selinux is now denying its own manager
Gene Heskett
gene.heskett at verizon.net
Tue Aug 5 14:14:34 UTC 2008
On Tuesday 05 August 2008, Daniel J Walsh wrote:
>Gene Heskett wrote:
>> On Monday 04 August 2008, Daniel J Walsh wrote:
>>> Gene Heskett wrote:
>>>> Greetings;
>>>>
>>>> I just did a yumex update which included the python and semanage
>>>> updates, and selinux positively threw a fit.
>>>>
>>>> setroubleshooter says I now have 47 brand new copies of this:
>>>>
>>>> host=coyote.coyote.den type=AVC msg=audit(1217637926.43:906): avc:
>>>> denied { sys_tty_config } for pid=2768 comm="semanage" capability=26
>>>> scontext=system_u:system_r:semanage_t:s0
>>>> tcontext=system_u:system_r:semanage_t:s0 tclass=capability
>>>>
>>>> host=coyote.coyote.den type=SYSCALL msg=audit(1217637926.43:906):
>>>> arch=40000003 syscall=54 success=yes exit=0 a0=1 a1=5401 a2=bfd9796c
>>>> a3=bfd97a8c items=0 ppid=2762 pid=2768 auid=0 uid=0 gid=0 euid=0 suid=0
>>>> fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="semanage"
>>>> exe="/usr/bin/python" subj=system_u:system_r:semanage_t:s0 key=(null)
>>>>
>>>> Fixable?
>>>>
>>>> Thanks.
>>>
>>> These should be fixed in latest Rawhide and Fedora 9 policy.
>>
>> I'm running F8 Daniel. This s/b backported to F8, that is where the
>> problem came from. I haven't changed my repos in ages.
>>
>> Thanks.
>
>Ok, such and old OS. :^)
>
>Dontaudited in selinux-policy-3.0.8-113.fc8
Well, its supposedly still a supported version, till F10 is out plus 30
days. :-)
I have 3.0.8-111.fc8, and nothing newer is being offered. I turned on
updates-testing but 113 isn't there either so I turned it back off.
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
I'm wet! I'm wild!
More information about the fedora-list
mailing list