Fedora Core 5 Test Update: selinux-policy-2.2.36-2.fc5

Rodd Clarkson rodd at clarkson.id.au
Thu May 4 01:10:53 UTC 2006 

On Tue, 2006-05-02 at 12:09 -0400, Daniel Walsh wrote:
> ---------------------------------------------------------------------
> Fedora Test Update Notification
> FEDORA-2006-479
> 2006-05-02
> ---------------------------------------------------------------------
> 
> Product     : Fedora Core 5
> Name        : selinux-policy
> Version     : 2.2.36                      
> Release     : 2.fc5                  
> Summary     : SELinux policy configuration
> Description :
> SELinux Reference Policy - modular.
> 
> ---------------------------------------------------------------------
> 
> * Mon May  1 2006 Dan Walsh <dwalsh at redhat.com> 2.2.36-2.fc5
> - Bump for fc5
> * Mon May  1 2006 Dan Walsh <dwalsh at redhat.com> 2.2.36-2
> - Fix libjvm spec
> * Tue Apr 25 2006 Dan Walsh <dwalsh at redhat.com> 2.2.36-1
> - Update to upstream
> * Tue Apr 25 2006 James Antill <jantill at redhat.com> 2.2.35-2
> - Add xm policy
> - Fix policygentool
> * Mon Apr 24 2006 Dan Walsh <dwalsh at redhat.com> 2.2.35-1
> - Update to upstream
> - Fix postun to only disable selinux on full removal of the packages
> 
> ---------------------------------------------------------------------
> This update can be downloaded from:
>   http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/5/
> 
> a30cd25bb591ec194c3d2e6bffebc7a34c75420a  SRPMS/selinux-policy-2.2.36-2.fc5.src.rpm
> e838e4c4a5928552c23c0f8fcfd68ecb05c63277  ppc/selinux-policy-2.2.36-2.fc5.noarch.rpm
> a7239cb5043700b83c54115a63e3093cc6b6e38d  ppc/selinux-policy-targeted-2.2.36-2.fc5.noarch.rpm
> f864d2ba2dbca10a6f74f72d911cc91570bf1386  ppc/selinux-policy-mls-2.2.36-2.fc5.noarch.rpm
> 1ba717c0721f3761e5388d66e90b692d31fcdc3f  ppc/selinux-policy-strict-2.2.36-2.fc5.noarch.rpm
> e838e4c4a5928552c23c0f8fcfd68ecb05c63277  x86_64/selinux-policy-2.2.36-2.fc5.noarch.rpm
> a7239cb5043700b83c54115a63e3093cc6b6e38d  x86_64/selinux-policy-targeted-2.2.36-2.fc5.noarch.rpm
> f864d2ba2dbca10a6f74f72d911cc91570bf1386  x86_64/selinux-policy-mls-2.2.36-2.fc5.noarch.rpm
> 1ba717c0721f3761e5388d66e90b692d31fcdc3f  x86_64/selinux-policy-strict-2.2.36-2.fc5.noarch.rpm
> e838e4c4a5928552c23c0f8fcfd68ecb05c63277  i386/selinux-policy-2.2.36-2.fc5.noarch.rpm
> a7239cb5043700b83c54115a63e3093cc6b6e38d  i386/selinux-policy-targeted-2.2.36-2.fc5.noarch.rpm
> f864d2ba2dbca10a6f74f72d911cc91570bf1386  i386/selinux-policy-mls-2.2.36-2.fc5.noarch.rpm
> 1ba717c0721f3761e5388d66e90b692d31fcdc3f  i386/selinux-policy-strict-2.2.36-2.fc5.noarch.rpm
> 
> This update can be installed with the 'yum' update program.  Use 'yum update
> package-name' at the command line.  For more information, refer to 'Managing
> Software with yum,' available at http://fedora.redhat.com/docs/yum/.
> ---------------------------------------------------------------------

Hmmm, after this update I see the following in dmesg:

SELinux: initialized (dev autofs, type autofs), uses genfs_contexts
audit(1146704785.848:2): avc:  denied  { getattr } for  pid=2359
comm="hald" name="/" dev=sda7 ino=2 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
audit(1146704791.829:3): avc:  denied  { getattr } for  pid=2359
comm="hald" name="/" dev=sda7 ino=2 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
audit(1146704811.121:4): avc:  denied  { use } for  pid=2681
comm="bluez-pin" name="[8643]" dev=pipefs ino=8643
scontext=user_u:system_r:bluetooth_helper_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c255 tclass=fd
audit(1146704811.121:5): avc:  denied  { write } for  pid=2681
comm="bluez-pin" name="[8643]" dev=pipefs ino=8643
scontext=user_u:system_r:bluetooth_helper_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c255 tclass=fifo_file
ISO 9660 Extensions: Microsoft Joliet Level 3
ISO 9660 Extensions: RRIP_1991A
SELinux: initialized (dev hdc, type iso9660), uses genfs_contexts
audit(1146704814.993:6): avc:  denied  { getattr } for  pid=2359
comm="hald" name="/" dev=sda7 ino=2 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready


httpd no longer seems to work (no web page is getting displayed from the
server).


Rodd
-- 
"It's a fine line between denial and faith.
 It's much better on my side"

More information about the fedora-test-list mailing list