changed selinux to permissive get new avcs (Solved)
Antonio Olivares
olivares14031 at yahoo.com
Sun Apr 2 16:22:16 UTC 2006
% parts of message removed
>That should be:
>
>touch /.autorelabel
>
>Then reboot.
>
>Bob
>
>--
>Bob Kashani
>----
Ok, Problem has been solved. Here's what I did,
I yum updated selinux*
[olivares at localhost ~]$ su -
Password:
[root at localhost ~]# yum update selinux*
Setting up Update Process
Setting up repositories
updates-released 100%
|=========================| 951 B 00:00
extras 100%
|=========================| 1.1 kB 00:00
base 100%
|=========================| 1.1 kB 00:00
Reading repository metadata in from local files
primary.xml.gz 100%
|=========================| 387 kB 01:24
updates-re:
##################################################
1075/1075
Added 1075 new packages, deleted 0 old in 12.94
seconds
primary.xml.gz 100%
|=========================| 1.2 MB 04:25
extras :
##################################################
3482/3482
Added 3482 new packages, deleted 0 old in 33.80
seconds
primary.xml.gz 100%
|=========================| 824 kB 03:40
base :
##################################################
2772/2772
Added 2772 new packages, deleted 0 old in 23.76
seconds
Resolving Dependencies
--> Populating transaction set with selected packages.
Please wait.
---> Downloading header for
selinux-policy-strict-sources to pack into transaction
set.
http://klid.dk/homeftp/fedora/linux/core/updates/4/i386/selinux-policy-strict-sources-1.27.1-2.27.noarch.rpm:
[Errno 4] IOError: HTTP Error 403: Date: Sun, 02 Apr
2006 04:12:44 GMT
Server: Apache/2.0.54 (Mandriva
Linux/PREFORK-13.2.20060mdk)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Trying other mirror.
selinux-policy-strict-sou 100%
|=========================| 124 kB 00:09
---> Package selinux-policy-strict-sources.noarch
0:1.27.1-2.27 set to be updated
---> Downloading header for selinux-policy-strict to
pack into transaction set.
selinux-policy-strict-1.2 100%
|=========================| 47 kB 00:04
---> Package selinux-policy-strict.noarch
0:1.27.1-2.27 set to be updated
---> Downloading header for
selinux-policy-targeted-sources to pack into
transaction set.
selinux-policy-targeted-s 100%
|=========================| 93 kB 00:07
---> Package selinux-policy-targeted-sources.noarch
0:1.27.1-2.22 set to be updated
---> Downloading header for selinux-policy-targeted to
pack into transaction set.
selinux-policy-targeted-1 100%
|=========================| 50 kB 00:04
---> Package selinux-policy-targeted.noarch
0:1.27.1-2.22 set to be updated
--> Running transaction check
Dependencies Resolved
=============================================================================
Package Arch Version
Repository Size
=============================================================================
Updating:
selinux-policy-strict noarch 1.27.1-2.27
updates-released 1.9 M
selinux-policy-strict-sources noarch 1.27.1-2.27
updates-released 378 k
selinux-policy-targeted noarch 1.27.1-2.22
updates-released 924 k
selinux-policy-targeted-sources noarch
1.27.1-2.22 updates-released 281 k
Transaction Summary
=============================================================================
Install 0 Package(s)
Update 4 Package(s)
Remove 0 Package(s)
Total download size: 3.5 M
Is this ok [y/N]: y
Downloading Packages:
[olivares at localhost ~]$ su -
Password:
[root at localhost ~]# yum update selinux*
Setting up Update Process
Setting up repositories
updates-released 100%
|=========================| 951 B 00:00
extras 100%
|=========================| 1.1 kB 00:00
base 100%
|=========================| 1.1 kB 00:00
Reading repository metadata in from local files
primary.xml.gz 100%
|=========================| 387 kB 01:24
updates-re:
##################################################
1075/1075
Added 1075 new packages, deleted 0 old in 12.94
seconds
primary.xml.gz 100%
|=========================| 1.2 MB 04:25
extras :
##################################################
3482/3482
Added 3482 new packages, deleted 0 old in 33.80
seconds
primary.xml.gz 100%
|=========================| 824 kB 03:40
base :
##################################################
2772/2772
Added 2772 new packages, deleted 0 old in 23.76
seconds
Resolving Dependencies
--> Populating transaction set with selected packages.
Please wait.
---> Downloading header for
selinux-policy-strict-sources to pack into transaction
set.
http://klid.dk/homeftp/fedora/linux/core/updates/4/i386/selinux-policy-strict-sources-1.27.1-2.27.noarch.rpm:
[Errno 4] IOError: HTTP Error 403: Date: Sun, 02 Apr
2006 04:12:44 GMT
Server: Apache/2.0.54 (Mandriva
Linux/PREFORK-13.2.20060mdk)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Trying other mirror.
selinux-policy-strict-sou 100%
|=========================| 124 kB 00:09
---> Package selinux-policy-strict-sources.noarch
0:1.27.1-2.27 set to be updated
---> Downloading header for selinux-policy-strict to
pack into transaction set.
selinux-policy-strict-1.2 100%
|=========================| 47 kB 00:04
---> Package selinux-policy-strict.noarch
0:1.27.1-2.27 set to be updated
---> Downloading header for
selinux-policy-targeted-sources to pack into
transaction set.
selinux-policy-targeted-s 100%
|=========================| 93 kB 00:07
---> Package selinux-policy-targeted-sources.noarch
0:1.27.1-2.22 set to be updated
---> Downloading header for selinux-policy-targeted to
pack into transaction set.
selinux-policy-targeted-1 100%
|=========================| 50 kB 00:04
---> Package selinux-policy-targeted.noarch
0:1.27.1-2.22 set to be updated
--> Running transaction check
Dependencies Resolved
=============================================================================
Package Arch Version
Repository Size
=============================================================================
Updating:
selinux-policy-strict noarch 1.27.1-2.27
updates-released 1.9 M
selinux-policy-strict-sources noarch 1.27.1-2.27
updates-released 378 k
selinux-policy-targeted noarch 1.27.1-2.22
updates-released 924 k
selinux-policy-targeted-sources noarch
1.27.1-2.22 updates-released 281 k
Transaction Summary
=============================================================================
Install 0 Package(s)
Update 4 Package(s)
Remove 0 Package(s)
Total download size: 3.5 M
Is this ok [y/N]: y
Downloading Packages:
[olivares at localhost ~]$ su -
Password:
[root at localhost ~]# yum update selinux*
Setting up Update Process
Setting up repositories
updates-released 100%
|=========================| 951 B 00:00
extras 100%
|=========================| 1.1 kB 00:00
base 100%
|=========================| 1.1 kB 00:00
Reading repository metadata in from local files
primary.xml.gz 100%
|=========================| 387 kB 01:24
updates-re:
##################################################
1075/1075
Added 1075 new packages, deleted 0 old in 12.94
seconds
primary.xml.gz 100%
|=========================| 1.2 MB 04:25
extras :
##################################################
3482/3482
Added 3482 new packages, deleted 0 old in 33.80
seconds
primary.xml.gz 100%
|=========================| 824 kB 03:40
base :
##################################################
2772/2772
Added 2772 new packages, deleted 0 old in 23.76
seconds
Resolving Dependencies
--> Populating transaction set with selected packages.
Please wait.
---> Downloading header for
selinux-policy-strict-sources to pack into transaction
set.
http://klid.dk/homeftp/fedora/linux/core/updates/4/i386/selinux-policy-strict-sources-1.27.1-2.27.noarch.rpm:
[Errno 4] IOError: HTTP Error 403: Date: Sun, 02 Apr
2006 04:12:44 GMT
Server: Apache/2.0.54 (Mandriva
Linux/PREFORK-13.2.20060mdk)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Trying other mirror.
selinux-policy-strict-sou 100%
|=========================| 124 kB 00:09
---> Package selinux-policy-strict-sources.noarch
0:1.27.1-2.27 set to be updated
---> Downloading header for selinux-policy-strict to
pack into transaction set.
selinux-policy-strict-1.2 100%
|=========================| 47 kB 00:04
---> Package selinux-policy-strict.noarch
0:1.27.1-2.27 set to be updated
---> Downloading header for
selinux-policy-targeted-sources to pack into
transaction set.
selinux-policy-targeted-s 100%
|=========================| 93 kB 00:07
---> Package selinux-policy-targeted-sources.noarch
0:1.27.1-2.22 set to be updated
---> Downloading header for selinux-policy-targeted to
pack into transaction set.
selinux-policy-targeted-1 100%
|=========================| 50 kB 00:04
---> Package selinux-policy-targeted.noarch
0:1.27.1-2.22 set to be updated
--> Running transaction check
Dependencies Resolved
=============================================================================
Package Arch Version
Repository Size
=============================================================================
Updating:
selinux-policy-strict noarch 1.27.1-2.27
updates-released 1.9 M
selinux-policy-strict-sources noarch 1.27.1-2.27
updates-released 378 k
selinux-policy-targeted noarch 1.27.1-2.22
updates-released 924 k
selinux-policy-targeted-sources noarch
1.27.1-2.22 updates-released 281 k
Transaction Summary
=============================================================================
Install 0 Package(s)
Update 4 Package(s)
Remove 0 Package(s)
Total download size: 3.5 M
Is this ok [y/N]: y
Downloading Packages:
[olivares at localhost ~]$ su -
Password:
[root at localhost ~]# yum update selinux*
Setting up Update Process
Setting up repositories
updates-released 100%
|=========================| 951 B 00:00
extras 100%
|=========================| 1.1 kB 00:00
base 100%
|=========================| 1.1 kB 00:00
Reading repository metadata in from local files
primary.xml.gz 100%
|=========================| 387 kB 01:24
updates-re:
##################################################
1075/1075
Added 1075 new packages, deleted 0 old in 12.94
seconds
primary.xml.gz 100%
|=========================| 1.2 MB 04:25
extras :
##################################################
3482/3482
Added 3482 new packages, deleted 0 old in 33.80
seconds
primary.xml.gz 100%
|=========================| 824 kB 03:40
base :
##################################################
2772/2772
Added 2772 new packages, deleted 0 old in 23.76
seconds
Resolving Dependencies
--> Populating transaction set with selected packages.
Please wait.
---> Downloading header for
selinux-policy-strict-sources to pack into transaction
set.
http://klid.dk/homeftp/fedora/linux/core/updates/4/i386/selinux-policy-strict-sources-1.27.1-2.27.noarch.rpm:
[Errno 4] IOError: HTTP Error 403: Date: Sun, 02 Apr
2006 04:12:44 GMT
Server: Apache/2.0.54 (Mandriva
Linux/PREFORK-13.2.20060mdk)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Trying other mirror.
selinux-policy-strict-sou 100%
|=========================| 124 kB 00:09
---> Package selinux-policy-strict-sources.noarch
0:1.27.1-2.27 set to be updated
---> Downloading header for selinux-policy-strict to
pack into transaction set.
selinux-policy-strict-1.2 100%
|=========================| 47 kB 00:04
---> Package selinux-policy-strict.noarch
0:1.27.1-2.27 set to be updated
---> Downloading header for
selinux-policy-targeted-sources to pack into
transaction set.
selinux-policy-targeted-s 100%
|=========================| 93 kB 00:07
---> Package selinux-policy-targeted-sources.noarch
0:1.27.1-2.22 set to be updated
---> Downloading header for selinux-policy-targeted to
pack into transaction set.
selinux-policy-targeted-1 100%
|=========================| 50 kB 00:04
---> Package selinux-policy-targeted.noarch
0:1.27.1-2.22 set to be updated
--> Running transaction check
Dependencies Resolved
=============================================================================
Package Arch Version
Repository Size
=============================================================================
Updating:
selinux-policy-strict noarch 1.27.1-2.27
updates-released 1.9 M
selinux-policy-strict-sources noarch 1.27.1-2.27
updates-released 378 k
selinux-policy-targeted noarch 1.27.1-2.22
updates-released 924 k
selinux-policy-targeted-sources noarch
1.27.1-2.22 updates-released 281 k
Transaction Summary
=============================================================================
Install 0 Package(s)
Update 4 Package(s)
Remove 0 Package(s)
Total download size: 3.5 M
Is this ok [y/N]: y
Downloading Packages:
(1/4): selinux-policy-str 100%
|=========================| 378 kB 01:05
(2/4): selinux-policy-str 100%
|=========================| 1.9 MB 06:47
(3/4): selinux-policy-tar 100%
|=========================| 281 kB 00:48
(4/4): selinux-policy-tar 100%
|=========================| 924 kB 03:03
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : selinux-policy-targeted
######################### [1/8]
Updating : selinux-policy-strict
######################### [2/8]
Updating : selinux-policy-strict-source
######################### [3/8]
Updating : selinux-policy-targeted-sour
######################### [4/8]
/etc/selinux/targeted/contexts/files/file_contexts:
line 621 has invalid contex t
system_u:object_r:acct_exec_t
/sbin/restorecon reset /usr/bin/iiimx context
system_u:object_r:i18n_input_exec_t->system_u:object_r:bin_t
********** Lots more messages ommitted *************
l_t->system_u:object_r:var_spool_t
/sbin/restorecon reset /var/spool/postfix/saved
context
system_u:object_r:mail_spool_t->system_u:object_r:var_spool_t
/sbin/restorecon reset /var/spool/postfix/deferred
context
system_u:object_r:mail_spool_t->system_u:object_r:var_spool_t
Cleanup : selinux-policy-strict-source
######################### [5/8]
Cleanup : selinux-policy-strict
######################### [6/8]
Cleanup : selinux-policy-targeted-sour
######################### [7/8]
Cleanup : selinux-policy-targeted
######################### [8/8]
Updated: selinux-policy-strict.noarch 0:1.27.1-2.27
selinux-policy-strict-sources.noarch 0:1.27.1-2.27
selinux-policy-targeted.noarch 0:1.27.1-2.22
selinux-policy-targeted-sources.noarch 0:1.27.1-2.22
Complete!
[root at localhost ~]#
Did a touch /.autorelabel as Bob put it correctly, set
selinux back to enforcing and rebooted. I crossed my
fingers and voila, it worked!!!
Thanks to all who responded and helped.
>maybe I'm dense but the only thing I saw was the same
avc >denied several times for rpc.statd which relates
to nfs but has nothing to do with web
browsing/internet.
>
>are you saying that web browsing is working in
>permissive mode and not
>working in targeted/enforcing mode?
>
>Craig
That was the case Craig, but now all is well. Here's
part of the new avcs that I got after touch
./autorelabel
SELinux: initialized (dev hda1, type ext3), uses xattr
SELinux: initialized (dev tmpfs, type tmpfs), uses
transition SIDs
audit(1143993007.681:2): avc: granted { setenforce }
for pid=545 comm="rc.sysinit"
scontext=system_u:system_r:initrc_t
tcontext=system_u:object_r:security_t tclass=security
audit(1143993803.490:3): avc: granted { setenforce }
for pid=545 comm="rc.sysinit"
scontext=system_u:system_r:initrc_t
tcontext=system_u:object_r:security_t tclass=security
Adding 786424k swap on /dev/VolGroup00/LogVol01.
Priority:-1 extents:1 across:786424k
SELinux: initialized (dev binfmt_misc, type
binfmt_misc), uses genfs_contexts
ip_tables: (C) 2000-2006 Netfilter Core Team
Netfilter messages via NETLINK v0.30.
ip_conntrack version 2.4 (3071 buckets, 24568 max) -
232 bytes per conntrack
SELinux: initialized (dev rpc_pipefs, type
rpc_pipefs), uses genfs_contexts
Now they were granted and all is well.
Best Regards,
Antonio
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the fedora-selinux-list
mailing list