Selinux and kernel-2.6.12-1.1381 Fedora Core 3

Antonio Olivares olivares14031 at yahoo.com
Wed Nov 9 00:17:23 UTC 2005 


--- Daniel J Walsh <dwalsh at redhat.com> wrote:

> Antonio Olivares wrote:
> > --- Rahul Sundaram <sundaram at redhat.com> wrote:
> >
> >   
> >> Antonio Olivares wrote:
> >>
> >>     
> >>> Dear Kind Folks,
> >>>   I recently updated one of my machines at work
> >>>       
> >> which
> >>     
> >>> was running Fedora Core 3 to
> kernel-2.6.12-1.1381
> >>>       
> >> via
> >>     
> >>> yum.  When I rebooted and booted to the new
> kernel,
> >>>       
> >> I
> >>     
> >>> fired up firefox and could not load yahoo
> webpage. 
> >>>       
> >> I
> >>     
> >>> tried google, Fedorafaq, Distrowatch and
> nothing. 
> >>>       
> >> I
> >>     
> >>> suspected Selinux could be the culprit, so I
> did:
> >>> Hat -> System Settings -> Security Level and
> >>>       
> >> disabled
> >>     
> >>> selinux.  Rebooted with new settings and viola I
> >>>       
> >> could
> >>     
> >>> see yahoo, distrowatch, google, etc.  I went to
> >>> terminal fired up yum and yum update selinux and
> >>>       
> >> gave
> >>     
> >>> me error message.  I tried again this time with
> >>> selinux-targetpolicy? (not to sure) but it went
> >>> through.  I reenabled selinux, and rebooted and
> >>>       
> >> could
> >>     
> >>> not view any webpages again.  I will get back to
> >>>       
> >> the
> >>     
> >>> machine on Monday, and it makes me wonder about
> >>>       
> >> what
> >>     
> >>> do I need to do, which updates I need to run.  
> >>>
> >>> kernel installed ->
> [kernel-2.6.12-1.1381_FC3.i686]
> >>>
> >>> I read very carefully the FAQ for SELinux from 
> >>> http://www.nsa.gov/selinux/info/faq.cfm
> >>> but I am still clueless.  I would like to keep
> >>>       
> >> selinux
> >>     
> >>> enabled and still view webpages.  How can I
> still
> >>>       
> >> do
> >>     
> >>> that?  
> >>>  
> >>>
> >>>       
> >> post to the fedora-selinux list with the AVC
> denied
> >> messages in 
> >> /var/log/messages. Fedora SELinux FAQ is
> available
> >> from
> >>
> >> http://fedoraproject.org/wiki/Communicate
> >> http://fedora.redhat.com/docs/selinux-faq/
> >>
> >> regards
> >> Rahul
> >>
> >> -- 
> >> fedora-list mailing list
> >> fedora-list at redhat.com
> >> To unsubscribe:
> >>
> https://www.redhat.com/mailman/listinfo/fedora-list
> >>
> >>     
> >
> > I'll do that come Monday, thanks for helping.  In
> any
> > case, at home same thing happened, here are some
> avc
> > messages
> >
> > audit(1131052412.181:2): avc:  denied  {
> name_connect
> > } for  pid=4314 comm="gkrellm" dest=7634
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:port_t
> tclass=tcp_socket
> > audit(1131052412.349:3): avc:  denied  {
> name_connect
> > } for  pid=4317 comm="eggcups" dest=631
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:reserved_port_t
> > tclass=tcp_socket
> > audit(1131052412.349:4): avc:  denied  {
> name_connect
> > } for  pid=4317 comm="eggcups" dest=631
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:reserved_port_t
> > tclass=tcp_socket
> > CSLIP: code copyright 1989 Regents of the
> University
> > of California
> > PPP generic driver version 2.4.2
> > PPP Deflate Compression module registered
> > audit(1131052690.058:5): avc:  denied  {
> name_connect
> > } for  pid=4602 comm="firefox-bin" dest=80
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:http_port_t
> > tclass=tcp_socket
> > audit(1131052692.227:6): avc:  denied  {
> name_connect
> > } for  pid=4602 comm="firefox-bin" dest=80
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:http_port_t
> > tclass=tcp_socket
> > audit(1131052699.727:7): avc:  denied  {
> name_connect
> > } for  pid=4602 comm="firefox-bin" dest=80
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:http_port_t
> > tclass=tcp_socket
> > audit(1131052702.155:8): avc:  denied  {
> name_connect
> > } for  pid=4602 comm="firefox-bin" dest=80
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:http_port_t
> > tclass=tcp_socket
> > audit(1131052713.032:9): avc:  denied  {
> name_connect
> > } for  pid=4602 comm="firefox-bin" dest=80
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:http_port_t
> > tclass=tcp_socket
> > audit(1131052718.472:10): avc:  denied  {
> name_connect
> > } for  pid=4602 comm="firefox-bin" dest=80
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:http_port_t
> > tclass=tcp_socket
> > audit(1131052726.685:11): avc:  denied  {
> name_connect
> > } for  pid=4602 comm="firefox-bin" dest=80
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:http_port_t
> > tclass=tcp_socket
> > audit(1131052730.917:12): avc:  denied  {
> name_connect
> > } for  pid=4602 comm="firefox-bin" dest=80
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:http_port_t
> > tclass=tcp_socket
> > audit(1131052743.510:13): avc:  denied  {
> name_connect
> > } for  pid=4617 comm="mozilla-bin" dest=80
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:http_port_t
> > tclass=tcp_socket
> > audit(1131052746.942:14): avc:  denied  {
> name_connect
> > } for  pid=4617 comm="mozilla-bin" dest=80
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:http_port_t
> > tclass=tcp_socket
> > audit(1131052843.092:15): avc:  denied  {
> name_connect
> > } for  pid=4692 comm="mozilla-bin" dest=80
> > scontext=user_u:system_r:unconfined_t
> > tcontext=system_u:object_r:http_port_t
> > tclass=tcp_socket
> > audit(1131052848.928:16): avc:  denied  {
> name_connect
> > } for  pid=4692 comm="mozilla-bin" dest=443
> 
=== message truncated ===

[root at rio ~]# yum update
selinux-policy-targeted-1.17.30-3.19
Setting up Update Process
Setting up Repo:  livna-stable
repomd.xml                100%
|=========================|  951 B    00:00
Setting up Repo:  livna-unstable
repomd.xml                100%
|=========================|  951 B    00:00
Setting up Repo:  updates-released
repomd.xml                100%
|=========================|  951 B    00:00
Setting up Repo:  livna-testing
repomd.xml                100%
|=========================|  951 B    00:00
Setting up Repo:  base
repomd.xml                100%
|=========================| 1.1 kB    00:00
Setting up Repo:  extras
repomd.xml                100%
|=========================|  951 B    00:00
Reading repository metadata in from local files
livna-stab:
##################################################
547/547
livna-unst:
##################################################
151/151
primary.xml.gz            100%
|=========================| 369 kB    00:00
MD Read   :
##################################################
977/977
updates-re:
##################################################
977/977
base      :
##################################################
2622/2622
extras    :
##################################################
1705/1705
Could not find update match for
selinux-policy-targeted-1.17.30-3.19
No Packages marked for Update/Obsoletion

I also tried the direct link but I get the message
porkchop.devel.redhat cannot be found.  Please check
the name and try again.  

Sorry to bother,

Antonio


		
__________________________________ 
Yahoo! FareChase: Search multiple travel sites in one click.
http://farechase.yahoo.com

More information about the fedora-list mailing list