Bug 155069 - selinux-policy-targeted too verbose when updating
selinux-policy-targeted too verbose when updating
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2005-04-15 18:42 EDT by Florin Andrei
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-05-12 14:04:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Florin Andrei 2005-04-15 18:42:53 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050323 Firefox/1.0.2 Fedora/1.0.2-1.3.1

Description of problem:
I created this bug report for FC3 and the latest selinux package, but it's a larger issue.
Basically, when doing "yum update", if the selinux packages are updated, a message will be printed on the screen for some files that need to be run through /sbin/restorecon
This is fine in most cases, except when updating a mail server running Postfix with large queues. In that case, a VERY large number of messages will be printed, making the process extremely slow (especially when running yum through SSH over the Internet).

It would be nice if selinux would be more "clever" about which messages need to be printed out.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.see above

Additional info:
Comment 1 Florin Andrei 2005-04-15 18:52:17 EDT
Discussion thread on fedora-devel-list:

Comment 2 Daniel Walsh 2005-04-21 09:06:22 EDT
I don't know of a good way to fix this.  

Basically policy is doing a fancy diff between 
file_context.prior and file_context.new and then doing a 
restorecon -R -v on it.

Usually this is only going to change a few contexts and could take a very long
time, since some times the diff comes up with /usr or some other high level
directory.   I think the best case if you are worried about this would be

yum -y update > /tmp/yum.log
Comment 3 Karl Berry 2005-06-19 11:28:19 EDT
I just ran into the same problem (on WS4) with the recent 
selinux-policy-targeted-1.17.30-2.88.noarch.rpm update.  In my case with
partitions not covered by whatever selinux is looking at.  A message got printed
for every one of the 100,000 or so non-system files on my computer, like this:
/sbin/restorecon reset context /backup/archive/...
/sbin/restorecon reset context /u/...

Since this never happened before, I of course had no idea I should be "worried"
about it, although I certainly will be in the future.  If I had been logged on
to a server over dialup (yes, I have to do this), it would have been a serious

How about making the diff smart enough to do the redirection and only showing
the first and last few lines, instead of surprising us poor ignorant admins?  If
it can't be made smart enough to simply ignore the top-level directories that it
doesn't know about, which seems like it would be the ideal.

Thanks for your consideration.

Note You need to log in before you can comment on or make changes to this bug.