LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

January 2011

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS January 2011

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: yum update with '/sbin/restorecon reset' message
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Wed, 12 Jan 2011 09:49:15 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (92 lines)

g wrote:
> greetings,
> 
> 
> while running yum update from command line, i got several messages
> stating "/sbin/restorecon reset".
> 
> are these something to be of concern, or is this normal?
> 
> ria, i received no such messages in previous updates.
> 
> 
> messages:
> 
> +++
> Running Transaction
>   Updating       : xdg-utils
>   Updating       : selinux-policy
>   Updating       : glibc-common
>   Updating       : jdk
> Unpacking JAR files...
>         rt.jar...
>         jsse.jar...
>         charsets.jar...
>         tools.jar...
>         localedata.jar...
>         plugin.jar...
>         javaws.jar...
>         deploy.jar...
>   Updating       : java-1.6.0-sun-compat
>   Updating       : selinux-policy-targeted
> /sbin/restorecon reset /etc/cups/interfaces context system_u:object_r:cup
> t:s0->system_u:object_r:cupsd_interface_t:s0
> /sbin/restorecon reset /etc/rc.d/init.d/nfs context system_u:object_r:ini
> c_t:s0->system_u:object_r:nfsd_initrc_exec_t:s0
> /sbin/restorecon reset /etc/rc.d/init.d/nfslock context system_u:object_r
> _exec_t:s0->system_u:object_r:rpcd_initrc_exec_t:s0
> /sbin/restorecon reset /etc/rc.d/init.d/rpcidmapd context system_u:object
> rc_exec_t:s0->system_u:object_r:rpcd_initrc_exec_t:s0
> /sbin/restorecon reset /etc/sysconfig/iptables context system_u:object_r:
> 0->system_u:object_r:etc_runtime_t:s0
>   Updating       : selinux-policy-devel
>   Installing     : kernel-devel
>   Installing     : kernel
> +++
> 
> tia.
> 

***LONG VERSION***
To skip this, go to end of email

 From the selinux-policy-targeted postinstall script

   fixfiles -C ${FILE_CONTEXT}.pre restore;

 From the fixfiles man page

"This script is primarily used to correct the security context database 
(extended attributes) on filesystems.
  It can also be run at any time to relabel when adding support for new 
policy, or just check whether the file contexts are all as you expect. 
By default it will relabel all mounted ext2, ext3, xfs and jfs file 
systems as long as they do not have a security context mount option. You 
can use the -R flag to use rpmpackages as an alternative."

Doing a grep through /sbin/fixfiles we see that it is really using the 
program /sbin/restorecon to do it's selinux setting.

 From the restorecon man page

"This program is primarily used to set the security context (extended 
attributes) on one or more files.
It can be run at any time to correct errors, to add support for new 
policy, or with the -n option it can just check whether the file 
contexts are all as you expect."

***SHORT VERSION***

Since you have just installed a new selinux policy, it is going through 
your system to make sure everything is labeled correctly according to 
that policy.

Troy
p.s. Sorry for the long explanation, but I was in the middle of 
researching something very similar.
-- 
__________________________________________________
Troy Dawson  [log in to unmask]  (630)840-6468
Fermilab  ComputingDivision/SCF/FEF/SLSMS Group
__________________________________________________

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV