post update label checking script
Steve G
linux_4ever at yahoo.com
Tue Sep 12 12:54:20 UTC 2006
Hi,
I just wanted to let everyone know that I'm making a test script available to
help people testing fedora rawhide updates. What this script does is look at the
yum logs to see if you've updated the system today. (Optionally, you can pass a
date to the script based on your locale, for example "Sep 03" would be valid in
mine.) If updates are found in the logs, it makes a list of rpms and sends that
to fixfiles to see if the update has caused any files to be mislabeled. This can
happen when post install scriptlets do the wrong thing. This script should not
repair anything since its just a test. You can find it here:
http://people.redhat.com/sgrubb/files/testing/selinux-check-new-rpms
Typically, you would run the script after doing "yum update" on a rawhide
machine. There were several bug fixes needed in policycoreutils to make the
script work and hopefully they will be backported to FC5 sometime soon.
Please report any problems you find against the package that owns the files being
reported. For example, when I run the script after today's rawhide update, I get
this:
/etc/named.conf
/etc/rndc.conf
/etc/rndc.key
/etc/named.caching-nameserver.conf
/etc/named.conf
/etc/named.rfc1912.zones
/var/named/named.ca
To see the package:
[root~]# rpm -qf /etc/named.conf
caching-nameserver
This would indicate that named.conf probably has post scriptlets that are
processing files in a selinux unfriendly way.
Feedback and updates are welcome.
-Steve
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the fedora-devel-list
mailing list