selinux-policy-targeted update is dangerous

Daniel J Walsh dwalsh at redhat.com
Wed Jun 29 19:10:34 UTC 2005


Dan Track wrote:

>Hi
>
>I sympathise with those who have suffered with these updated selinux
>policies. As soon as I updated mine my dhcpd server stopped working
>and wouldn't bind to the interface.
>
>I know this OT but thought I'd just mention the problems that SElinux
>are causing.
>
>Dan
>
>On 6/28/05, Stephen Smalley <sds at tycho.nsa.gov> wrote:
>  
>
>>On Mon, 2005-06-27 at 20:26 -0400, Arthur Pemberton wrote:
>>    
>>
>>> From /var/log/yum.log:
>>>
>>>Jun 27 04:25:18 Updated: selinux-policy-targeted.noarch 1.17.30-3.13
>>>Jun 27 04:26:21 Updated: selinux-policy-targeted-sources.noarch 1.17.30-3.13
>>>------------------------------------------------
>>>
>>>Since then things have come tumbling down here are samples of the errors:
>>>
>>>Jun 27 04:25:27 Romeo kernel: audit(1119860727.362:0): avc:  denied  {
>>>execmod } for  pid=6990 comm=sendmail path=/lib/tls/libm-2.3.5.so
>>>dev=dm-0 ino=5455897 scontext=user_u:system_r:unconfined_t
>>>tcontext=system_u:object_r:lib_t tclass=file
>>>      
>>>
>>Yes, that policy update is broken.  See:
>>https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161834
>>
>>--
>>Stephen Smalley
>>National Security Agency
>>
>>--
>>fedora-list mailing list
>>fedora-list at redhat.com
>>To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>>
>>    
>>
>
>  
>

selinux-policy-targeted-1.17.30-3.15 fixes this problem.  Coming in 
tonights updates.

ftp://people.redhat.com/dwalsh/SELinux/FC3/selinux-policy-targeted-1.17.30-3.16 
is also available now.



-- 





More information about the fedora-list mailing list