Selinux and kernel-2.6.12-1.1381 Fedora Core 3
Antonio Olivares
olivares14031 at yahoo.com
Wed Nov 9 00:17:23 UTC 2005
--- Daniel J Walsh <dwalsh at redhat.com> wrote:
> Antonio Olivares wrote:
> > --- Rahul Sundaram <sundaram at redhat.com> wrote:
> >
> >
> >> Antonio Olivares wrote:
> >>
> >>
> >>> Dear Kind Folks,
> >>> I recently updated one of my machines at work
> >>>
> >> which
> >>
> >>> was running Fedora Core 3 to
> kernel-2.6.12-1.1381
> >>>
> >> via
> >>
> >>> yum. When I rebooted and booted to the new
> kernel,
> >>>
> >> I
> >>
> >>> fired up firefox and could not load yahoo
> webpage.
> >>>
> >> I
> >>
> >>> tried google, Fedorafaq, Distrowatch and
> nothing.
> >>>
> >> I
> >>
> >>> suspected Selinux could be the culprit, so I
> did:
> >>> Hat -> System Settings -> Security Level and
> >>>
> >> disabled
> >>
> >>> selinux. Rebooted with new settings and viola I
> >>>
> >> could
> >>
> >>> see yahoo, distrowatch, google, etc. I went to
> >>> terminal fired up yum and yum update selinux and
> >>>
> >> gave
> >>
> >>> me error message. I tried again this time with
> >>> selinux-targetpolicy? (not to sure) but it went
> >>> through. I reenabled selinux, and rebooted and
> >>>
> >> could
> >>
> >>> not view any webpages again. I will get back to
> >>>
> >> the
> >>
> >>> machine on Monday, and it makes me wonder about
> >>>
> >> what
> >>
> >>> do I need to do, which updates I need to run.
> >>>
> >>> kernel installed ->
> [kernel-2.6.12-1.1381_FC3.i686]
> >>>
> >>> I read very carefully the FAQ for SELinux from
> >>> http://www.nsa.gov/selinux/info/faq.cfm
> >>> but I am still clueless. I would like to keep
> >>>
> >> selinux
> >>
> >>> enabled and still view webpages. How can I
> still
> >>>
> >> do
> >>
> >>> that?
> >>>
> >>>
> >>>
> >> post to the fedora-selinux list with the AVC
> denied
> >> messages in
> >> /var/log/messages. Fedora SELinux FAQ is
> available
> >> from
> >>
> >> http://fedoraproject.org/wiki/Communicate
> >> http://fedora.redhat.com/docs/selinux-faq/
> >>
> >> regards
> >> Rahul
> >>
> >> --
> >> fedora-list mailing list
> >> fedora-list at redhat.com
> >> To unsubscribe:
> >>
> https://www.redhat.com/mailman/listinfo/fedora-list
> >>
> >>
> >
> > I'll do that come Monday, thanks for helping. In
> any
> > case, at home same thing happened, here are some
> avc
> > messages
> >
> > audit(1131052412.181:2): avc: denied {
> name_connect
> > } for pid=4314 comm="gkrellm" dest=7634
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:port_t
> tclass=tcp_socket
> > audit(1131052412.349:3): avc: denied {
> name_connect
> > } for pid=4317 comm="eggcups" dest=631
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:reserved_port_t
> > tclass=tcp_socket
> > audit(1131052412.349:4): avc: denied {
> name_connect
> > } for pid=4317 comm="eggcups" dest=631
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:reserved_port_t
> > tclass=tcp_socket
> > CSLIP: code copyright 1989 Regents of the
> University
> > of California
> > PPP generic driver version 2.4.2
> > PPP Deflate Compression module registered
> > audit(1131052690.058:5): avc: denied {
> name_connect
> > } for pid=4602 comm="firefox-bin" dest=80
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:http_port_t
> > tclass=tcp_socket
> > audit(1131052692.227:6): avc: denied {
> name_connect
> > } for pid=4602 comm="firefox-bin" dest=80
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:http_port_t
> > tclass=tcp_socket
> > audit(1131052699.727:7): avc: denied {
> name_connect
> > } for pid=4602 comm="firefox-bin" dest=80
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:http_port_t
> > tclass=tcp_socket
> > audit(1131052702.155:8): avc: denied {
> name_connect
> > } for pid=4602 comm="firefox-bin" dest=80
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:http_port_t
> > tclass=tcp_socket
> > audit(1131052713.032:9): avc: denied {
> name_connect
> > } for pid=4602 comm="firefox-bin" dest=80
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:http_port_t
> > tclass=tcp_socket
> > audit(1131052718.472:10): avc: denied {
> name_connect
> > } for pid=4602 comm="firefox-bin" dest=80
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:http_port_t
> > tclass=tcp_socket
> > audit(1131052726.685:11): avc: denied {
> name_connect
> > } for pid=4602 comm="firefox-bin" dest=80
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:http_port_t
> > tclass=tcp_socket
> > audit(1131052730.917:12): avc: denied {
> name_connect
> > } for pid=4602 comm="firefox-bin" dest=80
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:http_port_t
> > tclass=tcp_socket
> > audit(1131052743.510:13): avc: denied {
> name_connect
> > } for pid=4617 comm="mozilla-bin" dest=80
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:http_port_t
> > tclass=tcp_socket
> > audit(1131052746.942:14): avc: denied {
> name_connect
> > } for pid=4617 comm="mozilla-bin" dest=80
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:http_port_t
> > tclass=tcp_socket
> > audit(1131052843.092:15): avc: denied {
> name_connect
> > } for pid=4692 comm="mozilla-bin" dest=80
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:http_port_t
> > tclass=tcp_socket
> > audit(1131052848.928:16): avc: denied {
> name_connect
> > } for pid=4692 comm="mozilla-bin" dest=443
>
=== message truncated ===
[root at rio ~]# yum update
selinux-policy-targeted-1.17.30-3.19
Setting up Update Process
Setting up Repo: livna-stable
repomd.xml 100%
|=========================| 951 B 00:00
Setting up Repo: livna-unstable
repomd.xml 100%
|=========================| 951 B 00:00
Setting up Repo: updates-released
repomd.xml 100%
|=========================| 951 B 00:00
Setting up Repo: livna-testing
repomd.xml 100%
|=========================| 951 B 00:00
Setting up Repo: base
repomd.xml 100%
|=========================| 1.1 kB 00:00
Setting up Repo: extras
repomd.xml 100%
|=========================| 951 B 00:00
Reading repository metadata in from local files
livna-stab:
##################################################
547/547
livna-unst:
##################################################
151/151
primary.xml.gz 100%
|=========================| 369 kB 00:00
MD Read :
##################################################
977/977
updates-re:
##################################################
977/977
base :
##################################################
2622/2622
extras :
##################################################
1705/1705
Could not find update match for
selinux-policy-targeted-1.17.30-3.19
No Packages marked for Update/Obsoletion
I also tried the direct link but I get the message
porkchop.devel.redhat cannot be found. Please check
the name and try again.
Sorry to bother,
Antonio
__________________________________
Yahoo! FareChase: Search multiple travel sites in one click.
http://farechase.yahoo.com
More information about the users
mailing list