FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 08-02-2008, 12:53 AM
Gene Heskett
 
Default selinux is now denying its own manager

Greetings;

I just did a yumex update which included the python and semanage updates,
and selinux positively threw a fit.

setroubleshooter says I now have 47 brand new copies of this:

host=coyote.coyote.den type=AVC msg=audit(1217637926.43:906): avc: denied { sys_tty_config } for pid=2768 comm="semanage"
capability=26 scontext=system_u:system_r:semanage_t:s0 tcontext=system_u:system_r:semanage_t:s0 tclass=capability

host=coyote.coyote.den type=SYSCALL msg=audit(1217637926.43:906): arch=40000003 syscall=54 success=yes exit=0 a0=1 a1=5401
a2=bfd9796c a3=bfd97a8c items=0 ppid=2762 pid=2768 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=1 comm="semanage" exe="/usr/bin/python" subj=system_u:system_r:semanage_t:s0 key=(null)

Fixable?

Thanks.

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Regarding astral projection, Woody Allen once wrote, "This is not a bad way
to travel, although there is usually a half-hour wait for luggage."

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-04-2008, 06:27 PM
Daniel J Walsh
 
Default selinux is now denying its own manager

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gene Heskett wrote:
> Greetings;
>
> I just did a yumex update which included the python and semanage updates,
> and selinux positively threw a fit.
>
> setroubleshooter says I now have 47 brand new copies of this:
>
> host=coyote.coyote.den type=AVC msg=audit(1217637926.43:906): avc: denied { sys_tty_config } for pid=2768 comm="semanage"
> capability=26 scontext=system_u:system_r:semanage_t:s0 tcontext=system_u:system_r:semanage_t:s0 tclass=capability
>
> host=coyote.coyote.den type=SYSCALL msg=audit(1217637926.43:906): arch=40000003 syscall=54 success=yes exit=0 a0=1 a1=5401
> a2=bfd9796c a3=bfd97a8c items=0 ppid=2762 pid=2768 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
> tty=(none) ses=1 comm="semanage" exe="/usr/bin/python" subj=system_u:system_r:semanage_t:s0 key=(null)
>
> Fixable?
>
> Thanks.
>
These should be fixed in latest Rawhide and Fedora 9 policy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkiXSh8ACgkQrlYvE4MpobOL8ACgzwc6Kz3fFM xkBNAWHHtDcUNJ
47oAoKpTUNN+GtvRgm7Gn8i4GackklaO
=u43k
-----END PGP SIGNATURE-----

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-04-2008, 09:36 PM
Gene Heskett
 
Default selinux is now denying its own manager

On Monday 04 August 2008, Daniel J Walsh wrote:
>Gene Heskett wrote:
>> Greetings;
>>
>> I just did a yumex update which included the python and semanage updates,
>> and selinux positively threw a fit.
>>
>> setroubleshooter says I now have 47 brand new copies of this:
>>
>> host=coyote.coyote.den type=AVC msg=audit(1217637926.43:906): avc: denied
>> { sys_tty_config } for pid=2768 comm="semanage" capability=26
>> scontext=system_u:system_r:semanage_t:s0
>> tcontext=system_u:system_r:semanage_t:s0 tclass=capability
>>
>> host=coyote.coyote.den type=SYSCALL msg=audit(1217637926.43:906):
>> arch=40000003 syscall=54 success=yes exit=0 a0=1 a1=5401 a2=bfd9796c
>> a3=bfd97a8c items=0 ppid=2762 pid=2768 auid=0 uid=0 gid=0 euid=0 suid=0
>> fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="semanage"
>> exe="/usr/bin/python" subj=system_u:system_r:semanage_t:s0 key=(null)
>>
>> Fixable?
>>
>> Thanks.
>
>These should be fixed in latest Rawhide and Fedora 9 policy.

I'm running F8 Daniel. This s/b backported to F8, that is where the problem
came from. I haven't changed my repos in ages.

Thanks.

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
BUFFERS=20 FILES=15 2nd down, 4th quarter, 5 yards to go!

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-05-2008, 01:12 PM
Daniel J Walsh
 
Default selinux is now denying its own manager

Gene Heskett wrote:
> On Monday 04 August 2008, Daniel J Walsh wrote:
>> Gene Heskett wrote:
>>> Greetings;
>>>
>>> I just did a yumex update which included the python and semanage updates,
>>> and selinux positively threw a fit.
>>>
>>> setroubleshooter says I now have 47 brand new copies of this:
>>>
>>> host=coyote.coyote.den type=AVC msg=audit(1217637926.43:906): avc: denied
>>> { sys_tty_config } for pid=2768 comm="semanage" capability=26
>>> scontext=system_u:system_r:semanage_t:s0
>>> tcontext=system_u:system_r:semanage_t:s0 tclass=capability
>>>
>>> host=coyote.coyote.den type=SYSCALL msg=audit(1217637926.43:906):
>>> arch=40000003 syscall=54 success=yes exit=0 a0=1 a1=5401 a2=bfd9796c
>>> a3=bfd97a8c items=0 ppid=2762 pid=2768 auid=0 uid=0 gid=0 euid=0 suid=0
>>> fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="semanage"
>>> exe="/usr/bin/python" subj=system_u:system_r:semanage_t:s0 key=(null)
>>>
>>> Fixable?
>>>
>>> Thanks.
>> These should be fixed in latest Rawhide and Fedora 9 policy.
>
> I'm running F8 Daniel. This s/b backported to F8, that is where the problem
> came from. I haven't changed my repos in ages.
>
> Thanks.
>
Ok, such and old OS. :^)

Dontaudited in selinux-policy-3.0.8-113.fc8

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-05-2008, 02:14 PM
Gene Heskett
 
Default selinux is now denying its own manager

On Tuesday 05 August 2008, Daniel J Walsh wrote:
>Gene Heskett wrote:
>> On Monday 04 August 2008, Daniel J Walsh wrote:
>>> Gene Heskett wrote:
>>>> Greetings;
>>>>
>>>> I just did a yumex update which included the python and semanage
>>>> updates, and selinux positively threw a fit.
>>>>
>>>> setroubleshooter says I now have 47 brand new copies of this:
>>>>
>>>> host=coyote.coyote.den type=AVC msg=audit(1217637926.43:906): avc:
>>>> denied { sys_tty_config } for pid=2768 comm="semanage" capability=26
>>>> scontext=system_u:system_r:semanage_t:s0
>>>> tcontext=system_u:system_r:semanage_t:s0 tclass=capability
>>>>
>>>> host=coyote.coyote.den type=SYSCALL msg=audit(1217637926.43:906):
>>>> arch=40000003 syscall=54 success=yes exit=0 a0=1 a1=5401 a2=bfd9796c
>>>> a3=bfd97a8c items=0 ppid=2762 pid=2768 auid=0 uid=0 gid=0 euid=0 suid=0
>>>> fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="semanage"
>>>> exe="/usr/bin/python" subj=system_u:system_r:semanage_t:s0 key=(null)
>>>>
>>>> Fixable?
>>>>
>>>> Thanks.
>>>
>>> These should be fixed in latest Rawhide and Fedora 9 policy.
>>
>> I'm running F8 Daniel. This s/b backported to F8, that is where the
>> problem came from. I haven't changed my repos in ages.
>>
>> Thanks.
>
>Ok, such and old OS. :^)
>
>Dontaudited in selinux-policy-3.0.8-113.fc8

Well, its supposedly still a supported version, till F10 is out plus 30
days. :-)

I have 3.0.8-111.fc8, and nothing newer is being offered. I turned on
updates-testing but 113 isn't there either so I turned it back off.

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
I'm wet! I'm wild!

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-05-2008, 09:19 PM
Daniel J Walsh
 
Default selinux is now denying its own manager

Gene Heskett wrote:
> On Tuesday 05 August 2008, Daniel J Walsh wrote:
>> Gene Heskett wrote:
>>> On Monday 04 August 2008, Daniel J Walsh wrote:
>>>> Gene Heskett wrote:
>>>>> Greetings;
>>>>>
>>>>> I just did a yumex update which included the python and semanage
>>>>> updates, and selinux positively threw a fit.
>>>>>
>>>>> setroubleshooter says I now have 47 brand new copies of this:
>>>>>
>>>>> host=coyote.coyote.den type=AVC msg=audit(1217637926.43:906): avc:
>>>>> denied { sys_tty_config } for pid=2768 comm="semanage" capability=26
>>>>> scontext=system_u:system_r:semanage_t:s0
>>>>> tcontext=system_u:system_r:semanage_t:s0 tclass=capability
>>>>>
>>>>> host=coyote.coyote.den type=SYSCALL msg=audit(1217637926.43:906):
>>>>> arch=40000003 syscall=54 success=yes exit=0 a0=1 a1=5401 a2=bfd9796c
>>>>> a3=bfd97a8c items=0 ppid=2762 pid=2768 auid=0 uid=0 gid=0 euid=0 suid=0
>>>>> fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="semanage"
>>>>> exe="/usr/bin/python" subj=system_u:system_r:semanage_t:s0 key=(null)
>>>>>
>>>>> Fixable?
>>>>>
>>>>> Thanks.
>>>> These should be fixed in latest Rawhide and Fedora 9 policy.
>>> I'm running F8 Daniel. This s/b backported to F8, that is where the
>>> problem came from. I haven't changed my repos in ages.
>>>
>>> Thanks.
>> Ok, such and old OS. :^)
>>
>> Dontaudited in selinux-policy-3.0.8-113.fc8
>
> Well, its supposedly still a supported version, till F10 is out plus 30
> days. :-)
>
> I have 3.0.8-111.fc8, and nothing newer is being offered. I turned on
> updates-testing but 113 isn't there either so I turned it back off.
>
Request has been sent. It is in koji now and should be in testing soon.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-05-2008, 10:53 PM
Gene Heskett
 
Default selinux is now denying its own manager

On Tuesday 05 August 2008, Daniel J Walsh wrote:
>Gene Heskett wrote:
>> On Tuesday 05 August 2008, Daniel J Walsh wrote:
>>> Gene Heskett wrote:
>>>> On Monday 04 August 2008, Daniel J Walsh wrote:
>>>>> Gene Heskett wrote:
>>>>>> Greetings;
>>>>>>
>>>>>> I just did a yumex update which included the python and semanage
>>>>>> updates, and selinux positively threw a fit.
>>>>>>
>>>>>> setroubleshooter says I now have 47 brand new copies of this:
>>>>>>
>>>>>> host=coyote.coyote.den type=AVC msg=audit(1217637926.43:906): avc:
>>>>>> denied { sys_tty_config } for pid=2768 comm="semanage" capability=26
>>>>>> scontext=system_u:system_r:semanage_t:s0
>>>>>> tcontext=system_u:system_r:semanage_t:s0 tclass=capability
>>>>>>
>>>>>> host=coyote.coyote.den type=SYSCALL msg=audit(1217637926.43:906):
>>>>>> arch=40000003 syscall=54 success=yes exit=0 a0=1 a1=5401 a2=bfd9796c
>>>>>> a3=bfd97a8c items=0 ppid=2762 pid=2768 auid=0 uid=0 gid=0 euid=0
>>>>>> suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="semanage"
>>>>>> exe="/usr/bin/python" subj=system_u:system_r:semanage_t:s0 key=(null)
>>>>>>
>>>>>> Fixable?
>>>>>>
>>>>>> Thanks.
>>>>>
>>>>> These should be fixed in latest Rawhide and Fedora 9 policy.
>>>>
>>>> I'm running F8 Daniel. This s/b backported to F8, that is where the
>>>> problem came from. I haven't changed my repos in ages.
>>>>
>>>> Thanks.
>>>
>>> Ok, such and old OS. :^)
>>>
>>> Dontaudited in selinux-policy-3.0.8-113.fc8
>>
>> Well, its supposedly still a supported version, till F10 is out plus 30
>> days. :-)
>>
>> I have 3.0.8-111.fc8, and nothing newer is being offered. I turned on
>> updates-testing but 113 isn't there either so I turned it back off.
>
>Request has been sent. It is in koji now and should be in testing soon.

Thanks Daniel.



--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Why don't you fix your little problem... and light this candle?
-- Alan Shepherd, the first man into space, Gemini program

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 01:35 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org