[Leaplist] Upgrade from Fedora 9 to 11 (or to CentOS 5.3) ....

William A. Mahaffey III wam at hiwaay.net
Sat Jun 13 13:48:11 EDT 2009 

On 06/13/09 11:07, William A. Mahaffey III wrote:
> On 06/13/09 10:45, Phil Barnett wrote:
>> On 06/12/2009 08:30 AM, William A. Mahaffey III wrote:
>>>
>>>
>>> .... I am interested in upgrading this box (2 GHz Athlon 64X2, 2 GB 
>>> RAM, desktop) from Fedora 9 64-bit (fully patched up as of last 
>>> Sunday) to either Fedora 11 or CentOS 5.3. I found mention of the 
>>> PreUpgrade package which is installed (preupgrade.noarch, 
>>> 1.1.0-1.fc9, installed). I did a bit of googling (Fedora preupgrade 
>>> CentOS) & got conflicting views on upgrading more than 1 version (1 
>>> link definitively said you could go from FC9 to FC11 using 
>>> preupgrade, & linked to RH website for backup) & on going from FC9 
>>> to CentOS 5.3. Does anybody have any 1st hand experience w/ using 
>>> preupgrade to do upgrades of more than 1 version or for changing 
>>> from Fedora to CentOS ? If so, could you comment yea or nay on this 
>>> idea :-) ? Thanks in advance.
>>
>> I think you will blow up your machine if you try to go from Fedora to 
>> CentOS. But it's just a guess.
>>
>> I upgraded several machines from 10 to 11 and only one went badly, so 
>> it got a fresh install. There was nothing on it worth recovering, so 
>> no big deal.
>>
>> That one was an upgrade from 9 to 11, however it doesn't answer your 
>> question because I upgraded to 10 in the middle.
>>
>
>
> Well, I went ahead & did it (FC9 --> FC11 using preupgrade, nobody 
> talked me out of it) & all is (mostly) well, I am still poking around 
> & checking stuff out, but so far, so good. I am having a problem 
> getting rxvt terminals to use the desired font (lucidatypewriter 
> bold-r-sans 17 pt, worked AOK under FC9, font is installed, & is used 
> in various window titles as per .Xdefaults specification, Gnome 
> desktop ....), any clues on that :-) ? TIA ....
>
>


.... *soooooooo* tacky to self reply, but here goes .... The problem w/ 
fonts seems to be a problem w/ gdm reading my .Xdefaults file, that is 
being denied by SELinux (worked AOK under FC9). I get messages in my 
syslog file:

Jun 13 12:29:47 athloncube setroubleshoot: SELinux is preventing the 
gdm-simple-slav from using potentially mislabeled files (.Xdefaults). 
For complete SELinux messages. run sealert -l 
0a3c37e5-2811-4aee-88ea-6eec7d8ce70f
Jun 13 12:29:48 athloncube setroubleshoot: SELinux is preventing the 
gdm-simple-slav from using potentially mislabeled files (.Xdefaults). 
For complete SELinux messages. run sealert -l 
0a3c37e5-2811-4aee-88ea-6eec7d8ce70f
Jun 13 12:29:48 athloncube setroubleshoot: SELinux is preventing the 
gdm-simple-slav from using potentially mislabeled files (.Xdefaults). 
For complete SELinux messages. run sealert -l 
0a3c37e5-2811-4aee-88ea-6eec7d8ce70f
Jun 13 12:29:48 athloncube setroubleshoot: SELinux is preventing the 
gdm-simple-slav from using potentially mislabeled files (.Xdefaults). 
For complete SELinux messages. run sealert -l 
0a3c37e5-2811-4aee-88ea-6eec7d8ce70f
Jun 13 12:29:49 athloncube setroubleshoot: SELinux is preventing the 
gdm-simple-slav from using potentially mislabeled files (.Xdefaults). 
For complete SELinux messages. run sealert -l 
0a3c37e5-2811-4aee-88ea-6eec7d8ce70f
Jun 13 12:29:49 athloncube setroubleshoot: SELinux is preventing the 
gdm-simple-slav from using potentially mislabeled files (.Xdefaults). 
For complete SELinux messages. run sealert -l 
0a3c37e5-2811-4aee-88ea-6eec7d8ce70f
Jun 13 12:29:49 athloncube setroubleshoot: SELinux is preventing the 
gdm-simple-slav from using potentially mislabeled files (.Xdefaults). 
For complete SELinux messages. run sealert -l 
0a3c37e5-2811-4aee-88ea-6eec7d8ce70f


when I run the sealert, I get:

[root at athloncube:~, Sat Jun 13, 12:30 PM] 1002 # sealert -l 
0a3c37e5-2811-4aee-88ea-6eec7d8ce70f

Summary:

SELinux is preventing the gdm-simple-slav from using potentially mislabeled
files (.Xdefaults).

Detailed Description:

SELinux has denied gdm-simple-slav access to potentially mislabeled file(s)
(.Xdefaults). This means that SELinux will not allow gdm-simple-slav to use
these files. It is common for users to edit files in their home 
directory or tmp
directories and then move (mv) them to system directories. The problem 
is that
the files end up with the wrong file context which confined applications 
are not
allowed to access.

Allowing Access:

If you want gdm-simple-slav to access this files, you need to relabel 
them using
restorecon -v '.Xdefaults'. You might want to relabel the entire 
directory using
restorecon -R -v ''.

Additional Information:

Source Context                system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context                unconfined_u:object_r:admin_home_t:s0
Target Objects                .Xdefaults [ file ]
Source                        gdm-simple-slav
Source Path                   /usr/libexec/gdm-simple-slave
Port <Unknown>
Host                          athloncube.cfd.com
Source RPM Packages           gdm-2.26.1-10.fc11
Target RPM Packages
Policy RPM                    selinux-policy-3.6.12-39.fc11
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   home_tmp_bad_labels
Host Name                     athloncube.cfd.com
Platform                      Linux athloncube.cfd.com 
2.6.29.4-167.fc11.x86_64
                               #1 SMP Wed May 27 17:27:08 EDT 2009 
x86_64 x86_64
Alert Count                   77
First Seen                    Sat Jun 13 09:59:04 2009
Last Seen                     Sat Jun 13 12:29:34 2009
Local ID                      0a3c37e5-2811-4aee-88ea-6eec7d8ce70f
Line Numbers

Raw Audit Messages

node=athloncube.cfd.com type=AVC msg=audit(1244914174.693:13): avc:  
denied  { read } for  pid=1940 comm="gdm-simple-slav" name=".Xdefaults" 
dev=dm-0 ino=1844612 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 
tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file

node=athloncube.cfd.com type=SYSCALL msg=audit(1244914174.693:13): 
arch=c000003e syscall=2 success=no exit=-13 a0=7fffcfd7f080 a1=0 a2=fef 
a3=fe items=0 ppid=1853 pid=1940 auid=4294967295 uid=0 gid=0 euid=0 
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 
comm="gdm-simple-slav" exe="/usr/libexec/gdm-simple-slave" 
subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)



[root at athloncube:~, Sat Jun 13, 12:31 PM] 1003 # ll -dZ ~wam/.[A-Z]*
-rw-------. wam users root:object_r:user_home_t:s0     /home/wam/.BFCrc
lrwxrwxrwx. wam users unconfined_u:object_r:user_home_t:s0 
/home/wam/.DCOPserver_athloncube.cfd.com_:0 -> 
/home/wam/.DCOPserver_athloncube.cfd.com__0
-rw-------. wam users unconfined_u:object_r:user_home_t:s0 
/home/wam/.DCOPserver_athloncube.cfd.com__0
-rw-------. wam users unconfined_u:object_r:user_home_t:s0 
/home/wam/.ICEauthority
-rw-------. wam users root:object_r:user_home_t:s0     /home/wam/.Usual
-rw-------. wam users unconfined_u:object_r:user_home_t:s0 
/home/wam/.Xauthority
-rwx------. wam users user_u:object_r:user_home_t:s0   /home/wam/.Xclients*
-rwxr-xr-x. wam users unconfined_u:object_r:user_home_t:s0 
/home/wam/.Xclients-athloncube.cfd.com:0*
-rwxr-xr-x. wam users unconfined_u:object_r:user_home_t:s0 
/home/wam/.Xclients-default*
-rw-------. wam users unconfined_u:object_r:user_home_t:s0 
/home/wam/.Xdefaults
[root at athloncube:~, Sat Jun 13, 12:32 PM] 1004 # ll -d ~wam/.[A-Z]*
18284552  8 -rw-------. 1 wam users    40 Apr 10 16:46 /home/wam/.BFCrc
  6094948  4 lrwxrwxrwx. 1 wam users    43 Jun 26  2008 
/home/wam/.DCOPserver_athloncube.cfd.com_:0 -> 
/home/wam/.DCOPserver_athloncube.cfd.com__0
  6094946  8 -rw-------. 1 wam users    67 Jun 26  2008 
/home/wam/.DCOPserver_athloncube.cfd.com__0
  6094950 16 -rw-------. 1 wam users 12284 Jun 13 12:29 
/home/wam/.ICEauthority
  7012461 12 -rw-------. 1 wam users  4648 May 29 16:10 /home/wam/.Usual
  6095037  8 -rw-------. 1 wam users   251 Aug 31  2008 
/home/wam/.Xauthority
18284990  8 -rwx------. 1 wam users   189 May 27  2007 /home/wam/.Xclients*
18285040  8 -rwxr-xr-x. 1 wam users   174 Jun 13 11:44 
/home/wam/.Xclients-athloncube.cfd.com:0*
18284872  8 -rwxr-xr-x. 1 wam users   221 Jun 13 11:36 
/home/wam/.Xclients-default*
18290353  8 -rw-------. 1 wam users  2993 Jun 13 10:38 /home/wam/.Xdefaults
[root at athloncube:~, Sat Jun 13, 12:33 PM] 1005 #


I tried the restorecon command above & no help (logged out & back in, 
still nogo on fonts & new messages in syslog file). I observe the 
details of the offending file above, i.e. my .Xdefaults has the same 
security context as several other files, which apparently get read OK ....

This is a bit baffling, since it all worked under FC9, & that was the 
rationale for doing a yum-ish upgrade, to preserve all the infernal 
little configuration bits :-/ ....


-- 

	William A. Mahaffey III

  ----------------------------------------------------------------------

	"The M1 Garand is without doubt the finest implement of war
	 ever devised by man."
                            -- Gen. George S. Patton Jr.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Leaplist mailing list