36-2.fc5
> > - Bump for fc5
> > * Mon May 1 2006 Dan Walsh <dwalsh at redhat.com> 2.2.36-2
> > - Fix libjvm spec
> > * Tue Apr 25 2006 Dan Walsh <dwalsh at redhat.com> 2.2.36-1
> > - Update to upstream
> > * Tue Apr 25 2006 James Antill <jantill at redhat.com> 2.2.35-2
> > - Add xm policy
> > - Fix policygentool
> > * Mon Apr 24 2006 Dan Walsh <dwalsh at redhat.com> 2.2.35-1
> > - Update to upstream
> > - Fix postun to only disable selinux on full removal of the packages
> >
> > ---------------------------------------------------------------------
> > This update can be downloaded from:
> > http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/5/
> >
> > a30cd25bb591ec194c3d2e6bffebc7a34c75420a SRPMS/selinux-policy-2.2.36-2.fc5.src.rpm
> > e838e4c4a5928552c23c0f8fcfd68ecb05c63277 ppc/selinux-policy-2.2.36-2.fc5.noarch.rpm
> > a7239cb5043700b83c54115a63e3093cc6b6e38d ppc/selinux-policy-targeted-2.2.36-2.fc5.noarch.rpm
> > f864d2ba2dbca10a6f74f72d911cc91570bf1386 ppc/selinux-policy-mls-2.2.36-2.fc5.noarch.rpm
> > 1ba717c0721f3761e5388d66e90b692d31fcdc3f ppc/selinux-policy-strict-2.2.36-2.fc5.noarch.rpm
> > e838e4c4a5928552c23c0f8fcfd68ecb05c63277 x86_64/selinux-policy-2.2.36-2.fc5.noarch.rpm
> > a7239cb5043700b83c54115a63e3093cc6b6e38d x86_64/selinux-policy-targeted-2.2.36-2.fc5.noarch.rpm
> > f864d2ba2dbca10a6f74f72d911cc91570bf1386 x86_64/selinux-policy-mls-2.2.36-2.fc5.noarch.rpm
> > 1ba717c0721f3761e5388d66e90b692d31fcdc3f x86_64/selinux-policy-strict-2.2.36-2.fc5.noarch.rpm
> > e838e4c4a5928552c23c0f8fcfd68ecb05c63277 i386/selinux-policy-2.2.36-2.fc5.noarch.rpm
> > a7239cb5043700b83c54115a63e3093cc6b6e38d i386/selinux-policy-targeted-2.2.36-2.fc5.noarch.rpm
> > f864d2ba2dbca10a6f74f72d911cc91570bf1386 i386/selinux-policy-mls-2.2.36-2.fc5.noarch.rpm
> > 1ba717c0721f3761e5388d66e90b692d31fcdc3f i386/selinux-policy-strict-2.2.36-2.fc5.noarch.rpm
> >
> > This update can be installed with the 'yum' update program. Use 'yum update
> > package-name' at the command line. For more information, refer to 'Managing
> > Software with yum,' available at http://fedora.redhat.com/docs/yum/.
> > ---------------------------------------------------------------------
>
> Hmmm, after this update I see the following in dmesg:
>
> SELinux: initialized (dev autofs, type autofs), uses genfs_contexts
> audit(1146704785.848:2): avc: denied { getattr } for pid=2359
> comm="hald" name="/" dev=sda7 ino=2 scontext=system_u:system_r:hald_t:s0
> tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
> audit(1146704791.829:3): avc: denied { getattr } for pid=2359
> comm="hald" name="/" dev=sda7 ino=2 scontext=system_u:system_r:hald_t:s0
> tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
> audit(1146704811.121:4): avc: denied { use } for pid=2681
> comm="bluez-pin" name="[8643]" dev=pipefs ino=8643
> scontext=user_u:system_r:bluetooth_helper_t:s0
> tcontext=system_u:system_r:xdm_t:s0-s0:c0.c255 tclass=fd
> audit(1146704811.121:5): avc: denied { write } for pid=2681
> comm="bluez-pin" name="[8643]" dev=pipefs ino=8643
> scontext=user_u:system_r:bluetooth_helper_t:s0
> tcontext=system_u:system_r:xdm_t:s0-s0:c0.c255 tclass=fifo_file
> ISO 9660 Extensions: Microsoft Joliet Level 3
> ISO 9660 Extensions: RRIP_1991A
> SELinux: initialized (dev hdc, type iso9660), uses genfs_contexts
> audit(1146704814.993:6): avc: denied { getattr } for pid=2359
> comm="hald" name="/" dev=sda7 ino=2 scontext=system_u:system_r:hald_t:s0
> tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
> ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready
>
>
> httpd no longer seems to work (no web page is getting displayed from the
> server).
>
Hmmm, this could also be something to do with the most recent kernel
(kernel-2.6.16-1.2107_FC5) as using the last kernel works fine.
R.
--
"It's a fine line between denial and faith.
It's much better on my side"
More information about the test
mailing list