Monday, January 5, 2009

Upgrading from Fedora 9 to Fedora 10 using Preupgrade

A few months ago, I upgraded from Fedora 8 to Fedora 9 using Preupgrade. Last night, I decided it was time to upgrade to Fedora 10 (F10), so I went the Preupgrade route again.

I did a yum update and then launched preupgrade. It downloaded all the necessary F10 RPMs and said it was ready for reboot. I rebooted into the installer and was greeted with an error message saying it couldn't find the RPM repository. I surmised that the installer hadn't mounted my /var partition (Preupgrade creates a local RPM repository at /var/cache/yum/preupgrade/). I did some searching and found Bugzilla bug 473782, which describes this exact problem. The fix was to reboot back into Fedora 9 and install Preupgrade 1.0.1-1 from the testing repository with the following command:
yum --enablerepo=updates-testing-newkey update preupgrade


I then launched Preupgrade again, rebooted into the installer, and successfully upgraded from Fedora 9 to Fedora 10. I rebooted into Fedora 10 and did a full yum update. I then noticed that I couldn't SSH into this Fedora 10 machine using SSH keys anymore. I did some more searching and found Bugzilla bug 473014. It seems that the upgrade process changes the SELinux security context on the user .ssh directories. The fix is to run the following command as root:
restorecon -r /home/*/.ssh

Haven't seen any other problems so far.

1 comment:

Anonymous said...

Man, thanks for this post. Saved me a ton of time! That's a new SELinux type that I hadn't seen before, so when I upgraded from F8 to F10, this totally snagged me.

For reference: ~/.ssh should have the following context:

system_u:object_r:ssh_home_t:s0

Then all's well. In prior distributions, it was:

system_u:object_r:unlabeled_t:s0

And the errors in my audit.log looked like this:

type=AVC msg=audit(1237917540.001:138): avc: denied { search } for pid=8172 comm="sshd" name=".ssh" dev=md3 ino=56590337 s
context=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir

Again, thanks!

Search This Blog

Featured Post

Security Onion 2.4.111 now available!

In October, we released version 2.4.110: https://blog.securityonion.net/2024/10/security-onion-24110-hurricane-helene.html Last week, Surica...

Popular Posts

Blog Archive