Bug 244815
Summary: | yum update gives selinux errors | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Need Real Name <lsof> | ||||
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> | ||||
Status: | CLOSED NOTABUG | QA Contact: | Ben Levenson <benl> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 7 | CC: | dwalsh, redhat, terjeros | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2007-09-04 20:14:06 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Need Real Name
2007-06-19 11:08:07 UTC
I don't see this with qiv. Could you look at /etc/selinux/targeted/context/files/file_contexts.local, is there any entries in there? I get the same error when I run yum -y upgrade: Running Transaction Test /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /usr/local/lost\+found/.*. /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /usr/local/\.journal. /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /usr/local/lost\+found. To answer your question (amending the filename): # grep ^/lost /etc/selinux/targeted/contexts/files/file_contexts /lost\+found/.* <<none>> /lost\+found -d system_u:object_r:lost_found_t:s0 This is an upgraded box from FC6. I want the contents of /etc/selinux/targeted/context/files/file_contexts.local Created attachment 157385 [details]
As requested.
/etc/selinux/targeted/context/files/file_contexts.local does not exist.
/etc/selinux/targeted/contexts/files/file_contexts is attached.
On two boxes: [snip] Finished Transaction Test Transaction Test Succeeded Running Transaction /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /usr/local/lost\+found/.*. /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /usr/local/\.journal. /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /usr/local/lost\+found. Updating : vte ####################### [ 1/10] [snip] *** Bug 246091 has been marked as a duplicate of this bug. *** Well something is strange here. Could you do the following? #grep /usr/local.*journal /etc/selinux/targeted/contexts/files/* /etc/selinux/targeted/contexts/files/file_contexts:/usr/local/\.journal <<none>> $ grep /usr/local.*journal /etc/selinux/targeted/contexts/files/* /etc/selinux/targeted/contexts/files/file_contexts:/usr/local/\.journal <<none>> /etc/selinux/targeted/contexts/files/file_contexts.homedirs:/usr/local/\.journal <<none>> /etc/selinux/targeted/contexts/files/file_contexts.pre:/usr/local/\.journal <<none>> Do you have a user account homedir under /usr/local? How did that entry get in that file? If you run genhomedircon does it remove the entry? Which person are you asking (me, the bug reporter, or?) (In reply to comment #10) > Do you have a user account homedir under /usr/local? # grep usr.local /etc/passwd says no. > How did that entry get in that file? None of the selinux files have ever been touched. > If you run genhomedircon does it remove the entry? I get the same result. Could you execute #rm -f /etc/selinux/targeted/contexts/files/file_contexts.homedirs #rm -f /etc/selinux/targeted/contexts/files/file_contexts.pre # genhomedircon Then check if it fixes the problem? (In reply to comment #12) > Then check if it fixes the problem? The problem goes away, but the problem still exists - I got a bad context from somewhere... (In reply to comment #12) > Could you execute > > #rm -f /etc/selinux/targeted/contexts/files/file_contexts.homedirs > #rm -f /etc/selinux/targeted/contexts/files/file_contexts.pre > # genhomedircon > > Then check if it fixes the problem? Did not help: $ rm -f /etc/selinux/targeted/contexts/files/file_contexts.homedirs /etc/selinux/targeted/contexts/files/file_contexts.pre $ genhomedircon $ yum install xemacs [snip] Running Transaction Test /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /usr/local/lost\+found/.*. /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /usr/local/\.journal. /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /usr/local/lost\+found. Finished Transaction Test Transaction Test Succeeded Running Transaction /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /usr/local/lost\+found/.*. /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /usr/local/\.journal. /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /usr/local/lost\+found. Installing: compface ######################### [1/6] [snip] Does the following # grep /usr/local.*journal /etc/selinux/targeted/contexts/files/* Show the double entry again? > Show the double entry again?
I did it once more, now pre is fine?
$ grep /usr/local.*journal /etc/selinux/targeted/contexts/files/*
/etc/selinux/targeted/contexts/files/file_contexts:/usr/local/\.journal <<none>>
/etc/selinux/targeted/contexts/files/file_contexts.homedirs:/usr/local/\.journal
<<none>>
/etc/selinux/targeted/contexts/files/file_contexts.pre:/usr/local/\.journal
<<none>>
$ rm -f /etc/selinux/targeted/contexts/files/file_contexts.homedirs
/etc/selinux/targeted/contexts/files/file_contexts.pre
$ genhomedircon
$ grep /usr/local.*journal /etc/selinux/targeted/contexts/files/*
/etc/selinux/targeted/contexts/files/file_contexts:/usr/local/\.journal <<none>>
/etc/selinux/targeted/contexts/files/file_contexts.homedirs:/usr/local/\.journal
<<none>>
This still makes no sense. Since genhomedircon is only supposed to change the sed the context in /etc/selinux/targeted/contexts/files/homedir_template in to file_contexts.homedirs. rpm -q policycoreutils rpm -qV policycoreutils $ rpm -q policycoreutils policycoreutils-2.0.16-6.fc7 $ rpm -qV policycoreutils $ rpm -q selinux-policy-targeted selinux-policy-targeted-2.6.4-23.fc7 $ rpm -qV selinux-policy-targeted-2.6.4-23.fc7 $ cat /etc/selinux/targeted/contexts/files/homedir_template HOME_DIR/.+ system_u:object_r:ROLE_home_t:s0 HOME_DIR/.*/plugins/nprhapengine\.so.* -- system_u:object_r:textrel_shlib_t:s0 HOME_DIR/.*/plugins/libflashplayer\.so.* -- system_u:object_r:textrel_shlib_t:s0 HOME_DIR/((www)|(web)|(public_html))(/.+)? system_u:object_r:httpd_ROLE_content_t:s0 HOME_DIR/\.mozilla(/.*)?/plugins/libflashplayer\.so.* -- system_u:object_r:textrel_shlib_t:s0 /tmp/\.exchange-USER(/.*)? system_u:object_r:ROLE_evolution_exchange_tmp_t:s0 HOME_ROOT/lost\+found/.* <<none>> HOME_DIR/\.config/gtk-.* system_u:object_r:ROLE_gnome_home_t:s0 HOME_DIR -d system_u:object_r:ROLE_home_dir_t:s0 HOME_ROOT -d system_u:object_r:home_root_t:s0 /tmp/gconfd-USER -d system_u:object_r:ROLE_tmp_t:s0 HOME_ROOT/\.journal <<none>> HOME_ROOT/lost\+found -d system_u:object_r:lost_found_t:s0 Ok the problem here, i believe, is that you have users in the /usr/local directory. Can you make a subdirectory and move your users to it. /usr/local/home/XYZ This will fix the labeling. But I have no users in /usr/local. How does that explain my problem?
> Ok the problem here, i believe, is that you have users in the /usr/local
> directory. Can you make a subdirectory and move your users to it.
>
> /usr/local/home/XYZ
>
> This will fix the labeling.
The box has no normal "users", all non system users is coming from yp.
I believe no users has $home under /usr/local, however I know some
users has $shell in /usr/local eg /usr/local/bin/tsch and /usr/local/bin/bash .
Can that be the trigger?
Has the orignal reporter (Need Real Name) users with shells in /usr/local ?
As comments 11, 20 and now comment 22 say: no. # ypcat passwd | grep /usr/local > /tmp/found # grep /usr/local /etc/passwd > /tmp/found Any regular user or system user IE any account with a Home Directory beginning with /usr/local? Shell's do not matter. If you do not find something that matches, then the problem must be in genhomedircon. > Any regular user or system user IE any account with a Home Directory beginning
> with /usr/local?
I can check, however it has to wait, no access to system at the moment.
.
For future reference, it looks like slimserver can cause this problem: http://bugs.slimdevices.com/show_bug.cgi?id=5389 |