Re: yum update with '/sbin/restorecon reset' message
g wrote:
greetings,
while running yum update from command line, i got several messages
stating /sbin/restorecon reset.
are these something to be of concern, or is this normal?
ria, i received no such messages in previous updates.
messages:
+++
Running Transaction
Updating : xdg-utils
Updating : selinux-policy
Updating : glibc-common
Updating : jdk
Unpacking JAR files...
rt.jar...
jsse.jar...
charsets.jar...
tools.jar...
localedata.jar...
plugin.jar...
javaws.jar...
deploy.jar...
Updating : java-1.6.0-sun-compat
Updating : selinux-policy-targeted
/sbin/restorecon reset /etc/cups/interfaces context system_u:object_r:cup
t:s0-system_u:object_r:cupsd_interface_t:s0
/sbin/restorecon reset /etc/rc.d/init.d/nfs context system_u:object_r:ini
c_t:s0-system_u:object_r:nfsd_initrc_exec_t:s0
/sbin/restorecon reset /etc/rc.d/init.d/nfslock context system_u:object_r
_exec_t:s0-system_u:object_r:rpcd_initrc_exec_t:s0
/sbin/restorecon reset /etc/rc.d/init.d/rpcidmapd context system_u:object
rc_exec_t:s0-system_u:object_r:rpcd_initrc_exec_t:s0
/sbin/restorecon reset /etc/sysconfig/iptables context system_u:object_r:
0-system_u:object_r:etc_runtime_t:s0
Updating : selinux-policy-devel
Installing : kernel-devel
Installing : kernel
+++
tia.
***LONG VERSION***
To skip this, go to end of email
From the selinux-policy-targeted postinstall script
fixfiles -C ${FILE_CONTEXT}.pre restore;
From the fixfiles man page
This script is primarily used to correct the security context database
(extended attributes) on filesystems.
It can also be run at any time to relabel when adding support for new
policy, or just check whether the file contexts are all as you expect.
By default it will relabel all mounted ext2, ext3, xfs and jfs file
systems as long as they do not have a security context mount option. You
can use the -R flag to use rpmpackages as an alternative.
Doing a grep through /sbin/fixfiles we see that it is really using the
program /sbin/restorecon to do it's selinux setting.
From the restorecon man page
This program is primarily used to set the security context (extended
attributes) on one or more files.
It can be run at any time to correct errors, to add support for new
policy, or with the -n option it can just check whether the file
contexts are all as you expect.
***SHORT VERSION***
Since you have just installed a new selinux policy, it is going through
your system to make sure everything is labeled correctly according to
that policy.
Troy
p.s. Sorry for the long explanation, but I was in the middle of
researching something very similar.
--
__
Troy Dawson daw...@fnal.gov (630)840-6468
Fermilab ComputingDivision/SCF/FEF/SLSMS Group
__
Re: yum update with '/sbin/restorecon reset' message
On 01/12/2011 03:49 PM, Troy Dawson wrote:
g wrote:
snip
Updating : java-1.6.0-sun-compat
Updating : selinux-policy-targeted
/sbin/restorecon reset /etc/cups/interfaces context system_u:object_r:cup
t:s0-system_u:object_r:cupsd_interface_t:s0
/sbin/restorecon reset /etc/rc.d/init.d/nfs context system_u:object_r:ini
c_t:s0-system_u:object_r:nfsd_initrc_exec_t:s0
/sbin/restorecon reset /etc/rc.d/init.d/nfslock context system_u:object_r
_exec_t:s0-system_u:object_r:rpcd_initrc_exec_t:s0
/sbin/restorecon reset /etc/rc.d/init.d/rpcidmapd context system_u:object
rc_exec_t:s0-system_u:object_r:rpcd_initrc_exec_t:s0
/sbin/restorecon reset /etc/sysconfig/iptables context system_u:object_r:
0-system_u:object_r:etc_runtime_t:s0
Updating : selinux-policy-devel
snip
***LONG VERSION***
To skip this, go to end of email
From the selinux-policy-targeted postinstall script
fixfiles -C ${FILE_CONTEXT}.pre restore;
From the fixfiles man page
snip
***SHORT VERSION***
Since you have just installed a new selinux policy, it is going through
your system to make sure everything is labeled correctly according to
that policy.
thank you, troy. for 'long' and 'short'.
without 'long', i would not have picked up on another selinux command. ;)
i had read, and failed to mention, 'man' for 'restorecon', [and,
'load_policy', 'checkpolicy', 'setfiles'], which gave me insight to
what was going on. but there was no indication as to what triggered
'restorecon' to run.
now i why it occured after installing 'selinux-policy-targeted'. just
one more feature of selinux to know when any of it's files are being
updated legally and actions to take.
one more that a boy for NSA.
Troy
p.s. Sorry for the long explanation, but I was in the middle of
researching something very similar.
my apoligies for interruption. :)
i hope you found answer.
thanks again.
--
peace out.
tc.hago,
g
.
in a free world without fences, who needs gates.
**
help microsoft stamp out piracy - give linux to a friend today.
**
to mess up a linux box, you need to work at it.
to mess up an ms windows box, you just need to *look* at it.
**
learn linux:
'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html
'The Linux Documentation Project' http://www.tldp.org/
'LDP HOWTO-index' http://www.tldp.org/HOWTO/HOWTO-INDEX/index.html
'HowtoForge' http://howtoforge.com/
signature.asc
Description: OpenPGP digital signature
yum update with '/sbin/restorecon reset' message
greetings, while running yum update from command line, i got several messages stating /sbin/restorecon reset. are these something to be of concern, or is this normal? ria, i received no such messages in previous updates. messages: +++ Running Transaction Updating : xdg-utils Updating : selinux-policy Updating : glibc-common Updating : jdk Unpacking JAR files... rt.jar... jsse.jar... charsets.jar... tools.jar... localedata.jar... plugin.jar... javaws.jar... deploy.jar... Updating : java-1.6.0-sun-compat Updating : selinux-policy-targeted /sbin/restorecon reset /etc/cups/interfaces context system_u:object_r:cup t:s0-system_u:object_r:cupsd_interface_t:s0 /sbin/restorecon reset /etc/rc.d/init.d/nfs context system_u:object_r:ini c_t:s0-system_u:object_r:nfsd_initrc_exec_t:s0 /sbin/restorecon reset /etc/rc.d/init.d/nfslock context system_u:object_r _exec_t:s0-system_u:object_r:rpcd_initrc_exec_t:s0 /sbin/restorecon reset /etc/rc.d/init.d/rpcidmapd context system_u:object rc_exec_t:s0-system_u:object_r:rpcd_initrc_exec_t:s0 /sbin/restorecon reset /etc/sysconfig/iptables context system_u:object_r: 0-system_u:object_r:etc_runtime_t:s0 Updating : selinux-policy-devel Installing : kernel-devel Installing : kernel +++ tia. -- peace out. tc.hago, g . in a free world without fences, who needs gates. ** help microsoft stamp out piracy - give linux to a friend today. ** to mess up a linux box, you need to work at it. to mess up an ms windows box, you just need to *look* at it. ** learn linux: 'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html 'The Linux Documentation Project' http://www.tldp.org/ 'LDP HOWTO-index' http://www.tldp.org/HOWTO/HOWTO-INDEX/index.html 'HowtoForge' http://howtoforge.com/ signature.asc Description: OpenPGP digital signature
