SELinux is blocking.........what?

[Judy]

I truly hope that I am not re-hashing another thread. I've looked through the 'General Support' threads and haven't found anything that apertains, but I'm not sure about this.
Tonight, I have spent something like one and a half hours downloading sixteen updates from the Package Manager. Now I know that I get easily bored with watching progress bars so I have been skipping between the Fedora Forums and my download manager.
However, halfway through the downloads, I got (and still have) a warning from SELinux that all was not well. The message I received is as follows:

"Summary
SELinux is preventing unix_update (updpwd_t) "getattr" to <Unknown> (fs_t).

Detailed Description
SELinux denied access requested by unix_update. It is not expected that this
access is required by unix_update and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of
the application is causing it to require additional access.

Allowing Access
You can generate a local policy module to allow this access - see
http://fedora.redhat.com/docs/selinu...fc5/#id2961385 Or you can disable
SELinux protection altogether. Disabling SELinux protection is not
recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.

Additional Information

Source Context system_u:system_r:updpwd_t:s0-s0:c0.c1023
Target Context system_u:object_r:fs_t:s0
Target Objects None [ filesystem ]
Affected RPM Packages
Policy RPM selinux-policy-3.0.8-76.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.catchall
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.23.14-107.fc8 #1
SMP Mon Jan 14 21:37:30 EST 2008 i686 athlon
Alert Count 10
First Seen Fri 28 Dec 2007 05:05:54 PM GMT
Last Seen Thu 31 Jan 2008 07:19:21 PM GMT
Local ID e4b5cc70-24d0-4806-9cdb-7b415a4287bd
Line Numbers

Raw Audit Messages

avc: denied { getattr } for comm=unix_update dev=dm-0 name=/ pid=2759
scontext=system_u:system_r:updpwd_t:s0-s0:c0.c1023 tclass=filesystem
tcontext=system_u:object_r:fs_t:s0"

Can anyone point me in the right direction to resolve this, please?
TIA
Granny (fH)
XXX

[leigh123linux]

Try ( your selinux-policy package is outdated and needs updating )

Code:

su
yum update selinux-policy

Code:

[root@localhost leigh]# rpm -q selinux-policy
selinux-policy-3.0.8-81.fc8
[root@localhost leigh]#

[Judy]

Thanks, Leigh123.
But this is the output I get:-
from the Package Updater -
'There are no updated packages currently available for your system'...
and from the terminal -
[Judy@localhost ~]$ su
Password:
[root@localhost Judy]# su
[root@localhost Judy]# yum update selinux-policy
Setting up Update Process
Could not find update match for selinux-policy
No Packages marked for Update
[root@localhost Judy]# rpm -q selinux-policy
selinux-policy-3.0.8-81.fc8
[root@localhost Judy]# selinux-policy-3.0.8-81.fc8
bash: selinux-policy-3.0.8-81.fc8: command not found
[root@localhost Judy]#

Whence now?

[leigh123linux]

Quote:

Originally Posted by Elide

Thanks, Leigh123.
But this is the output I get:-
from the Package Updater -
'There are no updated packages currently available for your system'...
and from the terminal -
[Judy@localhost ~]$ su
Password:
[root@localhost Judy]# su
[root@localhost Judy]# yum update selinux-policy
Setting up Update Process
Could not find update match for selinux-policy
No Packages marked for Update
[root@localhost Judy]# rpm -q selinux-policy
selinux-policy-3.0.8-81.fc8
[root@localhost Judy]# selinux-policy-3.0.8-81.fc8
bash: selinux-policy-3.0.8-81.fc8: command not found
[root@localhost Judy]#

Whence now?

Ok in your first post you were using the old policy ( have you still got the problem with the new policy )

Code:

Target Context system_u:object_r:fs_t:s0
Target Objects None [ filesystem ]
Affected RPM Packages
Policy RPM selinux-policy-3.0.8-76.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.catchall

[Judy]

OK, Leigh123. Tried various flavours of that and this is the output from the terminal -
[Judy@localhost ~]$ su
Password:
[root@localhost Judy]# Target Context system_u:object_r:fs_t:s0
bash: Target: command not found
[root@localhost Judy]# Target Objects None [ filesystem ]
bash: Target: command not found
[root@localhost Judy]# Affected RPM Packages
bash: Affected: command not found
[root@localhost Judy]# Policy RPM selinux-policy-3.0.8-76.fc8
bash: Policy: command not found
[root@localhost Judy]# Selinux Enabled True
bash: Selinux: command not found
[root@localhost Judy]# Policy Type targeted
bash: Policy: command not found
[root@localhost Judy]# MLS Enabled True
bash: MLS: command not found
[root@localhost Judy]# Enforcing Mode Enforcing
bash: Enforcing: command not found
[root@localhost Judy]# Plugin Name plugins.catchall
bash: Plugin: command not found
[root@localhost Judy]# Policy RPM selinux-policy-3.0.8-76.fc8
bash: Policy: command not found
[root@localhost Judy]#

I suppose, in reality, I should just close down, cross my fingers and hope and pray that SELinux works on my next re-boot - what do you think?

[leigh123linux]

Quote:

Originally Posted by Elide

OK, Leigh123. Tried various flavours of that and this is the output from the terminal -
[Judy@localhost ~]$ su
Password:
[root@localhost Judy]# Target Context system_u:object_r:fs_t:s0
bash: Target: command not found
[root@localhost Judy]# Target Objects None [ filesystem ]
bash: Target: command not found
[root@localhost Judy]# Affected RPM Packages
bash: Affected: command not found
[root@localhost Judy]# Policy RPM selinux-policy-3.0.8-76.fc8
bash: Policy: command not found
[root@localhost Judy]# Selinux Enabled True
bash: Selinux: command not found
[root@localhost Judy]# Policy Type targeted
bash: Policy: command not found
[root@localhost Judy]# MLS Enabled True
bash: MLS: command not found
[root@localhost Judy]# Enforcing Mode Enforcing
bash: Enforcing: command not found
[root@localhost Judy]# Plugin Name plugins.catchall
bash: Plugin: command not found
[root@localhost Judy]# Policy RPM selinux-policy-3.0.8-76.fc8
bash: Policy: command not found
[root@localhost Judy]#

I suppose, in reality, I should just close down, cross my fingers and hope and pray that SELinux works on my next re-boot - what do you think?

They weren't commands ( it was a copy & paste of your output from your first post )

Try rebooting and see if the problem still exists .

[Judy]

I concede! I am now truly a fully signed-up idiot in the Linux field
The only thing that keeps me going is the fact that I work with even more stupid idiots.

[Judy]

Thanks for your help, Leigh123