avc denied from kernel 427 update
Richard Hally
rhally at mindspring.com
Sun Jun 13 07:47:42 UTC 2004
Tom London wrote:
> The warnings seem to be caused by 'rpm' not assigning the proper
> contexts to 'installed' files.
>
> The 'FATAL' message from 'mkinitrd' seems to be due to a problem with
> 'ulimit' defaults.
>
> A workaround until fixed, install/update kernel only in permissive mode,
> and make sure you do a 'ulimit -l unlimited' before running 'yum' (so
> you'll enter 'setenforce 0; ulimit -l unlimited'). I think you'll still
> get the warnings, but the command will succeed without the fatal error.
<snip>
> --------------------------------------
> * From: Richard Hally <rhallyx mindspring com>
> * To: fedora-selinux-list redhat com
> * Subject: avc denied from kernel 427 update
> * Date: Sun, 13 Jun 2004 02:29:05 -0400
>
> Below a few of the over 100 warning and error messages from doing yum
> update today.(6/12/04) Of the ones that didn't scroll off, they are all
> about the 427/build directory tree.
> This is in enforcing mode using the most recent strict policy that
> existed before todays update to
> selinux-policy-strict-sources-1.13.4-5. The avc denied messages are
> further below.
> HTH
> Richard Hally
>
<snip>
Thanks for the reminders about ulimit and resetting file contexts after
an update of policy.
My simplistic approach is:
setenforce 0
rpm -e kernel-2.6.6-1.427
ulimit -l unlimited
yum install kernel
reboot single enforcing=0 (with the 422 kernel, the 427 kernel is FUBAR)
fixfiles relabel
rpm -e kernel-2.6.6-1.427
!
Richard Hally
More information about the fedora-selinux-list
mailing list