[ATrpms-users] Re: latest libselinux breaks a bunch of stuff

Axel Thimm Axel.Thimm at atrpms.net
Sun Feb 20 19:45:50 CET 2005 

On Mon, Feb 21, 2005 at 05:06:48AM +1100, Nick Urbanik wrote:
> On Tue, Feb 15, 2005 at 04:43:24PM +0100, Axel Thimm wrote:
> > On Tue, Feb 15, 2005 at 11:12:49PM +0800, Jeff Pitman wrote:
> > > libselinux = 1.19.3-1_1.rhfc3.at breaks %pre, %postun, %post
> > > scripts whereas core supplied libselinux does not.  I had to
> > > selinux=0 as a kernel param to get the system recovered and
> > > operational.
> > > 
> > > Just a word of warning...
> > 
> > could cou detail on this more? Does rpm or some higher level
> > resolver break on these scripts?
> 
> I found one fundamental problem that broke syslogd and named for me.
> 
> In the file /etc/selinux/targeted/src/policy/file_contexts/types.fc:
> 
> #
> # Ordinary user home directories.
> # HOME_ROOT expands to all valid home directory prefixes found in /etc/passwd
> # HOME_DIR expands to each user's home directory,
> #                  and to HOME_ROOT/[^/]+ for each HOME_ROOT.
> # ROLE expands to each user's role when role != user_r, and to "user" otherwise.#
> HOME_ROOT               -d      system_u:object_r:home_root_t
> HOME_DIR                -d      system_u:object_r:ROLE_home_dir_t
> HOME_DIR/.+                     system_u:object_r:ROLE_home_t
> 
> is expanded (in
> /etc/selinux/targeted/src/policy/file_contexts/file_contexts) to
> 
> /var		-d	system_u:object_r:home_root_t
> /home		-d	system_u:object_r:home_root_t
> /var/[^/]+		-d	system_u:object_r:user_home_dir_t
> /home/[^/]+		-d	system_u:object_r:user_home_dir_t
> /var/[^/]+/.+			system_u:object_r:user_home_t
> /home/[^/]+/.+			system_u:object_r:user_home_t
> 
> instead of
> 
> /home		-d	system_u:object_r:home_root_t
> /home/[^/]+		-d	system_u:object_r:user_home_dir_t
> /home/[^/]+/.+			system_u:object_r:user_home_t

And this happens with 1.19.3-1_1.rhfc3.at, but not 1.19.1-8?

> After changing
> /etc/selinux/targeted/src/policy/file_contexts/file_contexts by
> removing the three lines referring to /var, and doing (in the
> directory /etc/selinux/targeted/src/policy/file_contexts):
> # setfiles -v file_contexts /var
> 
> then I could setenforce 1 and have things appear to work.

-- 
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.atrpms.net/pipermail/atrpms-users/attachments/20050220/9c7db79d/attachment.bin

More information about the atrpms-users mailing list