g wrote:
greetings,
while running yum update from command line, i got several messages
stating "/sbin/restorecon reset".
are these something to be of concern, or is this normal?
ria, i received no such messages in previous updates.
messages:
+++
Running Transaction
Updating : xdg-utils
Updating : selinux-policy
Updating : glibc-common
Updating : jdk
Unpacking JAR files...
rt.jar...
jsse.jar...
charsets.jar...
tools.jar...
localedata.jar...
plugin.jar...
javaws.jar...
deploy.jar...
Updating : java-1.6.0-sun-compat
Updating : selinux-policy-targeted
/sbin/restorecon reset /etc/cups/interfaces context system_u:object_r:cup
t:s0->system_u:object_r:cupsd_interface_t:s0
/sbin/restorecon reset /etc/rc.d/init.d/nfs context system_u:object_r:ini
c_t:s0->system_u:object_r:nfsd_initrc_exec_t:s0
/sbin/restorecon reset /etc/rc.d/init.d/nfslock context system_u:object_r
_exec_t:s0->system_u:object_r:rpcd_initrc_exec_t:s0
/sbin/restorecon reset /etc/rc.d/init.d/rpcidmapd context system_u:object
rc_exec_t:s0->system_u:object_r:rpcd_initrc_exec_t:s0
/sbin/restorecon reset /etc/sysconfig/iptables context system_u:object_r:
0->system_u:object_r:etc_runtime_t:s0
Updating : selinux-policy-devel
Installing : kernel-devel
Installing : kernel
+++
tia.
***LONG VERSION***
To skip this, go to end of email
From the selinux-policy-targeted postinstall script
fixfiles -C ${FILE_CONTEXT}.pre restore;
From the fixfiles man page
"This script is primarily used to correct the security context database
(extended attributes) on filesystems.
It can also be run at any time to relabel when adding support for new
policy, or just check whether the file contexts are all as you expect.
By default it will relabel all mounted ext2, ext3, xfs and jfs file
systems as long as they do not have a security context mount option. You
can use the -R flag to use rpmpackages as an alternative."
Doing a grep through /sbin/fixfiles we see that it is really using the
program /sbin/restorecon to do it's selinux setting.
From the restorecon man page
"This program is primarily used to set the security context (extended
attributes) on one or more files.
It can be run at any time to correct errors, to add support for new
policy, or with the -n option it can just check whether the file
contexts are all as you expect."
***SHORT VERSION***
Since you have just installed a new selinux policy, it is going through
your system to make sure everything is labeled correctly according to
that policy.
Troy
p.s. Sorry for the long explanation, but I was in the middle of
researching something very similar.
--
__________________________________________________
Troy Dawson daw...@fnal.gov (630)840-6468
Fermilab ComputingDivision/SCF/FEF/SLSMS Group
__________________________________________________
