 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Thu, 8 Dec 2005 19:01:08 +0100 |
| Content-Type: | TEXT/PLAIN |
| Parts/Attachments: |
|
|
Hi Troy,
On Mon, 5 Dec 2005, Troy Dawson wrote:
> Hi,
> Thank you for reporting the bug, and the fix.
>
> We'll have to figure out what to do with this, because I'm betting that this
> is going to come up again and again.
> One thing we'll have to look at is how these affect the AFS fixes in the same
> rpm's. Maybe they already have the AFS fixes in them, I haven't looked yet.
Looks like equivalent fixes are in there. They use nfs_t as the genfs
context for /afs instead of defining an afs_t, but that shouldn't matter.
And fixfiles in policy-coreutils should prune filesystems not known to
handle extended attributes now (only the second part of Jan's change, but
sufficient). Anyway, this would not happen at all when
selinux-policy-targeted was built on a clean system without AFS home
directories.
I haven't tested the packages yet, but will soon.
Looking at SELinux in FC5 test1, there are significant changes all over
the place. I guess AFS sites better start testing that and try to get the
necessary changes in there as well.
Stephan
> At the very least we'll get them into the contrib area and put some notes
> somewhere. At least while we're testing. (Now that I've gotten the contrib
> scripts working I can say that actually believing that I'll do it)
>
> Troy
>
> John Franks wrote:
>> I have done a little research. This seems to be a widespread problem.
>> It appears on redhat lists and centos lists and bugzilla.
>>
>> The most useful thing I found is
>> https://www.redhat.com/archives/fedora-selinux-list/2005-
>> October/msg00114.html
>>
>> Following the suggestions there I downloaded
>> policycoreutils-1.18.1-4.9.i386.rpm and
>> selinux-policy-targeted-1.17.30-2.120.noarch.rpm
>>
>> from
>> ftp://people.redhat.com/dwalsh/SELinux/RHEL4/u3/
>>
>> This seems to have fixed the problem. However, I note that the SL team
>> have made some modifications to selinux-policy-targeted which, of
>> course, won't be in this version. I don't think these changes are
>> relevant for me, but YMMV.
>>
>>
>> On Sat, 2005-12-03 at 18:35 -0600, John Franks wrote:
>>
>>> I am getting the following error message about every 2 minutes since
>>> upgrading to 4.2. Also usb drives are not automatically mounted and
>>> displayed on the desktop when inserted. Both of these problems cease if
>>> I stop using selinux.
>>> Shutting down auditd and rebooting with audit=0 does not help.
>>>
>>> Any suggestions?
>>>
>>> -----------------------------------------------------------
>>> Dec 3 17:31:44 hopf dbus: Can't send to audit system: USER_AVC pid=2536
>>> uid=81 loginuid=-1 message=avc: denied { send_msg } for
>>> scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t
>>> tclass=dbus
>
>
>
--
----------------------------------------------------
| Stephan Wiesand | |
| | |
| DESY - DV - | phone +49 33762 7 7370 |
| Platanenallee 6 | fax +49 33762 7 7216 |
| 15738 Zeuthen | |
| Germany | |
----------------------------------------------------
|
|
|
