Beware today's updates - selinux is changing home user contexts
Adam Williamson
awilliam at redhat.com
Mon Mar 2 23:24:54 UTC 2009
On Mon, 2009-03-02 at 15:02 -0600, Joshua Armstrong wrote:
> Mike Cloaked wrote:
> > I have just updated some f10 boxes a few minutes ago. On logging on again
> > after rebooting to the new kernel this evening, the main user directories
> > have had their contexts changed to usr_t so I presume some kind of
> > relabelling has been done - but not correctly! After restorecon -vR
> > /home/user the contexts have mostly reverted to where they should be - I
> > initially noticed because ssh suddenly started demanding a passphrase when
> > it should not need one - and then I noted avc denials.....
> >
> > I hope not too many users are going to have their home directories messed up
> > as a result! The relevant update is
> > selinux-policy-targeted-3.5.13-46.fc10.noarch.rpm
> >
> > This is not good - especially for a stable release!
> >
> I second this - I just verified this on my f10 webserver. Thankfully,
> all the important files are set to httpd_sys_content_t and in read-only
> directories. But it did break being able to read home directories over
> CIFS share.
Joshua, you can vote against this update in Bodhi:
https://admin.fedoraproject.org/updates/F10/FEDORA-2009-2028
Mike already has, so if you vote, it will hit -2; if one other person is
seeing this and votes against the update there, it will be removed from
the updates repository.
I notice this got no testing between 24th Feb (when it was pushed to
updates-testing) and 2nd March (when it was pushed to stable) :(. Do we
not have many people here testing out updates-testing packages?
Unfortunately I'm not as I'm running Rawhide on my main system...
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net
More information about the fedora-test-list
mailing list