Subject: | |
From: | |
Reply To: | |
Date: | Wed, 12 Jan 2011 09:49:15 -0600 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
g wrote:
> greetings,
>
>
> while running yum update from command line, i got several messages
> stating "/sbin/restorecon reset".
>
> are these something to be of concern, or is this normal?
>
> ria, i received no such messages in previous updates.
>
>
> messages:
>
> +++
> Running Transaction
> Updating : xdg-utils
> Updating : selinux-policy
> Updating : glibc-common
> Updating : jdk
> Unpacking JAR files...
> rt.jar...
> jsse.jar...
> charsets.jar...
> tools.jar...
> localedata.jar...
> plugin.jar...
> javaws.jar...
> deploy.jar...
> Updating : java-1.6.0-sun-compat
> Updating : selinux-policy-targeted
> /sbin/restorecon reset /etc/cups/interfaces context system_u:object_r:cup
> t:s0->system_u:object_r:cupsd_interface_t:s0
> /sbin/restorecon reset /etc/rc.d/init.d/nfs context system_u:object_r:ini
> c_t:s0->system_u:object_r:nfsd_initrc_exec_t:s0
> /sbin/restorecon reset /etc/rc.d/init.d/nfslock context system_u:object_r
> _exec_t:s0->system_u:object_r:rpcd_initrc_exec_t:s0
> /sbin/restorecon reset /etc/rc.d/init.d/rpcidmapd context system_u:object
> rc_exec_t:s0->system_u:object_r:rpcd_initrc_exec_t:s0
> /sbin/restorecon reset /etc/sysconfig/iptables context system_u:object_r:
> 0->system_u:object_r:etc_runtime_t:s0
> Updating : selinux-policy-devel
> Installing : kernel-devel
> Installing : kernel
> +++
>
> tia.
>
***LONG VERSION***
To skip this, go to end of email
From the selinux-policy-targeted postinstall script
fixfiles -C ${FILE_CONTEXT}.pre restore;
From the fixfiles man page
"This script is primarily used to correct the security context database
(extended attributes) on filesystems.
It can also be run at any time to relabel when adding support for new
policy, or just check whether the file contexts are all as you expect.
By default it will relabel all mounted ext2, ext3, xfs and jfs file
systems as long as they do not have a security context mount option. You
can use the -R flag to use rpmpackages as an alternative."
Doing a grep through /sbin/fixfiles we see that it is really using the
program /sbin/restorecon to do it's selinux setting.
From the restorecon man page
"This program is primarily used to set the security context (extended
attributes) on one or more files.
It can be run at any time to correct errors, to add support for new
policy, or with the -n option it can just check whether the file
contexts are all as you expect."
***SHORT VERSION***
Since you have just installed a new selinux policy, it is going through
your system to make sure everything is labeled correctly according to
that policy.
Troy
p.s. Sorry for the long explanation, but I was in the middle of
researching something very similar.
--
__________________________________________________
Troy Dawson [log in to unmask] (630)840-6468
Fermilab ComputingDivision/SCF/FEF/SLSMS Group
__________________________________________________
|
|
|