Red Hat Bugzilla – Bug 828097
security-policy-targeted rpm postinst script traverses mounted media
Last modified: 2012-06-16 20:05:21 EDT
Description of problem:
After an upgrade to security-policy-targeted via yum today, the postinst script did it's standard restorecon invocation. At the time, I had a 1 TB USB hard-drive mounted. Fedora 17 has moved the mount point to /var/run/media/...., rather than the former /media location. Sadly, /var/run is one of the directories that restorecon tries to relabel. A few hours later, it finally finished.
Version-Release number of selected component (if applicable):
It was upgrading to selinux-policy-targeted-3.10.0-128.fc17.
Should be always reproducible. The particular restorecon invocation, according to ps was
/sbin/restorecon -R /root /var/log /var/run /etc/passwd /etc/passwd- /etc/passwdqc.conf /etc/group /etc/group-
Steps to Reproduce:
1. Mount external (readwritable) device as any user.
2. Upgrade selinux-policy-targeted
Much waiting and disk activity. Unhappiness.
It seems like the intention is that random data directories should be skipped in this process. /media wasn't in the F16 restorecon list for this scriptlet and /home never is. So I would expect /var/run/media to be excluded in the F17 world.
Fixed in selinux-policy-3.10.0-129.fc17
selinux-policy-3.10.0-130.fc17 has been submitted as an update for Fedora 17.
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-130.fc17'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
selinux-policy-3.10.0-130.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.