-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/21/2012 08:05 AM, mark wrote: > On 11/21/12 05:17, Daniel J Walsh wrote: >> On 11/20/2012 03:56 PM, m.roth at 5-cent.us wrote: >>> I upgraded a development server last week, and it started spewing >>> selinux errors to the log. I googled. What finally *seems* to have >>> stopped it was a) setsebool -P httpd_setrlimit 1 b) yum downgrade >>> selinux-policy\* >>> >>> This is on a 6.3 box. Has anyone else seen this behaviour? >>> >> I would doubt you needed to downgrade the policy. I would figure you got >> a new version of apache or some application that was requiring httpd to >> setrlimit. > > You mean *all* that garbage was because setrlimit needed to be set? If so, > I would have expected the installation or upgrade of the package to do that > in the postinstall. > > Thanks. > > mark I have no idea what happened to cause the problem. But I do know that selinux-policy releases always loosen policy on minor releases. Since there is no tightening of selinux-policy I don't see where upgrading or downgrading policy would suddenly cause apache to want to setrlimit. Other packages within the same update like potentially the kernel, httpd or perhaps the apps you are running in httpd could have caused it. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlCs2hoACgkQrlYvE4MpobOzvwCcDIym/Y54c6WvO+S0mbohLTib ayYAn1hVBkjVEJwqNyxWwNxa+IhaMlx3 =Y4bP -----END PGP SIGNATURE-----