FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 11-24-2010, 08:45 AM
Matej Cepl
 
Default Urgent: today's F14 catastrophe with openldap-servers update

Dne 24.11.2010 03:28, Ralf Corsepius napsal(a):
> No, it's not your fault (Or at least only partially). A functional QA
> would catch such kind of breakages.

Yes, but functional QA would require more manpower than Fedora QA
currently has.

Matěj

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 11-24-2010, 09:03 AM
Ralf Corsepius
 
Default Urgent: today's F14 catastrophe with openldap-servers update

On 11/24/2010 10:45 AM, Matej Cepl wrote:
> Dne 24.11.2010 03:28, Ralf Corsepius napsal(a):
>> No, it's not your fault (Or at least only partially). A functional QA
>> would catch such kind of breakages.
>
> Yes, but functional QA would require more manpower than Fedora QA
> currently has.

That's one perspective.

Another one is: The approach having been taken is
non-feasible/impractiable/unsuiteable.

Ralf
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Wed Nov 24 11:30:02 2010
Return-path: <redhat-list-bounces@redhat.com>
Envelope-to: tom@linux-archive.org
Delivery-date: Wed, 24 Nov 2010 11:05:58 +0200
Received: from mx3-phx2.redhat.com ([209.132.183.24]:39711)
by s2.java-tips.org with esmtp (Exim 4.69)
(envelope-from <redhat-list-bounces@redhat.com>)
id 1PLBIc-0005W7-Gw
for tom@linux-archive.org; Wed, 24 Nov 2010 11:05:58 +0200
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
by mx3-phx2.redhat.com (8.13.8/8.13.8) with ESMTP id oAO9vXPZ006714;
Wed, 24 Nov 2010 04:57:59 -0500
Received: from int-mx12.intmail.prod.int.phx2.redhat.com
(int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.25])
by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
id oAO9vWpR025950 for <redhat-list@listman.util.phx.redhat.com>;
Wed, 24 Nov 2010 04:57:32 -0500
Received: from mx1.redhat.com (ext-mx08.extmail.prod.ext.phx2.redhat.com
[10.5.110.12])
by int-mx12.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
id oAO9vQNT013487
for <redhat-list@redhat.com>; Wed, 24 Nov 2010 04:57:27 -0500
Received: from mx1.chguadalquivir.es (www.chguadalquivir.es [212.170.226.193])
by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id oAO9vAW4004467
for <redhat-list@redhat.com>; Wed, 24 Nov 2010 04:57:11 -0500
Received: (qmail 5222 invoked from network); 24 Nov 2010 09:57:09 -0000
Received: from unknown (HELO [127.0.0.1]) (fjmarquez.ext@[10.31.32.85])
(envelope-sender <fjmarquez.ext@chguadalquivir.es>)
by mx1.chguadalquivir.es (qmail-ldap-1.03) with AES256-SHA encrypted
SMTP for <redhat-list@redhat.com>; 24 Nov 2010 09:57:09 -0000
Date: Wed, 24 Nov 2010 10:57:08 +0100
From: =?ISO-8859-1?Q?Francisco_Jos=E9_M=E1rquez_G=F3mez?=
<fjmarquez.ext@chguadalquivir.es>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES;
rv:1.9.2.12) Gecko/20101027 Lightning/1.0b2 Thunderbird/3.1.6
MIME-Version: 1.0
To: Red Hat - General Red Hat Linux discussion list <redhat-list@redhat.com>
X-SpamTest-Version: SMTP-Filter Version 3.0.0 [0284], KAS30/Release
X-SpamTest-Info: Not protected
Message-ID: <4CECE174.3060809@chguadalquivir.es>
Subject: SElinux warning after last RHEL5 update
X-Anti-Virus: Kaspersky Anti-Virus for Linux Mail Server 5.6.42/RELEASE,
bases: 20101124 #4331548, check: 20101124 clean
X-RedHat-Spam-Score: 0.962 (SPF_SOFTFAIL,T_RP_MATCHES_RCVD)
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25
X-Scanned-By: MIMEDefang 2.67 on 10.5.110.12
X-loop: redhat-list@redhat.com
X-BeenThere: redhat-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
Reply-To: General Red Hat Linux discussion list <redhat-list@redhat.com>
List-Id: General Red Hat Linux discussion list <redhat-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/redhat-list>,
<mailto:redhat-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/redhat-list>
List-Post: <mailto:redhat-list@redhat.com>
List-Help: <mailto:redhat-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/redhat-list>,
<mailto:redhat-list-request@redhat.com?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: redhat-list-bounces@redhat.com
Errors-To: redhat-list-bounces@redhat.com

Hi,

I've updated some packages (included kernel) to last version available
through update tool of RHEL5.5.

At finish, system has showed this warning:

------------------------------------------------------------------------------------------------------------------------------------------------------
selinux-policy-targeted-2.4.6-279.el5_5.2.noarch
alias homedir /var/qmail/alias or its parent directory conflicts with a
defined context in /etc/selinux/targeted/contexts/files/file_contexts,
/usr/sbin/genhomedircon will not create a new context. This usually
indicates an incorrectly defined system account. If it is a system
account please make sure its login shell is /sbin/nologin.
qmaild homedir /var/qmail or its parent directory conflicts with a
defined context in /etc/selinux/targeted/contexts/files/file_contexts,
/usr/sbin/genhomedircon will not create a new context. This usually
indicates an incorrectly defined system account. If it is a system
account please make sure its login shell is /sbin/nologin.
qmaill homedir /var/qmail or its parent directory conflicts with a
defined context in /etc/selinux/targeted/contexts/files/file_contexts,
/usr/sbin/genhomedircon will not create a new context. This usually
indicates an incorrectly defined system account. If it is a system
account please make sure its login shell is /sbin/nologin.
qmailp homedir /var/qmail or its parent directory conflicts with a
defined context in /etc/selinux/targeted/contexts/files/file_contexts,
/usr/sbin/genhomedircon will not create a new context. This usually
indicates an incorrectly defined system account. If it is a system
account please make sure its login shell is /sbin/nologin.
qmailq homedir /var/qmail or its parent directory conflicts with a
defined context in /etc/selinux/targeted/contexts/files/file_contexts,
/usr/sbin/genhomedircon will not create a new context. This usually
indicates an incorrectly defined system account. If it is a system
account please make sure its login shell is /sbin/nologin.
qmailr homedir /var/qmail or its parent directory conflicts with a
defined context in /etc/selinux/targeted/contexts/files/file_contexts,
/usr/sbin/genhomedircon will not create a new context. This usually
indicates an incorrectly defined system account. If it is a system
account please make sure its login shell is /sbin/nologin.
qmails homedir /var/qmail or its parent directory conflicts with a
defined context in /etc/selinux/targeted/contexts/files/file_contexts,
/usr/sbin/genhomedircon will not create a new context. This usually
indicates an incorrectly defined system account. If it is a system
account please make sure its login shell is /sbin/nologin.
--------------------------------------------

What is the problem??? I haven't modified nothing recently...

Regards

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 11-24-2010, 12:14 PM
Daniel J Walsh
 
Default Urgent: today's F14 catastrophe with openldap-servers update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/23/2010 08:54 PM, Ben Boeckel wrote:
> Jan Vcelak <jvcelak@redhat.com> wrote:
>> This is the problem: The database migration could take a really long time. I
>> have testing data with 56 entries (nodes) - exporting (slapcat) is quite fast,
>> but importing (slapadd) takes around 10 seconds.
>
> Hmm. I've seen selinux-policy-targeted take longer than this on
> upgrades. SELinux is a little more obvious that it's doing something on
> upgrade (and after looking at the spec file[1], I'd not sure whether I'd
> have rather not known ), but I don't think it'd be unheard of.
>
> --Ben
>
> [1]http://pkgs.fedoraproject.org/gitweb/?p=selinux-policy.git;a=blob;f=selinux-policy.spec
>
SELinux is just relabeling the labels that have changed between the
previous and next release. It attempts to find the least common
denominator. But sometimes it could end up doing the equivalent of

restorecon -R -v /usr


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkztD7sACgkQrlYvE4MpobNjlwCfai5eeCkhtc JzMQi+R6YUkWzF
uQ8AnAmGOiLAzErBDHEv7NvTVyaif5I7
=b/aB
-----END PGP SIGNATURE-----
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 11-24-2010, 06:27 PM
Michael Schwendt
 
Default Urgent: today's F14 catastrophe with openldap-servers update

On Wed, 24 Nov 2010 11:03:41 +0100, Ralf wrote:

> On 11/24/2010 10:45 AM, Matej Cepl wrote:
> > Dne 24.11.2010 03:28, Ralf Corsepius napsal(a):
> >> No, it's not your fault (Or at least only partially). A functional QA
> >> would catch such kind of breakages.
> >
> > Yes, but functional QA would require more manpower than Fedora QA
> > currently has.
>
> That's one perspective.
>
> Another one is: The approach having been taken is
> non-feasible/impractiable/unsuiteable.

True. The appropriate action now would be to move the openldap package
onto a special QA list, which restricts the update acceptance criteria
further, so the openldap-servers must be tested, too. Especially if
the updates trigger database maintenance jobs.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 11-24-2010, 06:36 PM
Jesse Keating
 
Default Urgent: today's F14 catastrophe with openldap-servers update

On 11/23/2010 06:28 PM, Ralf Corsepius wrote:
> On 11/23/2010 07:36 PM, Jan Vcelak wrote:
>> On Tuesday 23 November 2010 19:13:09, Panu Matilainen wrote:
>>> Another related thing is that Berkeley DB which openldap uses is
>>> notoriously picky about getting updated. I'm fairly certain openldap does
>>> not update their bundled BDB version to prevent issues like this on minor
>>> updates, and AFAICT (based on a quick lookaround at the changelogs etc) in
>>> this case it was this fix to comply with our own policies (no bundled
>>> libraries) that bit us when synced with rawhide version:
>>>
>>> * Fri Aug 27 2010 Jan Vcelak<jvcelak@redhat.com> 2.4.23-1
>>> - rebase to 2.4.23
>>> - embeded db4 library removed
>>>
>>> - Panu -
>>
>> You are right. My fault. :-(
>
> No, it's not your fault (Or at least only partially). A functional QA
> would catch such kind of breakages.
>
> Ralf
>
>
>

Fedora(.us) has never had what you would call a "functional QA".
Efforts are underway, and have been for a while. Until in place, we
rely upon humans, first line of humans we rely upon is the maintainer.
Mistakes happen, and the approaches thus far are trying to provide a
window of opportunity to discover such mistakes, until such time as the
automated QA system can discover them for us, or at least provide hints
that there might be a mistake.

My original question was not an attempt to place blame, rather an
attempt to discover the scenario in which this mistake made it through,
so that we can use this info in further design attempts for QA.

--
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 

Thread Tools




All times are GMT. The time now is 07:32 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org