From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 Description of problem: I did a fresh clean install of FC2T2 and have selinux enable. I tried to update the kernel to 2.6.4-1.300 (rpm -Uvh kernel-2.6.4-1.300.i686) and got the following selinux related errors. The grub.conf was not updated, I had to update it manually. I was logged on as root when I did the rpm -Uvh. After updating grub.conf and rebooting the kernel boots so the install appears to have completed properly, but just not updating grub.conf. Apr 1 20:48:37 excalibur kernel: audit(1080874117.217:0): avc: denied { read } for pid=1884 exe=/sbin/consoletype path=pipe:[6146] dev= ino=6146 scontext=root:system_r:consoletype_t tcontext=root:sysadm_r:rpm_t tclass=fifo_file Apr 1 20:53:17 excalibur kernel: loop: loaded (max 8 devices) Apr 1 20:54:14 excalibur kernel: audit(1080874454.047:0): avc: denied { search } for pid=1952 exe=/bin/bash name=root dev=sdb2 ino=210913 scontext=root:sysadm_r:bootloader_t tcontext=root:object_r:staff_home_dir_t tclass=dir Apr 1 20:54:36 excalibur kernel: SELinux: initialized (dev loop0, type ext2), uses xattr Apr 1 20:54:43 excalibur kernel: audit(1080874483.785:0): avc: denied { search } for pid=2302 exe=/sbin/grubby name=root dev=sdb2 ino=210913 scontext=root:sysadm_r:bootloader_t tcontext=root:object_r:staff_home_dir_t tclass=dir Apr 1 20:54:43 excalibur kernel: audit(1080874483.807:0): avc: denied { write } for pid=2302 exe=/sbin/grubby name=dev dev=sdb2 ino=859873 scontext=root:sysadm_r:bootloader_t tcontext=system_u:object_r:device_t tclass=dir Apr 1 20:54:43 excalibur kernel: audit(1080874483.827:0): avc: denied { unlink } for pid=2302 exe=/sbin/grubby name=grub.conf dev=sdb1 ino=2011 scontext=root:sysadm_r:bootloader_t tcontext=root:object_r:etc_t tclass=file Apr 1 20:54:43 excalibur kernel: audit(1080874483.828:0): avc: denied { unlink } for pid=2302 exe=/sbin/grubby name=grub.conf dev=sdb1 ino=2011 scontext=root:sysadm_r:bootloader_t tcontext=root:object_r:etc_t tclass=file Apr 1 20:55:13 excalibur kernel: audit(1080874513.693:0): avc: denied { search } for pid=2317 exe=/sbin/grubby name=root dev=sdb2 ino=210913 scontext=root:sysadm_r:bootloader_t tcontext=root:object_r:staff_home_dir_t tclass=dir Apr 1 20:55:13 excalibur kernel: audit(1080874513.696:0): avc: denied { unlink } for pid=2317 exe=/sbin/grubby name=grub.conf dev=sdb1 ino=2011 scontext=root:sysadm_r:bootloader_t tcontext=root:object_r:etc_t tclass=file Apr 1 20:55:13 excalibur kernel: audit(1080874513.696:0): avc: denied { unlink } for pid=2317 exe=/sbin/grubby name=grub.conf dev=sdb1 ino=2011 scontext=root:sysadm_r:bootloader_t tcontext=root:object_r:etc_t tclass=file Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. install FC2T2 2. try to update kernel 3. Actual Results: grub.conf did not update Expected Results: grub.conf should have been updated with the new kernel information Additional info:
I just updated to policy-1.9.2-5.noarch.rpm and policy-sources-1.9.2-5 with the same results.
Why is your /etc/grub.conf file not a link to ../boot/grub/grub.conf The problem is being caused because this is not a link
I just checked and /etc/grub.conf is a link to ../boot/grub/grub.conf
Can you recreate the problem. Dan
It happened when I upgraded the kernel to 303. I will check this weekend when I upgrade to 305 (or whatever version is avaiable later today).
The latest policy and kernel did not show this problem.