[CentOS] Shorewall and upgrade from 6.3 to 6.4
Daniel J Walsh
dwalsh at redhat.com
Thu Mar 14 12:52:49 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/14/2013 01:03 AM, Kahlil Hodgson wrote:
> On 14/03/13 06:23, Gordon Messmer wrote:
>> On 03/12/2013 04:07 PM, Kahlil Hodgson wrote:
>>> If you are upgrading from 6.3 to 6.4 and you use shorewall, you will
>>> want to run
>>>
>>> restorecon -Rv /sbin
>>
>> That's odd. Part of the selinux postinstall script involves running
>> "fixfiles" on any files whose context has changed. I confirmed that the
>> iptables contexts changed when I ran restorecon on one system, but I
>> can't understand why they weren't fixed by the postinstall script.
>
> My thoughts exactly. Just doubled checked the postinstall script and can't
> see any obvious bugs. Hmmm ...
>
> If I compare the old and new file_context files ...
>
> <rizo:~> diff file_contexts.new file_contexts.old | grep ip6?tables-multi
>> /sbin/ip6?tables-multi -- system_u:object_r:iptables_exec_t:s0
> < /sbin/ip6?tables-multi.* -- system_u:object_r:iptables_exec_t:s0
>
> so the postinstall script runs (esentially)
>
> fixfiles -C file_contexts.old restore
>
> which tries to fix the context for a /sbin/ip6?tables-multi which does not
> exist on the updated system (which now uses alternatives trickery to
> version these).
>
> K
>
There is a bug in the fixfiles script which was causing triggered by the weird
regex, so the change was not being caught.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlFByCEACgkQrlYvE4MpobOOBgCfcvBLYB8iDyofREAx5UHHUC2V
r5wAoJnJzFIlX5EeiAg1po9ahl7JztbW
=RVIh
-----END PGP SIGNATURE-----
More information about the CentOS
mailing list