Bug 443805 - selinux invalid file type
selinux invalid file type
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: policycoreutils (Show other bugs)
8
x86_64 Linux
low Severity urgent
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
http://chris1.redirectme.net/~chris/bugs
: SELinux
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-04-23 09:57 EDT by CL
Modified: 2008-04-30 08:33 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-04-29 08:49:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description CL 2008-04-23 09:57:33 EDT
Description of problem:

QUOTED FROM IRC FREENODE SERVER #selinux:

[Sun Apr 20 2008] [15:19:17] |Join| You have joined the channel #selinux ().
[Sun Apr 20 2008] [15:19:17] |Topic| The channel topic is "English channel about
NSA Security Enhanced Linux. (Denna kanal engelsk, #linux.se e svensk.) Please
be patient, we're not always here, but we do like to chat so hang around. FAQ:
http://www.crypt.gen.nz/selinux/faq.html | SE Linux News Portal:
http://selinuxnews.org/ | Planet SE Linux: http://selinuxnews.org/planet/".
[Sun Apr 20 2008] [15:19:17] |Topic| The topic was set by rjc on 08/22/2007
01:40:53 AM.
[Sun Apr 20 2008] [15:19:18] |Mode| Channel modes: no messages from outside, no
colors allowed
[Sun Apr 20 2008] [15:19:18] |Created| This channel was created on 11/26/2006
12:42:40 AM.
[Sun Apr 20 2008] [15:20:34] <linux_user400354> i have ntfs on linux which im
trying to share via samba. also a few directories inside of the ntfs are
symbolically linked into my home directory which i am trying to share via samba.
selinux is complaining, selinuxtroubleshooter gives invalid information on how
to solve the problem.
[Sun Apr 20 2008] [15:21:53] <domg472> did you read man samba_selinux?
[Sun Apr 20 2008] [15:23:25] |Quit| pixelbrei has left this server ("foem.info").
[Sun Apr 20 2008] [15:26:54] <linux_user400354> didnt know of it but now i am
[Sun Apr 20 2008] [15:38:24] <linux_user400354> # semanage fcontext -a -t
samba_share_t ’/home/chris/Link\ to\ Publications(/.*)?’                       
-bash: syntax error near unexpected token `('
[08:17] --> You have joined the channel #selinux ().
[08:17] *** The channel topic is "English channel about NSA Security Enhanced
Linux. (Denna kanal engelsk, #linux.se e svensk.) Please be patient, we're not
always here, but we do like to chat so hang around. FAQ:
http://www.crypt.gen.nz/selinux/faq.html | SE Linux News Portal:
http://selinuxnews.org/ | Planet SE Linux: http://selinuxnews.org/planet/".
[08:17] *** The topic was set by rjc on 08/22/2007 01:40:53 AM.
[08:17] *** Channel modes: no messages from outside, no colors allowed
[08:17] *** This channel was created on 11/26/2006 12:42:40 AM.
[08:18] --> dwalsh_ has joined this channel
(n=dwalsh@c-24-60-234-207.hsd1.ma.comcast.net).
[08:18] [Error] etc/selinux/targeted/contexts/files/file_contexts.local::
Unknown command.
[08:18] <linux_user400354>
/etc/selinux/targeted/contexts/files/file_contexts.local:  line 5 has invalid
file type to\
[08:19] <linux_user400354> ????????? help
[08:19] <linux_user400354> ’/home/chris/Link\ to\ Publications(/.*)?’ 
[08:19] <linux_user400354> contained on line 5
[08:19] <domg472_> hi
[08:19] <domg472_> use semanage
[08:20] <domg472_> remove that line and use semanage
[08:20] <linux_user400354> it was put there with semanage
[08:20] <domg472_> semanage fcontext -a ....
[08:20] <domg472_> strange
[08:20] <-- linuxlala has left this server ("Leaving").
[08:20] <domg472_> eitherway it says invalid file type
[08:21] <domg472_> so remove it if you can and try again with a valid file type
[08:21] <domg472_> man semanage
[08:23] <domg472_> if semaange accepted tat input than that may be a bug
[08:23] <linux_user400354>   895  semanage fcontext -a -t samba_share_t
’/home/chris/Link\ to\ Publications(/.*)?’
[08:23] <linux_user400354>   896  semanage fcontext -a -t samba_share_t
"’/home/chris/Link\ to\ Publications(/.*)?’"
[08:24] <linux_user400354> second one worked
[08:24] <domg472_> thats wrong
[08:24] <domg472_> /home/chris/Link\ to\ Publications
[08:24] <domg472_> not valid
[08:24] <linux_user400354> put quotes around it?
[08:24] <domg472_> no just a proper path:
[08:25] <linux_user400354> [root@localhost ~]# cd /home/chris/Link\ to\
Publications/
[08:25] <linux_user400354> [root@localhost Link to Publications]# 
[08:25] <linux_user400354> worked
[08:25] <domg472_> semanage fcontext -a -t samba_share_t
"/home/chris/Publications(/.*)?"
[08:25] <domg472_> oh i see
[08:25] <domg472_> sorry
[08:25] <domg472_> those were escape slashes
[08:27] <-- Kasra has left this server ("http://www.mibbit.com ajax IRC Client").
[08:28] <linux_user400354> bug?
[08:28] <domg472_> yes i would say so
[08:28] <domg472_> if semanage allows you to enter invalid file types
[08:29] <domg472_> i just dont know how one would solve that issue
[08:29] <linux_user400354> where is this bug reported?
[08:29] <domg472_> whats your distro?
[08:30] <linux_user400354> fedora 8
[08:30] <linux_user400354> 64 bit swap / and /home in raid 1
[08:30] <domg472_> polictcoreutils in fedora bugzilla may be a good place since
semanage is probably part of policycoreutils
[08:30] <domg472_> nice configuration
[08:34] --> abbe has joined this channel (n=abbe@unaffiliated/wahjava).
[08:34] <abbe> hi domg472_
[08:34] <domg472_> hi
[08:34] <abbe> domg472_: I need help
[08:34] <domg472_> me to
[08:34] <domg472_> ;)
[08:34] <domg472_> how can i help
<SNIP>
[08:34] <linux_user400354> whats your reason for believing the bug is distro
specific?
[08:35] <domg472_> its not linux_user but i think its best to report it there
and they will take care of upstream id imagine
<SNIP>
[08:41] <linux_user400354> domg472_: which component does this bug belong under?
selinux-doc, policy, policy-mls, policy-strict, policy-targeted
[08:41] <domg472_> policycoreutils




Version-Release number of selected component (if applicable):



How reproducible:


Steps to Reproduce:
1. semanage fcontext -a -t samba_share_t "’/home/chris/Link\ to\
Publications(/.*)?’"

(NOTE: that directory is a symbolic link to an ntfs partition)

2. [chris@localhost ~]$ ssh -i .ssh/id_rsa.pub -l kde-devel localhost
/etc/selinux/targeted/contexts/files/file_contexts.local:  line 5 has invalid
file type to\


3. Bang head on table. Take 10mg Xanax and repeat.
  
Actual results: FUCKED, PAIN IN ARSE


Expected results: NO ERRORS


Additional info: PLEASE FIX. DOES SELINUX REALLY PROVIDE MUCH SECURITY TO MAKE
IT WORTH THE TROUBLE?
Comment 1 Daniel Walsh 2008-04-23 17:18:03 EDT
Yes semanage is having a problem with the spaces in the path.  Please remove the
path.

semanage fcontext -d -t samba_share_t "’/home/chris/Link\ to\
Publications(/.*)?’"

What was the AVC that you were getting to cause you to try this labeling?

You might be able to simply set a boolean for samba to have access to the shared
file.

getsebool -a | grep samba
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_run_unconfined --> on
samba_share_fusefs --> off
samba_share_nfs --> off
use_samba_home_dirs --> off
virt_use_samba --> off


setsebool -P samba_export_all_ro=1 

For example.


Comment 2 CL 2008-04-26 03:37:11 EDT
(In reply to comment #1)
> Yes semanage is having a problem with the spaces in the path.  Please remove the
> path.

I renamed "Link to Publications" to just "Publications", and the same problem
exists.

> 
> semanage fcontext -d -t samba_share_t "’/home/chris/Link\ to\
> Publications(/.*)?’"
> 
> What was the AVC that you were getting to cause you to try this labeling?

What is AVC? I do not see it here.
http://www.google.com/search?q=define%3Aavc&as_rights=

[root@localhost chris]# semanage fcontext -d -t samba_share_t
"’/home/chris/Publications(/.*)?’"
[root@localhost chris]# 

> 
> You might be able to simply set a boolean for samba to have access to the shared
> file.
> 
> getsebool -a | grep samba
> samba_domain_controller --> off
> samba_enable_home_dirs --> off
> samba_export_all_ro --> off
> samba_export_all_rw --> off
> samba_run_unconfined --> on
> samba_share_fusefs --> off
> samba_share_nfs --> off
> use_samba_home_dirs --> off
> virt_use_samba --> off
> 
[root@localhost chris]# getsebool -a | grep samba
samba_domain_controller --> off
samba_enable_home_dirs --> on
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_run_unconfined --> on
samba_share_nfs --> off
use_samba_home_dirs --> off
[root@localhost chris]# 

> 
> setsebool -P samba_export_all_ro=1 
> 
> For example.
> 
> 
> 

Tried it. Take a look.

I reduced the size of these images, so hopefully they should load faster for you.

http://chris1.redirectme.net/~chris/bugs

selinux_error1.jpg and selinux_error2.jpg. Check those.
Comment 3 CL 2008-04-26 03:40:48 EDT
I forgot to mention that I'm trying to access the symbolic links to the ntfs
directories through samba over vmware server. The networking part of vmware is
working. I see the directories. I see computers on the lan in the workgroup, but
when I try to view those particular shared directories, errors occure and
selinuxtroubleshooter starts complaining. I can view my user's home directory
through vmware and samba as a test.
Comment 4 Daniel Walsh 2008-04-28 14:43:12 EDT
grep avc /var/log/audit/audit.log or if you don't have audit.log grep avc
/var/log/messages and then attach to this bugzilla.
Comment 5 CL 2008-04-29 00:42:01 EDT
[root@localhost ~]# grep avc /var/log/audit/audit.log
type=AVC msg=audit(1209380491.193:265): avc:  denied  { getattr } for  pid=3064
comm="httpd" path="/home/chris/public_html/Desktop.tar.bz2" dev=md2 ino=11293926
scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:user_home_t:s0
tclass=file
type=AVC msg=audit(1209442829.830:2911): avc:  denied  { read } for  pid=16894
comm="smbd" name=446F63756D656E747320616E642053657474696E6773 dev=sda1 ino=4375
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:fusefs_t:s0
tclass=dir
type=AVC msg=audit(1209442829.916:2912): avc:  denied  { read } for  pid=16894
comm="smbd" name=446F63756D656E747320616E642053657474696E6773 dev=sda1 ino=4375
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:fusefs_t:s0
tclass=dir
type=AVC msg=audit(1209442830.776:2913): avc:  denied  { read } for  pid=16894
comm="smbd" name=446F63756D656E747320616E642053657474696E6773 dev=sda1 ino=4375
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:fusefs_t:s0
tclass=dir
type=AVC msg=audit(1209442835.403:2914): avc:  denied  { read } for  pid=16894
comm="smbd" name=446F63756D656E747320616E642053657474696E6773 dev=sda1 ino=4375
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:fusefs_t:s0
tclass=dir
type=AVC msg=audit(1209442836.513:2915): avc:  denied  { read } for  pid=16894
comm="smbd" name=446F63756D656E747320616E642053657474696E6773 dev=sda1 ino=4375
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:fusefs_t:s0
tclass=dir
type=AVC msg=audit(1209442836.581:2916): avc:  denied  { read } for  pid=16894
comm="smbd" name=446F63756D656E747320616E642053657474696E6773 dev=sda1 ino=4375
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:fusefs_t:s0
tclass=dir
type=AVC msg=audit(1209442839.671:2917): avc:  denied  { read } for  pid=16894
comm="smbd" name=446F63756D656E747320616E642053657474696E6773 dev=sda1 ino=4375
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:fusefs_t:s0
tclass=dir
type=USER_AVC msg=audit(1209443122.543:2918): user pid=2684 uid=81
auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc:  received
policyload notice (seqno=2) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)'
type=AVC msg=audit(1209443217.968:2919): avc:  denied  { read } for  pid=16894
comm="smbd" name=446F63756D656E747320616E642053657474696E6773 dev=sda1 ino=4375
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:fusefs_t:s0
tclass=dir
type=USER_AVC msg=audit(1209443263.452:2920): user pid=2684 uid=81
auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc:  received
policyload notice (seqno=3) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)'
type=AVC msg=audit(1209443283.389:2921): avc:  denied  { read } for  pid=17004
comm="smbd" name=446F63756D656E747320616E642053657474696E6773 dev=sda1 ino=4375
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:fusefs_t:s0
tclass=dir
type=AVC msg=audit(1209443283.481:2922): avc:  denied  { read } for  pid=17004
comm="smbd" name=446F63756D656E747320616E642053657474696E6773 dev=sda1 ino=4375
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:fusefs_t:s0
tclass=dir
type=USER_AVC msg=audit(1209443313.910:2923): user pid=2684 uid=81
auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc:  received
policyload notice (seqno=4) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)'
type=AVC msg=audit(1209443332.931:2924): avc:  denied  { read } for  pid=17032
comm="smbd" name=446F63756D656E747320616E642053657474696E6773 dev=sda1 ino=4375
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:fusefs_t:s0
tclass=dir
type=AVC msg=audit(1209443333.655:2925): avc:  denied  { read } for  pid=17032
comm="smbd" name=446F63756D656E747320616E642053657474696E6773 dev=sda1 ino=4375
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:fusefs_t:s0
tclass=dir
type=AVC msg=audit(1209443333.746:2926): avc:  denied  { read } for  pid=17032
comm="smbd" name=446F63756D656E747320616E642053657474696E6773 dev=sda1 ino=4375
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:fusefs_t:s0
tclass=dir
type=AVC msg=audit(1209443338.526:2927): avc:  denied  { read } for  pid=17032
comm="smbd" name=446F63756D656E747320616E642053657474696E6773 dev=sda1 ino=4375
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:fusefs_t:s0
tclass=dir
type=AVC msg=audit(1209443528.947:2931): avc:  denied  { read } for  pid=17032
comm="smbd" name="Publications" dev=sda1 ino=52453
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:fusefs_t:s0
tclass=dir
type=AVC msg=audit(1209443528.968:2932): avc:  denied  { read } for  pid=17032
comm="smbd" name="Publications" dev=sda1 ino=52453
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:fusefs_t:s0
tclass=dir
type=AVC msg=audit(1209443529.253:2933): avc:  denied  { read } for  pid=17032
comm="smbd" name="Publications" dev=sda1 ino=52453
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:fusefs_t:s0
tclass=dir
type=AVC msg=audit(1209443530.713:2934): avc:  denied  { read } for  pid=17032
comm="smbd" name="Publications" dev=sda1 ino=52453
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:fusefs_t:s0
tclass=dir
type=AVC msg=audit(1209443735.301:2937): avc:  denied  { read } for  pid=17197
comm="smbd" name="/" dev=sda1 ino=5 scontext=system_u:system_r:smbd_t:s0
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
type=AVC msg=audit(1209443737.152:2938): avc:  denied  { read } for  pid=17197
comm="smbd" name="/" dev=sda1 ino=5 scontext=system_u:system_r:smbd_t:s0
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
type=AVC msg=audit(1209443737.194:2939): avc:  denied  { read } for  pid=17197
comm="smbd" name="/" dev=sda1 ino=5 scontext=system_u:system_r:smbd_t:s0
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
type=AVC msg=audit(1209443773.126:2940): avc:  denied  { read } for  pid=17197
comm="smbd" name="/" dev=sda1 ino=5 scontext=system_u:system_r:smbd_t:s0
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
type=AVC msg=audit(1209443774.685:2941): avc:  denied  { read } for  pid=17197
comm="smbd" name="/" dev=sda1 ino=5 scontext=system_u:system_r:smbd_t:s0
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
type=AVC msg=audit(1209443774.748:2942): avc:  denied  { read } for  pid=17197
comm="smbd" name="/" dev=sda1 ino=5 scontext=system_u:system_r:smbd_t:s0
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
type=AVC msg=audit(1209443776.406:2943): avc:  denied  { read } for  pid=17197
comm="smbd" name="/" dev=sda1 ino=5 scontext=system_u:system_r:smbd_t:s0
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
type=AVC msg=audit(1209443787.492:2944): avc:  denied  { read } for  pid=17204
comm="smbd" name="Publications" dev=sda1 ino=52453
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:fusefs_t:s0
tclass=dir
type=AVC msg=audit(1209443787.495:2945): avc:  denied  { read } for  pid=17204
comm="smbd" name="Publications" dev=sda1 ino=52453
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:fusefs_t:s0
tclass=dir
type=AVC msg=audit(1209443787.798:2946): avc:  denied  { read } for  pid=17204
comm="smbd" name=446F63756D656E747320616E642053657474696E6773 dev=sda1 ino=4375
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:fusefs_t:s0
tclass=dir
type=AVC msg=audit(1209443787.801:2947): avc:  denied  { read } for  pid=17204
comm="smbd" name=446F63756D656E747320616E642053657474696E6773 dev=sda1 ino=4375
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:fusefs_t:s0
tclass=dir
type=AVC msg=audit(1209443788.231:2948): avc:  denied  { read } for  pid=17204
comm="smbd" name="/" dev=sda1 ino=5 scontext=system_u:system_r:smbd_t:s0
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
type=AVC msg=audit(1209443788.242:2949): avc:  denied  { read } for  pid=17204
comm="smbd" name="/" dev=sda1 ino=5 scontext=system_u:system_r:smbd_t:s0
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
type=AVC msg=audit(1209443800.392:2950): avc:  denied  { read } for  pid=17197
comm="smbd" name="/" dev=sda1 ino=5 scontext=system_u:system_r:smbd_t:s0
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
type=AVC msg=audit(1209443800.455:2951): avc:  denied  { read } for  pid=17197
comm="smbd" name="/" dev=sda1 ino=5 scontext=system_u:system_r:smbd_t:s0
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
type=AVC msg=audit(1209443802.268:2952): avc:  denied  { read } for  pid=17197
comm="smbd" name="/" dev=sda1 ino=5 scontext=system_u:system_r:smbd_t:s0
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
[root@localhost ~]# 
Comment 6 CL 2008-04-29 00:43:00 EDT
[root@localhost ~]# grep avc /var/log/messages
Apr 27 17:10:19 localhost kernel: audit(1209334218.666:4): avc:  granted  null
for  pid=2579 comm="mdadm" name="null" dev=tmpfs ino=202
scontext=system_u:system_r:mdadm_t:s0
tcontext=system_u:object_r:null_device_t:s0 tclass=chr_file
Apr 28 06:17:11 localhost kernel: audit(1209381429.997:4): avc:  granted  null
for  pid=2542 comm="mdadm" name="null" dev=tmpfs ino=202
scontext=system_u:system_r:mdadm_t:s0
tcontext=system_u:object_r:null_device_t:s0 tclass=chr_file
Apr 28 23:25:22 localhost dbus: avc:  received policyload notice (seqno=2)
Apr 28 23:27:43 localhost dbus: avc:  received policyload notice (seqno=3)
Apr 28 23:28:33 localhost dbus: avc:  received policyload notice (seqno=4)
[root@localhost ~]# 
Comment 7 Daniel Walsh 2008-04-29 08:49:59 EDT
restorecon -R -v /home/chris/

Should fix the html errors.

Make sure the httpd_enable_homedirs boolean is turned on.

getsebool httpd_enable_homedirs

You can turn it on by executing

setsebool -P httpd_enable_homedirs=1

The second avc is can be turned on by executing

	Was caused by:
	One of the following booleans was set incorrectly.
	Description:
	Allow samba to export ntfs/fusefs volumes.

	Allow access by executing:
	# setsebool -P samba_share_fusefs 1
	Description:
	Allow samba to share any file/directory read only.

	Allow access by executing:
	# setsebool -P samba_export_all_ro 1
	Description:
	Allow samba to share any file/directory read/write.

	Allow access by executing:
	# setsebool -P samba_export_all_rw 1


Comment 8 CL 2008-04-29 09:11:45 EDT
What's going on?

[root@localhost ~]# setsebool -P samba_share_fusefs 1
libsemanage.dbase_llist_set: record not found in the database
libsemanage.dbase_llist_set: could not set record value
Could not change boolean samba_share_fusefs
Could not change policy booleans
[root@localhost ~]# 
Comment 9 Daniel Walsh 2008-04-29 09:23:54 EDT
selinux-policy-3.0.8-98.fc8 should have this.

You might need to install from fedora-testing,  Since this does not seem to have
moved to release, although I released it last week.
Comment 10 CL 2008-04-29 18:08:04 EDT
Parsing package install arguments
No package fedora-testing available.
Nothing to do
[root@localhost ~]# yum search fedora-testing
Loading "priorities" plugin
75 packages excluded due to repository priority protections
No Matches found
[root@localhost ~]# 

Where do I find fedora-testing? Thanks.
Comment 11 Daniel Walsh 2008-04-30 08:33:46 EDT
Sorry fedora-testing is a repo, and it is actually called fedora-updates-testing

The command 

yum upgrade selinux-policy --enablerepo=updates-testing

should work

Note You need to log in before you can comment on or make changes to this bug.