SELinux "upgrade" issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Yesterday I've upgraded my SELinux policy & tools on my FC13 machine to 
bring it up to date with what is distributed with FC15 and later on did 
a similar upgrade to the kernel as well (.38 - the latest released for 
FC15), but SELinux is experiencing a few issues with the kernel. Here is 
what I've upgraded:

old:
policycoreutils-python-2.0.83-33.8
policycoreutils-2.0.83-33.8
selinux-policy-3.7.19-101
selinux-policy-targeted-3.7.19-101
libsemanage-2.0.45-1
libsemanage-devel-2.0.45-1
libsemanage-static-2.0.45-1
libsemanage-python-2.0.45-1
libselinux-python-2.0.94-2
libselinux-2.0.94-2
libselinux-devel-2.0.94-2
libselinux-utils-2.0.94-2
libsepol-2.0.41-3
libsepol-devel-2.0.41-3
libsepol-static-2.0.41-3

new:
policycoreutils-python-2.0.86-7
policycoreutils-2.0.86-7
policycoreutils-gui-2.0.86-7
policycoreutils-newrole-2.0.86-7
policycoreutils-restorecond-2.0.86-7
selinux-policy-3.9.16-26
selinux-policy-targeted-3.9.16-26
libsemanage-2.0.46-4
libsemanage-devel-2.0.46-4
libsemanage-static-2.0.46-4
libsemanage-python-2.0.46-4
libselinux-python-2.0.99-4
libselinux-2.0.99-4
libselinux-devel-2.0.99-4
libselinux-utils-2.0.99-4
libsepol-2.0.42-2
libsepol-devel-2.0.42-2
libsepol-static-2.0.42-2

Most of the new SELinux policy & tools above have been compiled from 
source - successfully - using the source rpm and just running rpmbuild 
with no changes to the .spec file. Everything installed OK, though when 
I recompiled and upgraded the kernel, it does boot up and works OK, 
though I have this in my syslog from SELinux:

kernel: dracut: Loading SELinux policy
kernel: type=1404 audit(1308450301.855:2): enforcing=1 old_enforcing=0 
auid=4294967295 ses=4294967295
kernel: SELinux:  Permission audit_access in class file not defined in 
policy.
kernel: SELinux:  Permission audit_access in class dir not defined in 
policy.
kernel: SELinux:  Permission execmod in class dir not defined in policy.
kernel: SELinux:  Permission audit_access in class lnk_file not defined 
in policy.
kernel: SELinux:  Permission open in class lnk_file not defined in policy.
kernel: SELinux:  Permission execmod in class lnk_file not defined in 
policy.
kernel: SELinux:  Permission audit_access in class chr_file not defined 
in policy.
kernel: SELinux:  Permission audit_access in class blk_file not defined 
in policy.
kernel: SELinux:  Permission execmod in class blk_file not defined in 
policy.
kernel: SELinux:  Permission audit_access in class sock_file not defined 
in policy.
kernel: SELinux:  Permission execmod in class sock_file not defined in 
policy.
kernel: SELinux:  Permission audit_access in class fifo_file not defined 
in policy.
kernel: SELinux:  Permission execmod in class fifo_file not defined in 
policy.
kernel: SELinux:  Permission syslog in class capability2 not defined in 
policy.
kernel: SELinux: the above unknown classes and permissions will be allowed
kernel: type=1403 audit(1308450302.288:3): policy loaded auid=4294967295 
ses=4294967295

What could be the reason for this?

I remember getting similar messages when I attempted to upgrade the 
kernel a couple of months ago from .34 to .37 - I had similar "not 
defined in policy" messages then from what I remember, though they were 
just a couple and certainly not the amount I am getting above. Is there 
any way I could rectify this *without* doing a full upgrade to FC15?
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux