selinux-policy-targeted update is dangerous

Arthur Pemberton dalive at flashmail.com
Tue Jun 28 00:26:55 UTC 2005 

 From /var/log/yum.log:

Jun 27 04:25:18 Updated: selinux-policy-targeted.noarch 1.17.30-3.13
Jun 27 04:26:21 Updated: selinux-policy-targeted-sources.noarch 1.17.30-3.13
------------------------------------------------

Since then things have come tumbling down here are samples of the errors:

Jun 27 04:25:27 Romeo kernel: audit(1119860727.362:0): avc:  denied  { 
execmod } for  pid=6990 comm=sendmail path=/lib/tls/libm-2.3.5.so 
dev=dm-0 ino=5455897 scontext=user_u:system_r:unconfined_t 
tcontext=system_u:object_r:lib_t tclass=file

Jun 27 04:30:01 Romeo kernel: audit(1119861001.392:0): avc:  denied  { 
execmod } for  pid=6994 comm=crond path=/lib/libnsl-2.3.5.so dev=dm-0 
ino=5455874 scontext=user_u:system_r:unconfined_t 
tcontext=system_u:object_r:lib_t tclass=file

Jun 27 04:30:01 Romeo kernel: audit(1119861001.413:0): avc:  denied  { 
execmod } for  pid=6994 
comm=crondpath=/lib/libcrypt-2.3.5.sodev=dm-0ino=5455909 
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t 
tclass=file

Jun 27 04:53:38 Romeo kernel: audit(1119862418.204:0): avc:  denied  { 
execmem } for  pid=4238 comm=mysqld scontext=user_u:system_r:mysqld_t 
tcontext=user_u:system_r:mysqld_t tclass=process

 Jun 27 08:22:09 Romeo kernel: audit(1119874929.566:0): avc:  denied  { 
connect } for  pid=4251 exe=/usr/sbin/httpd 
scontext=user_u:system_r:httpd_t tcontext=user_u:system_r:httpd_t 
tclass=tcp_socket
-------------------------------------------------------------

The most noticeable result of all this is that mysql has died:

050627 07:19:27  mysqld started
050627  7:19:28 [Warning] Asked for 196608 thread stack, but got 126976
050627  7:19:28 [ERROR] Fatal error: Can't change to run as user 'mysql' 
;  Please check that the user exists!

( I still have not been able to figure out where the mysql user 
dissappeared to )

Since mysql has been killed by this prob, it has taken down my smtp and 
imap server with it, along with two of my database driven websites. 
Currently, php claims to not even know about the function mysql_connect()

I am going to attempt to recitify the issues with audit2allow. My system 
was working properly when I went to be , ie. pre yum update.

More information about the fedora-list mailing list