Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 155069 - selinux-policy-targeted too verbose when updating
Summary: selinux-policy-targeted too verbose when updating
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 3
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2005-04-15 22:42 UTC by Florin Andrei
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2005-05-12 18:04:58 UTC

Attachments (Terms of Use)

Description Florin Andrei 2005-04-15 22:42:53 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050323 Firefox/1.0.2 Fedora/1.0.2-1.3.1

Description of problem:
I created this bug report for FC3 and the latest selinux package, but it's a larger issue.
Basically, when doing "yum update", if the selinux packages are updated, a message will be printed on the screen for some files that need to be run through /sbin/restorecon
This is fine in most cases, except when updating a mail server running Postfix with large queues. In that case, a VERY large number of messages will be printed, making the process extremely slow (especially when running yum through SSH over the Internet).

It would be nice if selinux would be more "clever" about which messages need to be printed out.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.see above

Additional info:

Comment 1 Florin Andrei 2005-04-15 22:52:17 UTC
Discussion thread on fedora-devel-list:

Comment 2 Daniel Walsh 2005-04-21 13:06:22 UTC
I don't know of a good way to fix this.  

Basically policy is doing a fancy diff between 
file_context.prior and and then doing a 
restorecon -R -v on it.

Usually this is only going to change a few contexts and could take a very long
time, since some times the diff comes up with /usr or some other high level
directory.   I think the best case if you are worried about this would be

yum -y update > /tmp/yum.log

Comment 3 Karl Berry 2005-06-19 15:28:19 UTC
I just ran into the same problem (on WS4) with the recent 
selinux-policy-targeted-1.17.30-2.88.noarch.rpm update.  In my case with
partitions not covered by whatever selinux is looking at.  A message got printed
for every one of the 100,000 or so non-system files on my computer, like this:
/sbin/restorecon reset context /backup/archive/...
/sbin/restorecon reset context /u/...

Since this never happened before, I of course had no idea I should be "worried"
about it, although I certainly will be in the future.  If I had been logged on
to a server over dialup (yes, I have to do this), it would have been a serious

How about making the diff smart enough to do the redirection and only showing
the first and last few lines, instead of surprising us poor ignorant admins?  If
it can't be made smart enough to simply ignore the top-level directories that it
doesn't know about, which seems like it would be the ideal.

Thanks for your consideration.

Note You need to log in before you can comment on or make changes to this bug.