Fedora Core 5 Test Update: selinux-policy-2.2.36-2.fc5

Rodd Clarkson rodd at clarkson.id.au
Thu May 4 01:18:10 UTC 2006 

On Thu, 2006-05-04 at 11:10 +1000, Rodd Clarkson wrote:
> On Tue, 2006-05-02 at 12:09 -0400, Daniel Walsh wrote:
> > ---------------------------------------------------------------------
> > Fedora Test Update Notification
> > FEDORA-2006-479
> > 2006-05-02
> > ---------------------------------------------------------------------
> > 
> > Product     : Fedora Core 5
> > Name        : selinux-policy
> > Version     : 2.2.36                      
> > Release     : 2.fc5                  
> > Summary     : SELinux policy configuration
> > Description :
> > SELinux Reference Policy - modular.
> > 
> > ---------------------------------------------------------------------
> > 
> > * Mon May  1 2006 Dan Walsh <dwalsh at redhat.com> 2.2.36-2.fc5
> > - Bump for fc5
> > * Mon May  1 2006 Dan Walsh <dwalsh at redhat.com> 2.2.36-2
> > - Fix libjvm spec
> > * Tue Apr 25 2006 Dan Walsh <dwalsh at redhat.com> 2.2.36-1
> > - Update to upstream
> > * Tue Apr 25 2006 James Antill <jantill at redhat.com> 2.2.35-2
> > - Add xm policy
> > - Fix policygentool
> > * Mon Apr 24 2006 Dan Walsh <dwalsh at redhat.com> 2.2.35-1
> > - Update to upstream
> > - Fix postun to only disable selinux on full removal of the packages
> > 
> > ---------------------------------------------------------------------
> > This update can be downloaded from:
> >   http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/5/
> > 
> > a30cd25bb591ec194c3d2e6bffebc7a34c75420a  SRPMS/selinux-policy-2.2.36-2.fc5.src.rpm
> > e838e4c4a5928552c23c0f8fcfd68ecb05c63277  ppc/selinux-policy-2.2.36-2.fc5.noarch.rpm
> > a7239cb5043700b83c54115a63e3093cc6b6e38d  ppc/selinux-policy-targeted-2.2.36-2.fc5.noarch.rpm
> > f864d2ba2dbca10a6f74f72d911cc91570bf1386  ppc/selinux-policy-mls-2.2.36-2.fc5.noarch.rpm
> > 1ba717c0721f3761e5388d66e90b692d31fcdc3f  ppc/selinux-policy-strict-2.2.36-2.fc5.noarch.rpm
> > e838e4c4a5928552c23c0f8fcfd68ecb05c63277  x86_64/selinux-policy-2.2.36-2.fc5.noarch.rpm
> > a7239cb5043700b83c54115a63e3093cc6b6e38d  x86_64/selinux-policy-targeted-2.2.36-2.fc5.noarch.rpm
> > f864d2ba2dbca10a6f74f72d911cc91570bf1386  x86_64/selinux-policy-mls-2.2.36-2.fc5.noarch.rpm
> > 1ba717c0721f3761e5388d66e90b692d31fcdc3f  x86_64/selinux-policy-strict-2.2.36-2.fc5.noarch.rpm
> > e838e4c4a5928552c23c0f8fcfd68ecb05c63277  i386/selinux-policy-2.2.36-2.fc5.noarch.rpm
> > a7239cb5043700b83c54115a63e3093cc6b6e38d  i386/selinux-policy-targeted-2.2.36-2.fc5.noarch.rpm
> > f864d2ba2dbca10a6f74f72d911cc91570bf1386  i386/selinux-policy-mls-2.2.36-2.fc5.noarch.rpm
> > 1ba717c0721f3761e5388d66e90b692d31fcdc3f  i386/selinux-policy-strict-2.2.36-2.fc5.noarch.rpm
> > 
> > This update can be installed with the 'yum' update program.  Use 'yum update
> > package-name' at the command line.  For more information, refer to 'Managing
> > Software with yum,' available at http://fedora.redhat.com/docs/yum/.
> > ---------------------------------------------------------------------
> 
> Hmmm, after this update I see the following in dmesg:
> 
> SELinux: initialized (dev autofs, type autofs), uses genfs_contexts
> audit(1146704785.848:2): avc:  denied  { getattr } for  pid=2359
> comm="hald" name="/" dev=sda7 ino=2 scontext=system_u:system_r:hald_t:s0
> tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
> audit(1146704791.829:3): avc:  denied  { getattr } for  pid=2359
> comm="hald" name="/" dev=sda7 ino=2 scontext=system_u:system_r:hald_t:s0
> tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
> audit(1146704811.121:4): avc:  denied  { use } for  pid=2681
> comm="bluez-pin" name="[8643]" dev=pipefs ino=8643
> scontext=user_u:system_r:bluetooth_helper_t:s0
> tcontext=system_u:system_r:xdm_t:s0-s0:c0.c255 tclass=fd
> audit(1146704811.121:5): avc:  denied  { write } for  pid=2681
> comm="bluez-pin" name="[8643]" dev=pipefs ino=8643
> scontext=user_u:system_r:bluetooth_helper_t:s0
> tcontext=system_u:system_r:xdm_t:s0-s0:c0.c255 tclass=fifo_file
> ISO 9660 Extensions: Microsoft Joliet Level 3
> ISO 9660 Extensions: RRIP_1991A
> SELinux: initialized (dev hdc, type iso9660), uses genfs_contexts
> audit(1146704814.993:6): avc:  denied  { getattr } for  pid=2359
> comm="hald" name="/" dev=sda7 ino=2 scontext=system_u:system_r:hald_t:s0
> tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
> ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready
> 
> 
> httpd no longer seems to work (no web page is getting displayed from the
> server).
> 
Hmmm, this could also be something to do with the most recent kernel
(kernel-2.6.16-1.2107_FC5) as using the last kernel works fine.


R.
-- 
"It's a fine line between denial and faith.
 It's much better on my side"

More information about the fedora-test-list mailing list