Should Yum and up2date understand SELinux roles

Tom Mitchell mitch48 at sbcglobal.net
Sat Mar 27 01:23:32 UTC 2004 

Should yum check "id" for sysadm_r role?

Since %pre and %post actions are problematic a partial install could
result that may not be simple to fix.

Here is a yum session that shows the interaction that is prompting my
question.  Note the scriptlet error followed by "Transaction(s) Complete".


    # yum install xorg-x11-100dpi-fonts
    Gathering header information file(s) from server(s)
    Server: Fedora Core 1.91 - Development Tree
    Finding updated packages
    Downloading needed headers
    Resolving dependencies
    Dependencies resolved
    I will do the following:
    [install: xorg-x11-100dpi-fonts 0.0.6.6-0.0.2004_03_11.9.i386]
    Is this ok [y/N]: y
    Downloading Packages
    Getting xorg-x11-100dpi-fonts-0.0.6.6-0.0.2004_03_11.9.i386.rpm
    xorg-x11-100dpi-fonts-0.0 100% |=========================| 4.2 MB    05:26
    Running test transaction:
    Test transaction complete, Success!
    xorg-x11-100dpi-fonts 100 % done 1/1
    error: setexeccon(root:staff_r:rpm_script_t) fails from context "root:staff_r:staff_t": Invalid argument
    error: %post(xorg-x11-100dpi-fonts-0.0.6.6-0.0.2004_03_11.9) scriptlet failed, exit status 255
    Installed:  xorg-x11-100dpi-fonts 0.0.6.6-0.0.2004_03_11.9.i386
    Transaction(s) Complete

    # id
    uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=root:staff_r:staff_t

    # newrole -r sysadm_r
    Authenticating root.
    Password:

    # rpm -e xorg-x11-100dpi-fonts

    #  yum install xorg-x11-100dpi-fonts
    Gathering header information file(s) from server(s)
    Server: Fedora Core 1.91 - Development Tree
    Finding updated packages
    Downloading needed headers
    Resolving dependencies
    Dependencies resolved
    I will do the following:
    [install: xorg-x11-100dpi-fonts 0.0.6.6-0.0.2004_03_11.9.i386]
    Is this ok [y/N]: y
    Downloading Packages
    Running test transaction:
    Test transaction complete, Success!
    xorg-x11-100dpi-fonts 100 % done 1/1
    Installed:  xorg-x11-100dpi-fonts 0.0.6.6-0.0.2004_03_11.9.i386
    Transaction(s) Complete







-- 
	T o m  M i t c h e l l 
	/dev/null the ultimate in secure storage.

More information about the fedora-selinux-list mailing list