Bug 155069 - selinux-policy-targeted too verbose when updating
Summary: selinux-policy-targeted too verbose when updating
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 3
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-04-15 22:42 UTC by Florin Andrei
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-05-12 18:04:58 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Florin Andrei 2005-04-15 22:42:53 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050323 Firefox/1.0.2 Fedora/1.0.2-1.3.1

Description of problem:
I created this bug report for FC3 and the latest selinux package, but it's a larger issue.
Basically, when doing "yum update", if the selinux packages are updated, a message will be printed on the screen for some files that need to be run through /sbin/restorecon
This is fine in most cases, except when updating a mail server running Postfix with large queues. In that case, a VERY large number of messages will be printed, making the process extremely slow (especially when running yum through SSH over the Internet).

It would be nice if selinux would be more "clever" about which messages need to be printed out.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-2.96

How reproducible:
Always

Steps to Reproduce:
1.see above
2.
3.
  

Additional info:
Comment 1 Florin Andrei 2005-04-15 22:52:17 UTC 
Discussion thread on fedora-devel-list:

https://www.redhat.com/archives/fedora-devel-list/2005-April/thread.html#00563
Comment 2 Daniel Walsh 2005-04-21 13:06:22 UTC 
I don't know of a good way to fix this.  

Basically policy is doing a fancy diff between 
file_context.prior and file_context.new and then doing a 
restorecon -R -v on it.

Usually this is only going to change a few contexts and could take a very long
time, since some times the diff comes up with /usr or some other high level
directory.   I think the best case if you are worried about this would be

yum -y update > /tmp/yum.log
Comment 3 Karl Berry 2005-06-19 15:28:19 UTC 
I just ran into the same problem (on WS4) with the recent 
selinux-policy-targeted-1.17.30-2.88.noarch.rpm update.  In my case with
partitions not covered by whatever selinux is looking at.  A message got printed
for every one of the 100,000 or so non-system files on my computer, like this:
/sbin/restorecon reset context /backup/archive/...
...
/sbin/restorecon reset context /u/...
...

Since this never happened before, I of course had no idea I should be "worried"
about it, although I certainly will be in the future.  If I had been logged on
to a server over dialup (yes, I have to do this), it would have been a serious
inconvenience.

How about making the diff smart enough to do the redirection and only showing
the first and last few lines, instead of surprising us poor ignorant admins?  If
it can't be made smart enough to simply ignore the top-level directories that it
doesn't know about, which seems like it would be the ideal.

Thanks for your consideration.
Note You need to log in before you can comment on or make changes to this bug.