post update label checking script
Jim Cornette
fct-cornette at insight.rr.com
Tue Sep 12 21:27:54 UTC 2006
Steve Grubb wrote:
> Hi,
>
> I just wanted to let everyone know that I'm making a test script available to
> help people testing fedora rawhide updates. What this script does is look at
> the yum logs to see if you've updated the system today. (Optionally, you can
> pass a date to the script based on your locale, for example "Sep 03" would be
> valid in mine.) If updates are found in the logs, it makes a list of rpms and
> sends that to fixfiles to see if the update has caused any files to be
> mislabeled. This can happen when post install scriptlets do the wrong thing.
> This script should not repair anything since its just a test. You can find it
> here:
>
> http://people.redhat.com/sgrubb/files/testing/selinux-check-new-rpms
>
> Typically, you would run the script after doing "yum update" on a rawhide
> machine. There were several bug fixes needed in policycoreutils to make the
> script work and hopefully they will be backported to FC5 sometime soon.
>
> Please report any problems you find against the package that owns the files
> being reported. For example, when I run the script after today's rawhide
> update, I get this:
>
> /etc/named.conf
> /etc/rndc.conf
> /etc/rndc.key
> /etc/named.caching-nameserver.conf
> /etc/named.conf
> /etc/named.rfc1912.zones
> /var/named/named.ca
>
> To see the package:
>
> [root~]# rpm -qf /etc/named.conf
> caching-nameserver
>
> This would indicate that caching-nameserver probably has post scriptlets that
> are processing files in a selinux unfriendly way.
>
> Feedback and updates are welcome.
>
> -Steve
>
I ran the script on FC5 and ended up with named errors as well as kernel
module errors. Is there any output needed to flag possible backporting
problems with the present FC5 policycoreutils version? Or is adequate
information already available to improve policycoreutils for FC5?
Thanks,
Jim
--
Libtool shared library portability is only slightly more believable than
perpetual motion machines. Especially on AIX :)."
-- David Leimbach
More information about the test
mailing list