selinux is now denying its own manager
Daniel J Walsh
dwalsh at redhat.com
Tue Aug 5 21:19:28 UTC 2008
Gene Heskett wrote:
> On Tuesday 05 August 2008, Daniel J Walsh wrote:
>> Gene Heskett wrote:
>>> On Monday 04 August 2008, Daniel J Walsh wrote:
>>>> Gene Heskett wrote:
>>>>> Greetings;
>>>>>
>>>>> I just did a yumex update which included the python and semanage
>>>>> updates, and selinux positively threw a fit.
>>>>>
>>>>> setroubleshooter says I now have 47 brand new copies of this:
>>>>>
>>>>> host=coyote.coyote.den type=AVC msg=audit(1217637926.43:906): avc:
>>>>> denied { sys_tty_config } for pid=2768 comm="semanage" capability=26
>>>>> scontext=system_u:system_r:semanage_t:s0
>>>>> tcontext=system_u:system_r:semanage_t:s0 tclass=capability
>>>>>
>>>>> host=coyote.coyote.den type=SYSCALL msg=audit(1217637926.43:906):
>>>>> arch=40000003 syscall=54 success=yes exit=0 a0=1 a1=5401 a2=bfd9796c
>>>>> a3=bfd97a8c items=0 ppid=2762 pid=2768 auid=0 uid=0 gid=0 euid=0 suid=0
>>>>> fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="semanage"
>>>>> exe="/usr/bin/python" subj=system_u:system_r:semanage_t:s0 key=(null)
>>>>>
>>>>> Fixable?
>>>>>
>>>>> Thanks.
>>>> These should be fixed in latest Rawhide and Fedora 9 policy.
>>> I'm running F8 Daniel. This s/b backported to F8, that is where the
>>> problem came from. I haven't changed my repos in ages.
>>>
>>> Thanks.
>> Ok, such and old OS. :^)
>>
>> Dontaudited in selinux-policy-3.0.8-113.fc8
>
> Well, its supposedly still a supported version, till F10 is out plus 30
> days. :-)
>
> I have 3.0.8-111.fc8, and nothing newer is being offered. I turned on
> updates-testing but 113 isn't there either so I turned it back off.
>
Request has been sent. It is in koji now and should be in testing soon.
More information about the fedora-list
mailing list