Hi, I have a question regarding some messages (/etc/selinux...) that i got when I did a yum -y update . Is something wrong? Everything seems to work ok. (I'm a new Linux user!! be gentle smile ) Server OS is FC4 and Virtualmin Pro.
Regards Leif Blåfors
Dependencies Resolved
=============================================================================
Package Arch Version Repository SizeUpdating: perl i386 3:5.8.6-18 updates-released 11 M
Transaction SummaryInstall 0 Package(s) Update 1 Package(s) Remove 0 Package(s) Total download size: 11 M Downloading Packages: (1/1): perl-5.8.6-18.i386 100% |=========================| 11 MB 00:14 Running Transaction Test /etc/selinux/targeted/contexts/files/file_contexts: line 825 has invalid context system_u:object_r:lvm_exec_t /etc/selinux/targeted/contexts/files/file_contexts: line 1572 has invalid context system_u:object_r:slapd_lock_t /etc/selinux/targeted/contexts/files/file_contexts: line 1579 has invalid context system_u:object_r:slapd_cert_t Finished Transaction Test Transaction Test Succeeded Running Transaction /etc/selinux/targeted/contexts/files/file_contexts: line 825 has invalid context system_u:object_r:lvm_exec_t /etc/selinux/targeted/contexts/files/file_contexts: line 1572 has invalid context system_u:object_r:slapd_lock_t /etc/selinux/targeted/contexts/files/file_contexts: line 1579 has invalid context system_u:object_r:slapd_cert_t Updating : perl ######################### [[1/2]] Cleanup : perl ######################### [[2/2]]
Updated: perl.i386 3:5.8.6-18 Complete! [[root@server ~]]#
Hi Leif,
These messages are from upstream problems not related to Virtualmin or its installer, but they are harmless.
Because even the targeted policy on Fedora Core 4 (the closest policy to date) does not permit enough privileges for virtual hosting, we disable SELinux during installation and on reboots. However, we set it to permissive mode rather than turning it off altogether--so you still get audit logs and the ability to relabel and general SELinux functions. In other words, if you turned it back on, things installed while it was off should still have appropriate SELinux attributes.
My intention is to someday be able to have a SE version of Virtualmin that would be useful for very security conscious environments. It would be pretty cool, but of limited appeal, because it will definitely restrict what domain owners can do. Given that the majority of hosts still enable FP extensions (which reduces security down to a very basic UNIX permissions level, and leaves the Apache user hole wide open), it is clear that extremely tight security and privacy is not the highest priority for most hosting providers and it often doesn't need to be. Anyway, I'm just rambling on about something that I think would be cool. No one is asking for this kind of thing, so it isn't a high priority, and it is unrelated to your question...I just felt like talking about SELinux because it is cool, and one of these days they are going to get the management tools right, so that mere mortals can begin to grasp the implications of SELinux policies.
--
Check out the forum guidelines!