F11 Relabel problem
Daniel J Walsh
dwalsh at redhat.com
Fri Aug 14 14:37:07 UTC 2009
On 08/14/2009 04:10 AM, Arthur Dent wrote:
> Hello all,
>
> I have just upgraded from F9 to F11 and, still having one or two selinux
> related problems, decided to do a /.autorelabel.
>
> Knowing how long this can take on my ageing hardware I went off for a
> cup of tea...
>
> On the screen when I returned (the job had not finished) was:
> SELinux: Context system_u:object_r:gamin_??? is not valid (left
> unmapped)
>
> The question marks are mine. I just reached for a pen when another load
> of messages flashed by and the job finished.
>
> Here is what I found in /var/log/messages:
>
> Context system_u:object_r:gamin_exec_t:s0 is not valid (left unmapped).
> Context system_u:object_r:pppd_script_exec_t:s0 is not valid (left
> unmapped).
> Context system_u:object_r:NetworkManager_script_exec_t:s0 is not valid
> (left unmapped).
> Context system_u:object_r:nscd_script_exec_t:s0 is not valid (left
> unmapped).
> Context system_u:object_r:bluetooth_script_exec_t:s0 is not valid (left
> unmapped).
> Context system_u:object_r:squid_script_exec_t:s0 is not valid (left
> unmapped).
> Context system_u:object_r:dovecot_script_exec_t:s0 is not valid (left
> unmapped).
> Context system_u:object_r:kerneloops_script_exec_t:s0 is not valid (left
> unmapped).
> Context system_u:object_r:syslogd_script_exec_t:s0 is not valid (left
> unmapped).
> Context system_u:object_r:fail2ban_script_exec_t:s0 is not valid (left
> unmapped).
> Context system_u:object_r:openvpn_script_exec_t:s0 is not valid (left
> unmapped).
> Context system_u:object_r:setroubleshoot_script_exec_t:s0 is not valid
> (left unmapped).
> Context system_u:object_r:rpcbind_script_exec_t:s0 is not valid (left
> unmapped).
> Context system_u:object_r:fsdaemon_script_exec_t:s0 is not valid (left
> unmapped).
> Context system_u:object_r:samba_script_exec_t:s0 is not valid (left
> unmapped).
> Context system_u:object_r:mysqld_script_exec_t:s0 is not valid (left
> unmapped).
> Context system_u:object_r:snmp_script_exec_t:s0 is not valid (left
> unmapped).
> Context system_u:object_r:dnsmasq_script_exec_t:s0 is not valid (left
> unmapped).
> Context system_u:object_r:httpd_script_exec_t:s0 is not valid (left
> unmapped).
> Context system_u:object_r:auditd_script_exec_t:s0 is not valid (left
> unmapped).
> Context system_u:object_r:ntpd_script_exec_t:s0 is not valid (left
> unmapped).
> Context system_u:object_r:squid_var_t:s0 is not valid (left unmapped).
> Context unconfined_u:object_r:squid_var_t:s0 is not valid (left
> unmapped).
>
>
> My question(s):
>
> 1) Should I be worried?
> 2) Should I do anything?
>
> Note: I don't know if this is relevant because there is not much
> additional information to go on in the logs, but - I have in
> my /etc/fstab mappings to other partitions - one of which contains the
> former F9 system (so that I can refer to previous system configs while I
> tune my F11 system) /home is on its own partition.
>
> Thanks for any help / suggestions....
>
> Mark
>
>
>
>
>
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
The problem is a lot of the scripts were renamed from
DAEMON_script_exec_t to DAEMON_initrc_exec_t
So I think restore is complaining because the previous label has gone away.
If you ls -lZ /etc/init.d/
Look for unlabeled_t or script_exec_t, if you have those you might have a problem.
If they all look like *initrc_exec_t or just initrc_exec_t then you are probably ok.
More information about the fedora-selinux-list
mailing list