Beware today's updates - selinux is changing home user contexts
Mike Cloaked
mike.cloaked at gmail.com
Mon Mar 2 21:25:36 UTC 2009
Joshua Armstrong-2 wrote:
>
> Mike Cloaked wrote:
>> I have just updated some f10 boxes a few minutes ago. On logging on again
>> after rebooting to the new kernel this evening, the main user directories
>> have had their contexts changed to usr_t so I presume some kind of
>> relabelling has been done - but not correctly! After restorecon -vR
>> /home/user the contexts have mostly reverted to where they should be - I
>> initially noticed because ssh suddenly started demanding a passphrase
>> when
>> it should not need one - and then I noted avc denials.....
>>
>> I hope not too many users are going to have their home directories messed
>> up
>> as a result! The relevant update is
>> selinux-policy-targeted-3.5.13-46.fc10.noarch.rpm
>>
>> This is not good - especially for a stable release!
>>
> I second this - I just verified this on my f10 webserver. Thankfully,
> all the important files are set to httpd_sys_content_t and in read-only
> directories. But it did break being able to read home directories over
> CIFS share.
>
>
I guess these lines in the /var/log/messages are relevant:
Mar 2 19:49:25 home1 yum: Updated: selinux-policy-3.5.13-46.fc10.noarch
Mar 2 19:49:49 home1 dbus: avc: received policyload notice (seqno=2)
Mar 2 19:49:49 home1 dbus: avc: received policyload notice (seqno=2)
I guess it will be in BZ before too long - and I notice that -47 is in
updates testing - hopefully this problem will be fixed before -48 is
released!
--
View this message in context: http://www.nabble.com/Beware-today%27s-updates---selinux-is-changing-home-user-contexts-tp22296110p22296831.html
Sent from the Fedora Test List mailing list archive at Nabble.com.
More information about the fedora-test-list
mailing list