4:53 p.m.
I previously posted this to the selinux list but the suggestion was made that
I might get a better (quicker) response on this list.
https://bugzilla.redhat.com/show_bug.cgi?id=533427 was first reported 6
November and on 6 November Dan Walsh reported that the problem was fixed in
selinux-policy-3.6.32-42.fc12.noarch
WHERE IS selinux-policy-3.6.32-42.fc12.noarch ????
Today is 18 November. This update (or a later/more-recent version) has not
appeared in either updates or updates-testing for F12.
selinux-policy-3.6.32-46.fc12 is currently "queued for updates-testing but has
yet to be added.
The problem in https://bugzilla.redhat.com/show_bug.cgi?id=533427 impacts the
abrt package's ability to function properly. The abrt package is a really
good new feature in Fedora 12 and should help resolve problems more quickly
since it provides a lot more information than many users include in the
handcrafted reports (myself included).
Dan Walsh has pointed out that:
abrt_t is a permissive domain.
node=(removed) type=SYSCALL msg=audit(1257529975.949:596):
arch=40000003
syscall=39 success=yes exit=0 a0=9779660 a1=1ed a2=38f6868 a3=9259050 items=0
ppid=17113 pid=17114 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=(none) ses=2 comm="yum" exe="/usr/bin/python"
subj=unconfined_u:system_r:abrt_t:s0 key=(null)
If you look at the AVC you will see success=yes. Which indicates that
the
AVC did not block anything. So if abrt is not working properly for some
reason, it is not SELinux causing the problem.
SO the lack of the selinux update may not be the problem with abrt's inability
to get debuginfo packages so that it can generate a meaningful backtrace.
I do believe that it has been a bit long in getting an update out for selinux-
policy.
Gene
5:05 p.m.
On Wed, Nov 18, 2009 at 17:53:39 -0500,
Gene Czarcinski <gene(a)czarc.net> wrote:
selinux-policy-3.6.32-46.fc12 is currently "queued for updates-testing but has
As an update to this, I got 3.6.32-46 today in an update (from which repo
I am not sure). But the mirrors are lagging a bit so Gene might not have
had a chance to see it yet.
11:14 a.m.
On Wednesday 18 November 2009 18:05:57 Bruno Wolff III wrote:
On Wed, Nov 18, 2009 at 17:53:39 -0500,
Gene Czarcinski <gene(a)czarc.net> wrote:
> selinux-policy-3.6.32-46.fc12 is currently "queued for updates-testing
> but has
As an update to this, I got 3.6.32-46 today in an update (from which repo
I am not sure). But the mirrors are lagging a bit so Gene might not have
had a chance to see it yet.
Yes, "3.6.32-46" has made it to updates-testing. I hope it moves to
updates
sooner rather than later too. A number of individuals are discovering and
reporting this problem ... I know because as a CC, I get an email every time a
new users is added to the CC list.
Gene
11:37 a.m.
Gene Czarcinski <gene(a)czarc.net> writes:
Yes, "3.6.32-46" has made it to updates-testing. I hope it
moves to
updates sooner rather than later too. A number of individuals are
discovering and reporting this problem ... I know because as a CC, I
get an email every time a new users is added to the CC list.
Me too. I'm wondering if we will make it to 100 before -46 hits the
"updates" repo. I decided not to wait and snag the policy from the
testing repository.
yum --enablerepo=updates-testing update selinux-policy-targeted selinux-policy
-wolfgang
--
Wolfgang S. Rupprecht
If the airwaves belong to the public why does the public only get 3
non-overlapping WIFI channels?
2:20 p.m.
On Thu, 2009-11-19 at 09:37 -0800, Wolfgang S. Rupprecht wrote:
Gene Czarcinski <gene(a)czarc.net> writes:
> Yes, "3.6.32-46" has made it to updates-testing. I hope it moves to
> updates sooner rather than later too. A number of individuals are
> discovering and reporting this problem ... I know because as a CC, I
> get an email every time a new users is added to the CC list.
Me too. I'm wondering if we will make it to 100 before -46 hits the
"updates" repo. I decided not to wait and snag the policy from the
testing repository.
yum --enablerepo=updates-testing update selinux-policy-targeted selinux-policy
You can help promote the update by giving feedback in Bodhi. This is one
of the responsibilities of the QA group and it'd be great if everyone
would test updates from updates-testing that are relevant to their usage
and provide feedback in Bodhi. You can go to
https://admin.fedoraproject.org/updates/ and search for the name of the
updated package, and file your feedback there - it's best to log in with
the 'Log In' link at the bottom of the left-hand blue panel before doing
this. The direct link for the selinux-policy update in question is
https://admin.fedoraproject.org/updates/F12/FEDORA-2009-11672 . Thanks!
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net
3:17 p.m.
On Thursday 19 November 2009 12:37:52 Wolfgang S. Rupprecht wrote:
Gene Czarcinski <gene(a)czarc.net> writes:
> Yes, "3.6.32-46" has made it to updates-testing. I hope it moves to
> updates sooner rather than later too. A number of individuals are
> discovering and reporting this problem ... I know because as a CC, I
> get an email every time a new users is added to the CC list.
Me too. I'm wondering if we will make it to 100 before -46 hits the
"updates" repo. I decided not to wait and snag the policy from the
testing repository.
100? My last check showed 119 users on the CC list.
On the good side, the selinux-policy update is submitted (queued for) updates
but has not made it yet.
Now, if I only knew that this selinux-update actually fixed abrt so that it
could produce a backtrace with symbolics, I would be happy. While the selinux
exceptions no longer occur, abrt still does not download debuginfo packages.
At some time during the F12 development cycle, I remember that debuginfo
packages were downloaded. Anyone have any additional comments/information on
this?
Gene
5322
days inactive
5324
days old
5 comments
4 participants
participants (4)
-
Adam Williamson -
Bruno Wolff III -
Gene Czarcinski -
Wolfgang S. Rupprecht