Arthur Pemberton wrote:
From /var/log/yum.log:
Jun 27 04:25:18 Updated: selinux-policy-targeted.noarch 1.17.30-3.13
Jun 27 04:26:21 Updated: selinux-policy-targeted-sources.noarch
1.17.30-3.13
------------------------------------------------
Since then things have come tumbling down here are samples of the errors:
Jun 27 04:25:27 Romeo kernel: audit(1119860727.362:0): avc: denied {
execmod } for pid=6990 comm=sendmail path=/lib/tls/libm-2.3.5.so
dev=dm-0 ino=5455897 scontext=user_u:system_r:unconfined_t
tcontext=system_u:object_r:lib_t tclass=file
Jun 27 04:30:01 Romeo kernel: audit(1119861001.392:0): avc: denied {
execmod } for pid=6994 comm=crond path=/lib/libnsl-2.3.5.so dev=dm-0
ino=5455874 scontext=user_u:system_r:unconfined_t
tcontext=system_u:object_r:lib_t tclass=file
Jun 27 04:30:01 Romeo kernel: audit(1119861001.413:0): avc: denied {
execmod } for pid=6994
comm=crondpath=/lib/libcrypt-2.3.5.sodev=dm-0ino=5455909
scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:lib_t
tclass=file
Jun 27 04:53:38 Romeo kernel: audit(1119862418.204:0): avc: denied {
execmem } for pid=4238 comm=mysqld scontext=user_u:system_r:mysqld_t
tcontext=user_u:system_r:mysqld_t tclass=process
Jun 27 08:22:09 Romeo kernel: audit(1119874929.566:0): avc: denied {
connect } for pid=4251 exe=/usr/sbin/httpd
scontext=user_u:system_r:httpd_t tcontext=user_u:system_r:httpd_t
tclass=tcp_socket
-------------------------------------------------------------
The most noticeable result of all this is that mysql has died:
050627 07:19:27 mysqld started
050627 7:19:28 [Warning] Asked for 196608 thread stack, but got 126976
050627 7:19:28 [ERROR] Fatal error: Can't change to run as user
'mysql' ; Please check that the user exists!
( I still have not been able to figure out where the mysql user
dissappeared to )
Since mysql has been killed by this prob, it has taken down my smtp
and imap server with it, along with two of my database driven
websites. Currently, php claims to not even know about the function
mysql_connect()
I am going to attempt to recitify the issues with audit2allow. My
system was working properly when I went to be , ie. pre yum update.
Well I've since attempted:
# cd /etc/selinux/strict/src/policy
# audit2allow -i /var/log/messages -l > domains/msic/local.te
# make reload
I ended up with:
domains/misc/local.te:12:ERROR 'syntax error' at token ';' on line 4180:
allow mysqld_t process: execmem;
allow mysqld_t self:process execmem;
/usr/bin/checkpolicy: error(s) encountered while parsing configuration
make: *** [/etc/selinux/targeted/policy/policy.18] Error 1
------------------------------------------
So I reverted the changes ot local.te and did a `yum --oldpackage -Uhv`
selinux-policy-targeted and selinux-policy-targeted-sources to the prior
version. I also am going to temporarily turn of my yum service so that
the selinux deosnt' get updated in my sleep again.
