Re: [CentOS] Shorewall and upgrade from 6.3 to 6.4

14 Mar 2013

      On 14/03/13 06:23, Gordon Messmer wrote:
...
On 03/12/2013 04:07 PM, Kahlil Hodgson wrote:
...
If you are upgrading from 6.3 to 6.4 and you use shorewall, you will
want to run
restorecon -Rv /sbin
That's odd.  Part of the selinux postinstall script involves running
"fixfiles" on any files whose context has changed.  I confirmed that the
iptables contexts changed when I ran restorecon on one system, but I
can't understand why they weren't fixed by the postinstall script.
My thoughts exactly.  Just doubled checked the postinstall script and 
can't see any obvious bugs. Hmmm ...
If I compare the old and new file_context files ...
rizo:~ diff file_contexts.new file_contexts.old | grep ip6?tables-multi
...
/sbin/ip6?tables-multi	--	system_u:object_r:iptables_exec_t:s0
< /sbin/ip6?tables-multi.*	--	system_u:object_r:iptables_exec_t:s0
so the postinstall script runs (esentially)
fixfiles -C file_contexts.old restore
which tries to fix the context for a /sbin/ip6?tables-multi which does 
not exist on the updated system (which now uses alternatives trickery to 
version these).
K
-- 
Kahlil (Kal) Hodgson                       GPG: C9A02289
Head of Technology                         (m) +61 (0) 4 2573 0382
DealMax Pty Ltd                            (w) +61 (0) 3 9008 5281

Suite 1415
401 Docklands Drive
Docklands VIC 3008 Australia

"All parts should go together without forcing.  You must remember that
the parts you are reassembling were disassembled by you.  Therefore,
if you can't get them together again, there must be a reason.  By all
means, do not use a hammer."  -- IBM maintenance manual, 1925

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [CentOS] Shorewall and upgrade from 6.3 to 6.4