[Bug 431588] selinux denial messages from yum-cron updates

[bugzilla at redhat.com]

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=431588





--- Comment #28 from Daniel Walsh <dwalsh at redhat.com>  2008-11-18 12:07:47 EDT ---
I would like 2 done.

Not 1.  1 is a work around.

If you use append, I can give several confined domains the ability to append to
the rpm log files, without giving them the ability to write(truncate) them.

diff -up /etc/cron.daily/yum.cron~ /etc/cron.daily/yum.cron
--- /etc/cron.daily/yum.cron~ 2008-03-13 15:05:18.000000000 -0400
+++ /etc/cron.daily/yum.cron 2008-11-18 12:06:24.000000000 -0500
@@ -34,6 +34,8 @@ if [ "$DOWNLOAD_ONLY" == "yes" ]; then
   CHECK_ONLY=yes
 fi

+touch $YUMTMP 
+restorecon $YUMTMP
 # Then check for updates and/or do them, as configured
 {
   if [ "$CHECK_ONLY" == "yes" ]; then
@@ -63,7 +65,7 @@ fi
     /usr/bin/yum $YUM_PARAMETER -R $RANDOMWAIT -e ${ERROR_LEVEL:-0} -d
${DEBUG_LEVEL:-0} -y update yum
     /usr/bin/yum $YUM_PARAMETER -e ${ERROR_LEVEL:-0} -d ${DEBUG_LEVEL:-0} -y
shell /etc/yum/yum-daily.yum
   fi
-} > $YUMTMP 2>&1
+} >> $YUMTMP 2>&1

 if [ ! -z "$MAILTO" ]; then 
 # if MAILTO is set, use mail command (ie better than standard mail with cron
output) 
[root at localhost tmp]# gendiff /etc/cron.daily \~ > /tmp/t

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.