Bug 2042442
| Summary: | semodule fails | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Michael Lipp <mnl> |
| Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 35 | CC: | chris+rhbugzilla, dwalsh, grepl.miroslav, herbert.hotz, jskarvad, lvrabec, mmalik, mnl, omosnace, pkoncity, vmojzis, zpytela |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-01-26 15:39:59 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Hi, I have similar problems after dnf update: # semodule -X 400 -d my-imap Problems processing filecon rules Failed post db handling Post process failed semodule: Failed! or # semodule -i my-procmail.pp Problems processing filecon rules Failed post db handling Post process failed Cannot add, remove orchange selinux policy since selinux-policy-targeted 35.10-1.fc35 Urgent! Best regards, Herbert Considering Herbert's problem, the "Component" should probably be changed to "selinux" (I have no permission to do this). Hi Michael, Yes, you might be right, but it seems that I'm not entitled to change this. Perhaps important is the following: policycoreutils x86_64 3.3-1.fc35 policycoreutils-devel x86_64 3.3-1.fc35 policycoreutils-python-utils noarch 3.3-1.fc35 python3-policycoreutils noarch 3.3-1.fc35 Please update to selinux-policy-35.11-1.fc35 *** This bug has been marked as a duplicate of bug 2042369 *** sorry, but marking this as a duplicate of bug 2042369 makes no sense, this is in no way related to a non-working custom cockpit module. Please update to selinux-policy-35.11-1.fc35 or newer. There is a common root cause with bug 2042369. *** This bug has been marked as a duplicate of bug 2042369 *** |
Description of problem: After upgrading to fc35, I get SELinux is preventing rrdtool queue from using the dac_override capability When I follow these instructions: # ausearch -c 'rrdtool queue' --raw | audit2allow -M my-rrdtoolqueue # semodule -X 300 -i my-rrdtoolqueue.pp semodule fails with: Problems processing filecon rules Failed post db handling Post process failed semodule: Failed! The content of my-rrdtoolqueue.te is: module my-rrdtoolqueue 1.0; require { type collectd_t; class capability dac_override; } #============= collectd_t ============== allow collectd_t self:capability dac_override; Version-Release number of selected component (if applicable): rrdtool-1.7.2-21.fc35.x86_64 How reproducible: Always Steps to Reproduce: See above Expected results: rrdtools/collectd should be allowed to work