[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: selinux-policy-targeted update is dangerous



Arthur Pemberton wrote:


From /var/log/yum.log:

Jun 27 04:25:18 Updated: selinux-policy-targeted.noarch 1.17.30-3.13
Jun 27 04:26:21 Updated: selinux-policy-targeted-sources.noarch 1.17.30-3.13
------------------------------------------------


Since then things have come tumbling down here are samples of the errors:

Jun 27 04:25:27 Romeo kernel: audit(1119860727.362:0): avc: denied { execmod } for pid=6990 comm=sendmail path=/lib/tls/libm-2.3.5.so dev=dm-0 ino=5455897 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file

Jun 27 04:30:01 Romeo kernel: audit(1119861001.392:0): avc: denied { execmod } for pid=6994 comm=crond path=/lib/libnsl-2.3.5.so dev=dm-0 ino=5455874 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file

Jun 27 04:30:01 Romeo kernel: audit(1119861001.413:0): avc: denied { execmod } for pid=6994 comm=crondpath=/lib/libcrypt-2.3.5.sodev=dm-0ino=5455909 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t tclass=file

Jun 27 04:53:38 Romeo kernel: audit(1119862418.204:0): avc: denied { execmem } for pid=4238 comm=mysqld scontext=user_u:system_r:mysqld_t tcontext=user_u:system_r:mysqld_t tclass=process

Jun 27 08:22:09 Romeo kernel: audit(1119874929.566:0): avc: denied { connect } for pid=4251 exe=/usr/sbin/httpd scontext=user_u:system_r:httpd_t tcontext=user_u:system_r:httpd_t tclass=tcp_socket
-------------------------------------------------------------


The most noticeable result of all this is that mysql has died:

050627 07:19:27 mysqld started
050627 7:19:28 [Warning] Asked for 196608 thread stack, but got 126976
050627 7:19:28 [ERROR] Fatal error: Can't change to run as user 'mysql' ; Please check that the user exists!


( I still have not been able to figure out where the mysql user dissappeared to )

Since mysql has been killed by this prob, it has taken down my smtp and imap server with it, along with two of my database driven websites. Currently, php claims to not even know about the function mysql_connect()

I am going to attempt to recitify the issues with audit2allow. My system was working properly when I went to be , ie. pre yum update.

Well I've since attempted:

# cd /etc/selinux/strict/src/policy
# audit2allow -i /var/log/messages -l > domains/msic/local.te
# make reload

I ended up with:

domains/misc/local.te:12:ERROR 'syntax error' at token ';' on line 4180:
allow mysqld_t process: execmem;
allow mysqld_t self:process execmem;
/usr/bin/checkpolicy: error(s) encountered while parsing configuration
make: *** [/etc/selinux/targeted/policy/policy.18] Error 1
------------------------------------------

So I reverted the changes ot local.te and did a `yum --oldpackage -Uhv` selinux-policy-targeted and selinux-policy-targeted-sources to the prior version. I also am going to temporarily turn of my yum service so that the selinux deosnt' get updated in my sleep again.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]