Hi Troy, On Mon, 5 Dec 2005, Troy Dawson wrote: > Hi, > Thank you for reporting the bug, and the fix. > > We'll have to figure out what to do with this, because I'm betting that this > is going to come up again and again. > One thing we'll have to look at is how these affect the AFS fixes in the same > rpm's. Maybe they already have the AFS fixes in them, I haven't looked yet. Looks like equivalent fixes are in there. They use nfs_t as the genfs context for /afs instead of defining an afs_t, but that shouldn't matter. And fixfiles in policy-coreutils should prune filesystems not known to handle extended attributes now (only the second part of Jan's change, but sufficient). Anyway, this would not happen at all when selinux-policy-targeted was built on a clean system without AFS home directories. I haven't tested the packages yet, but will soon. Looking at SELinux in FC5 test1, there are significant changes all over the place. I guess AFS sites better start testing that and try to get the necessary changes in there as well. Stephan > At the very least we'll get them into the contrib area and put some notes > somewhere. At least while we're testing. (Now that I've gotten the contrib > scripts working I can say that actually believing that I'll do it) > > Troy > > John Franks wrote: >> I have done a little research. This seems to be a widespread problem. >> It appears on redhat lists and centos lists and bugzilla. >> >> The most useful thing I found is >> https://www.redhat.com/archives/fedora-selinux-list/2005- >> October/msg00114.html >> >> Following the suggestions there I downloaded >> policycoreutils-1.18.1-4.9.i386.rpm and >> selinux-policy-targeted-1.17.30-2.120.noarch.rpm >> >> from >> ftp://people.redhat.com/dwalsh/SELinux/RHEL4/u3/ >> >> This seems to have fixed the problem. However, I note that the SL team >> have made some modifications to selinux-policy-targeted which, of >> course, won't be in this version. I don't think these changes are >> relevant for me, but YMMV. >> >> >> On Sat, 2005-12-03 at 18:35 -0600, John Franks wrote: >> >>> I am getting the following error message about every 2 minutes since >>> upgrading to 4.2. Also usb drives are not automatically mounted and >>> displayed on the desktop when inserted. Both of these problems cease if >>> I stop using selinux. >>> Shutting down auditd and rebooting with audit=0 does not help. >>> >>> Any suggestions? >>> >>> ----------------------------------------------------------- >>> Dec 3 17:31:44 hopf dbus: Can't send to audit system: USER_AVC pid=2536 >>> uid=81 loginuid=-1 message=avc: denied { send_msg } for >>> scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t >>> tclass=dbus > > > -- ---------------------------------------------------- | Stephan Wiesand | | | | | | DESY - DV - | phone +49 33762 7 7370 | | Platanenallee 6 | fax +49 33762 7 7216 | | 15738 Zeuthen | | | Germany | | ----------------------------------------------------