post update label checking script
Steve Grubb
sgrubb at redhat.com
Tue Sep 12 13:03:34 UTC 2006
Hi,
I just wanted to let everyone know that I'm making a test script available to
help people testing fedora rawhide updates. What this script does is look at
the yum logs to see if you've updated the system today. (Optionally, you can
pass a date to the script based on your locale, for example "Sep 03" would be
valid in mine.) If updates are found in the logs, it makes a list of rpms and
sends that to fixfiles to see if the update has caused any files to be
mislabeled. This can happen when post install scriptlets do the wrong thing.
This script should not repair anything since its just a test. You can find it
here:
http://people.redhat.com/sgrubb/files/testing/selinux-check-new-rpms
Typically, you would run the script after doing "yum update" on a rawhide
machine. There were several bug fixes needed in policycoreutils to make the
script work and hopefully they will be backported to FC5 sometime soon.
Please report any problems you find against the package that owns the files
being reported. For example, when I run the script after today's rawhide
update, I get this:
/etc/named.conf
/etc/rndc.conf
/etc/rndc.key
/etc/named.caching-nameserver.conf
/etc/named.conf
/etc/named.rfc1912.zones
/var/named/named.ca
To see the package:
[root~]# rpm -qf /etc/named.conf
caching-nameserver
This would indicate that caching-nameserver probably has post scriptlets that
are processing files in a selinux unfriendly way.
Feedback and updates are welcome.
-Steve
More information about the test
mailing list