Relabelling issue
Arthur Dent
misc.lists at blueyonder.co.uk
Wed Oct 28 09:38:08 UTC 2009
On Mon, 2009-10-26 at 11:39 -0400, Daniel J Walsh wrote:
> On 10/25/2009 09:01 AM, Arthur Dent wrote:
> > Hello all,
> >
> > I got an avc the other day that made me suspect that I might have
> > labelling problems on my Fedora 11 box, so I did a "touch /.autorelabel;
> > reboot"
> >
> > The avc turned out to be unrelated to this, but I was a little surprised
> > to see the following errors during the relabelling process:
> >
> > SELinux: initialized (dev sda3, type fuseblk), uses genfs_contexts
> > type=1404 audit(1256456979.782:4): enforcing=0 old_enforcing=1 auid=4294967295 ses=4294967295
> > SELinux: Context system_u:object_r:gamin_exec_t:s0 is not valid (left unmapped).
> > SELinux: Context system_u:object_r:pppd_script_exec_t:s0 is not valid (left unmapped).
> > SELinux: Context system_u:object_r:NetworkManager_script_exec_t:s0 is not valid (left unmapped).
> > SELinux: Context system_u:object_r:snmp_script_exec_t:s0 is not valid (left unmapped).
> > SELinux: Context system_u:object_r:auditd_script_exec_t:s0 is not valid (left unmapped).
> > SELinux: Context system_u:object_r:bluetooth_script_exec_t:s0 is not valid (left unmapped).
> > SELinux: Context system_u:object_r:httpd_script_exec_t:s0 is not valid (left unmapped).
> > SELinux: Context system_u:object_r:samba_script_exec_t:s0 is not valid (left unmapped).
> > SELinux: Context system_u:object_r:nscd_script_exec_t:s0 is not valid (left unmapped).
> > SELinux: Context system_u:object_r:tor_script_exec_t:s0 is not valid (left unmapped).
> > SELinux: Context system_u:object_r:mysqld_script_exec_t:s0 is not valid (left unmapped).
> > SELinux: Context system_u:object_r:openvpn_script_exec_t:s0 is not valid (left unmapped).
> > SELinux: Context system_u:object_r:kerneloops_script_exec_t:s0 is not valid (left unmapped).
> > SELinux: Context system_u:object_r:ntpd_script_exec_t:s0 is not valid (left unmapped).
> > SELinux: Context system_u:object_r:dnsmasq_script_exec_t:s0 is not valid (left unmapped).
> > SELinux: Context system_u:object_r:privoxy_script_exec_t:s0 is not valid (left unmapped).
> > SELinux: Context system_u:object_r:syslogd_script_exec_t:s0 is not valid (left unmapped).
> > SELinux: Context system_u:object_r:fsdaemon_script_exec_t:s0 is not valid (left unmapped).
> > SELinux: Context system_u:object_r:setroubleshoot_script_exec_t:s0 is not valid (left unmapped).
> > SELinux: Context system_u:object_r:virtd_script_exec_t:s0 is not valid (left unmapped).
> > SELinux: Context system_u:object_r:rpcbind_script_exec_t:s0 is not valid (left unmapped).
> > type=1404 audit(1256457362.896:5): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295
> > Adding 2096440k swap on /dev/sdb10. Priority:-1 extents:1 across:2096440k
> > SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses genfs_contexts
> >
> >
> > Should I be concerned?
> >
> > Thanks for any suggestions...
> >
> > Mark
> >
> > p.s.
> >
> > Latest yum log entries:
> > [root at localhost ~]# cat /var/log/yum.log | grep -i selinux
> > Oct 14 22:04:23 Updated: selinux-policy-3.6.12-85.fc11.noarch
> > Oct 14 22:04:57 Updated: selinux-policy-targeted-3.6.12-85.fc11.noarch
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> This looks like a mismatch of policy and labels on disk.
>
>
> *_script_exec_t was all changed to *_initrc_exec_t and we do not have all of the aliases defined for these.
>
> So relabeling is probably a good idea.
>
> gamin_exec_t has disappeared.
OK - I finally got round to doing another relabel - this time in
permissive mode (I wanted to watch for error messages and couldn't face
the thought of sitting watching little asterisks march across the screen
until today).
Unfortunately I get exactly the same messages during the relabelling
process:
SELinux: initialized (dev sdb6, type ext3), uses xattr
SELinux: initialized (dev sdb11, type vfat), uses genfs_contexts
SELinux: initialized (dev sdb12, type vfat), uses genfs_contexts
fuse init (API version 7.11)
SELinux: initialized (dev sda3, type fuseblk), uses genfs_contexts
SELinux: Context system_u:object_r:gamin_exec_t:s0 is not valid (left unmapped).
SELinux: Context system_u:object_r:pppd_script_exec_t:s0 is not valid (left unmapped).
SELinux: Context system_u:object_r:NetworkManager_script_exec_t:s0 is not valid (left unmapped).
SELinux: Context system_u:object_r:snmp_script_exec_t:s0 is not valid (left unmapped).
SELinux: Context system_u:object_r:auditd_script_exec_t:s0 is not valid (left unmapped).
SELinux: Context system_u:object_r:bluetooth_script_exec_t:s0 is not valid (left unmapped).
SELinux: Context system_u:object_r:httpd_script_exec_t:s0 is not valid (left unmapped).
SELinux: Context system_u:object_r:samba_script_exec_t:s0 is not valid (left unmapped).
SELinux: Context system_u:object_r:nscd_script_exec_t:s0 is not valid (left unmapped).
SELinux: Context system_u:object_r:tor_script_exec_t:s0 is not valid (left unmapped).
SELinux: Context system_u:object_r:mysqld_script_exec_t:s0 is not valid (left unmapped).
SELinux: Context system_u:object_r:openvpn_script_exec_t:s0 is not valid (left unmapped).
SELinux: Context system_u:object_r:kerneloops_script_exec_t:s0 is not valid (left unmapped).
SELinux: Context system_u:object_r:ntpd_script_exec_t:s0 is not valid (left unmapped).
SELinux: Context system_u:object_r:dnsmasq_script_exec_t:s0 is not valid (left unmapped).
SELinux: Context system_u:object_r:privoxy_script_exec_t:s0 is not valid (left unmapped).
SELinux: Context system_u:object_r:syslogd_script_exec_t:s0 is not valid (left unmapped).
SELinux: Context system_u:object_r:fsdaemon_script_exec_t:s0 is not valid (left unmapped).
SELinux: Context system_u:object_r:setroubleshoot_script_exec_t:s0 is not valid (left unmapped).
SELinux: Context system_u:object_r:virtd_script_exec_t:s0 is not valid (left unmapped).
SELinux: Context system_u:object_r:rpcbind_script_exec_t:s0 is not valid (left unmapped).
Adding 2096440k swap on /dev/sdb10. Priority:-1 extents:1 across:2096440k
SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses genfs_contexts
So now I'm not sure what to do - just ignore it and wait until I rebuild
with Fedora 12 - or do something now?
Thanks for any advice...
Mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20091028/6ec5f070/attachment.sig>
More information about the fedora-selinux-list
mailing list