Pam updates break system (Was: pam changes require dovecot restart)
n0dalus
n0dalus+redhat at gmail.com
Sat Dec 17 11:26:29 UTC 2005
On 12/17/05, Jeff Spaleta <jspaleta at gmail.com> wrote:
> And pam seems to update just fine for me. You'll have to do you best
> to figure out why the libpam files didn't install.
>
> -jef
>
I have done some more looking into the problem, and while
unfortunately I was unable to reproduce the same problem, I did find
some things in the log files.
At the time of the update, lots of scriptlets failed with the
accompianing log message below:
Dec 17 08:53:26 kernel: audit(1134771806.214:1322): avc: denied {
transition } for pid=17748 comm="yum" name="bash" dev=hda7 ino=163054
scontext=root:system_r:ldconfig_t tcontext=root:system_r:rpm_script_t
tclass=process
I am pretty new to SELinux, but to me it seems that the scontext and
the tcontext are around the wrong way. I don't know how this could
happen. In policy.20, source rpm_script_t is allowed to run the
ldconfig_t process. What's happening here seems to be that ldconfig_t
is trying to run rpm_script_t (as far as SELinux is concerned), which
would not be what's really happening. I could be completely wrong
though, so hopefully someone more experienced in these matters can
comment.
I can reproduce this error message consistently when doing certain updates.
n0dalus.
More information about the fedora-test-list
mailing list