On Tue, 2005-06-28 at 22:27 +1000, Russell Coker wrote: > > > > I did an update this afternoon, which included the selinux policy update > > and the latest kernel (kernel-2.6.11-1.35_FC3). During the yum update, > > things started breaking as the update applied the new policies (eg. I > > couldn't use ssh from the laptop to other hosts). > > Did things work better after you had booted the new kernel? Maybe the problem > is a combination of new policy and slightly older kernel. Still have not tried the new kernel yet. I will give this a go. > > > When I tried to shutdown, I got many messages like this: > > > > Jun 28 18:56:00 ben8600 kernel: audit(1119948960.209:0): avc: denied > > { execmod } for pid=13420 comm=mingetty path=/lib/tls/libc-2.3.5.so > > dev=hda11 ino=20455 scontext=user_u:system_r:unconfined_t > > tcontext=system_u:object_r:lib_t tclass=file > > That's an example of a .so file which is mis-labeled. > > What version of glibc? Mine is glibc-2.3.5-0.fc3.1. Mine is the same. > > > My only option was to power off the laptop. I then had to boot with > > enforcing=0 (and a considerable amount of fscking) to get back up. > > > > If there is any other information I can give you to help reproduce this, > > let me know. > > What state is the machine in now? I have dropped back to the previous policy and relabelled, using these steps, as posted here earlier today: rpm -ev selinux-policy-targeted selinux-policy-targeted-sources rm -fR /etc/selinux/targeted/ rpm -ivh /var/cache/yum/updates-released/packages/selinux- policy-targeted-1.17.30-3.9.noarch.rpm /var/cache/yum/updates- released/packages/selinux-policy-targeted-sources-1.17.30-3.9.noarch.rpm touch /.autorelabel Everything seems to be back to normal. My next steps (when I can afford the time of having the laptop unavailable) will be to boot into the new kernel. still using the previous policy file, confirm all is good with that, then re-apply the new policy update and see if the same problems occur. Cheers, Ben