Re: yum update with '/sbin/restorecon reset' message
g wrote: greetings, while running yum update from command line, i got several messages stating /sbin/restorecon reset. are these something to be of concern, or is this normal? ria, i received no such messages in previous updates. messages: +++ Running Transaction Updating : xdg-utils Updating : selinux-policy Updating : glibc-common Updating : jdk Unpacking JAR files... rt.jar... jsse.jar... charsets.jar... tools.jar... localedata.jar... plugin.jar... javaws.jar... deploy.jar... Updating : java-1.6.0-sun-compat Updating : selinux-policy-targeted /sbin/restorecon reset /etc/cups/interfaces context system_u:object_r:cup t:s0-system_u:object_r:cupsd_interface_t:s0 /sbin/restorecon reset /etc/rc.d/init.d/nfs context system_u:object_r:ini c_t:s0-system_u:object_r:nfsd_initrc_exec_t:s0 /sbin/restorecon reset /etc/rc.d/init.d/nfslock context system_u:object_r _exec_t:s0-system_u:object_r:rpcd_initrc_exec_t:s0 /sbin/restorecon reset /etc/rc.d/init.d/rpcidmapd context system_u:object rc_exec_t:s0-system_u:object_r:rpcd_initrc_exec_t:s0 /sbin/restorecon reset /etc/sysconfig/iptables context system_u:object_r: 0-system_u:object_r:etc_runtime_t:s0 Updating : selinux-policy-devel Installing : kernel-devel Installing : kernel +++ tia. ***LONG VERSION*** To skip this, go to end of email From the selinux-policy-targeted postinstall script fixfiles -C ${FILE_CONTEXT}.pre restore; From the fixfiles man page This script is primarily used to correct the security context database (extended attributes) on filesystems. It can also be run at any time to relabel when adding support for new policy, or just check whether the file contexts are all as you expect. By default it will relabel all mounted ext2, ext3, xfs and jfs file systems as long as they do not have a security context mount option. You can use the -R flag to use rpmpackages as an alternative. Doing a grep through /sbin/fixfiles we see that it is really using the program /sbin/restorecon to do it's selinux setting. From the restorecon man page This program is primarily used to set the security context (extended attributes) on one or more files. It can be run at any time to correct errors, to add support for new policy, or with the -n option it can just check whether the file contexts are all as you expect. ***SHORT VERSION*** Since you have just installed a new selinux policy, it is going through your system to make sure everything is labeled correctly according to that policy. Troy p.s. Sorry for the long explanation, but I was in the middle of researching something very similar. -- __ Troy Dawson daw...@fnal.gov (630)840-6468 Fermilab ComputingDivision/SCF/FEF/SLSMS Group __
Re: yum update with '/sbin/restorecon reset' message
On 01/12/2011 03:49 PM, Troy Dawson wrote: g wrote: snip Updating : java-1.6.0-sun-compat Updating : selinux-policy-targeted /sbin/restorecon reset /etc/cups/interfaces context system_u:object_r:cup t:s0-system_u:object_r:cupsd_interface_t:s0 /sbin/restorecon reset /etc/rc.d/init.d/nfs context system_u:object_r:ini c_t:s0-system_u:object_r:nfsd_initrc_exec_t:s0 /sbin/restorecon reset /etc/rc.d/init.d/nfslock context system_u:object_r _exec_t:s0-system_u:object_r:rpcd_initrc_exec_t:s0 /sbin/restorecon reset /etc/rc.d/init.d/rpcidmapd context system_u:object rc_exec_t:s0-system_u:object_r:rpcd_initrc_exec_t:s0 /sbin/restorecon reset /etc/sysconfig/iptables context system_u:object_r: 0-system_u:object_r:etc_runtime_t:s0 Updating : selinux-policy-devel snip ***LONG VERSION*** To skip this, go to end of email From the selinux-policy-targeted postinstall script fixfiles -C ${FILE_CONTEXT}.pre restore; From the fixfiles man page snip ***SHORT VERSION*** Since you have just installed a new selinux policy, it is going through your system to make sure everything is labeled correctly according to that policy. thank you, troy. for 'long' and 'short'. without 'long', i would not have picked up on another selinux command. ;) i had read, and failed to mention, 'man' for 'restorecon', [and, 'load_policy', 'checkpolicy', 'setfiles'], which gave me insight to what was going on. but there was no indication as to what triggered 'restorecon' to run. now i why it occured after installing 'selinux-policy-targeted'. just one more feature of selinux to know when any of it's files are being updated legally and actions to take. one more that a boy for NSA. Troy p.s. Sorry for the long explanation, but I was in the middle of researching something very similar. my apoligies for interruption. :) i hope you found answer. thanks again. -- peace out. tc.hago, g . in a free world without fences, who needs gates. ** help microsoft stamp out piracy - give linux to a friend today. ** to mess up a linux box, you need to work at it. to mess up an ms windows box, you just need to *look* at it. ** learn linux: 'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html 'The Linux Documentation Project' http://www.tldp.org/ 'LDP HOWTO-index' http://www.tldp.org/HOWTO/HOWTO-INDEX/index.html 'HowtoForge' http://howtoforge.com/ signature.asc Description: OpenPGP digital signature
yum update with '/sbin/restorecon reset' message
greetings, while running yum update from command line, i got several messages stating /sbin/restorecon reset. are these something to be of concern, or is this normal? ria, i received no such messages in previous updates. messages: +++ Running Transaction Updating : xdg-utils Updating : selinux-policy Updating : glibc-common Updating : jdk Unpacking JAR files... rt.jar... jsse.jar... charsets.jar... tools.jar... localedata.jar... plugin.jar... javaws.jar... deploy.jar... Updating : java-1.6.0-sun-compat Updating : selinux-policy-targeted /sbin/restorecon reset /etc/cups/interfaces context system_u:object_r:cup t:s0-system_u:object_r:cupsd_interface_t:s0 /sbin/restorecon reset /etc/rc.d/init.d/nfs context system_u:object_r:ini c_t:s0-system_u:object_r:nfsd_initrc_exec_t:s0 /sbin/restorecon reset /etc/rc.d/init.d/nfslock context system_u:object_r _exec_t:s0-system_u:object_r:rpcd_initrc_exec_t:s0 /sbin/restorecon reset /etc/rc.d/init.d/rpcidmapd context system_u:object rc_exec_t:s0-system_u:object_r:rpcd_initrc_exec_t:s0 /sbin/restorecon reset /etc/sysconfig/iptables context system_u:object_r: 0-system_u:object_r:etc_runtime_t:s0 Updating : selinux-policy-devel Installing : kernel-devel Installing : kernel +++ tia. -- peace out. tc.hago, g . in a free world without fences, who needs gates. ** help microsoft stamp out piracy - give linux to a friend today. ** to mess up a linux box, you need to work at it. to mess up an ms windows box, you just need to *look* at it. ** learn linux: 'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html 'The Linux Documentation Project' http://www.tldp.org/ 'LDP HOWTO-index' http://www.tldp.org/HOWTO/HOWTO-INDEX/index.html 'HowtoForge' http://howtoforge.com/ signature.asc Description: OpenPGP digital signature