Bug 296871

Summary: installation of package fails selinux-policy-strict-2.4.6-88.fc6@noarch:
Product: [Fedora] Fedora Reporter: john bray <kb6ql>
Component: selinux-policy-strictAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact: Ben Levenson <benl>
Severity: low Docs Contact:
Priority: low    
Version: 6   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-09-24 19:22:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description john bray 2007-09-19 19:58:33 UTC
Description of problem:
install fails for selinux-policy-strict-2.4.6-88.fc6@noarch:

Version-Release number of selected component (if applicable):
selinux-policy-strict-2.4.6-88.fc6@noarch:

How reproducible:
i assume 100%

Steps to Reproduce:
1. install the package
2.
3.
  
Actual results:

Output from selinux-policy-strict-2.4.6-88.fc6@noarch:
libsepol.context_from_record: type httpd_nagios_script_exec_t is not defined
libsepol.context_from_record: could not create context structure
libsepol.context_from_string: could not create context structure
libsepol.sepol_context_to_sid: could not convert
system_u:object_r:httpd_nagios_script_exec_t:s0 to sid
/etc/selinux/strict/contexts/files/file_contexts:  line 282 has invalid context
system_u:object_r:httpd_nagios_script_exec_t:s0
libsemanage.semanage_install_active: setfiles returned error code 1.
/etc/selinux/strict/contexts/files/file_contexts: Multiple different
specifications for /usr/bin/apt-get  (system_u:object_r:rpm_exec_t:s0 and
system_u:object_r:apt_exec_t:s0).
/etc/selinux/strict/contexts/files/file_contexts: Multiple different
specifications for /usr/bin/apt-shell  (system_u:object_r:rpm_exec_t:s0 and
system_u:object_r:apt_exec_t:s0).
/etc/selinux/strict/contexts/files/file_contexts: Multiple different
specifications for /usr/sbin/synaptic  (system_u:object_r:rpm_exec_t:s0 and
system_u:object_r:apt_exec_t:s0).
semodule:  Failed!
Expected results:


Additional info:

Comment 1 Daniel Walsh 2007-09-21 19:17:10 UTC
Do you have apt module installed?

semodule -l | grep apt

If so/please remove

semodule -r apt

The nagios bug is fixed in 
selinux-policy-targeted-2.4.6-94.fc6

Comment 2 john bray 2007-09-21 19:42:16 UTC
(In reply to comment #1)
> Do you have apt module installed?
> 
> semodule -l | grep apt

apparently not:

[root@junior ~]# semodule -l | grep apt
[root@junior ~]# uname -a
Linux junior 2.6.22.2-42.fc6 #1 SMP Wed Aug 15 12:34:26 EDT 2007 i686 athlon
i386 GNU/Linux



Comment 3 Daniel Walsh 2007-09-21 20:06:10 UTC
Well I don't see how the apt_exec_t functions got there.

They should be turned off in selinux-policy-strict or any other policy Fedora ships.

Comment 4 john bray 2007-09-21 21:33:55 UTC
dan - what other information can i provide you?  i don't believe that i have
ever made any changes in selinux policy -- only installed your packages.  i'll
get you whatever you need.  or give you access to the box if that's helpful.

here's a bit:
[root@junior ~]# semodule -l
amavis  1.1.0
apcupsd 1.0.0
ccs     1.0.0
clamav  1.1.0
dcc     1.1.0
evolution       1.1.0
fail2ban        1.0.0
iscsid  1.0.0
mozilla 1.1.0
mplayer 1.1.0
nagios  1.1.0
oddjob  1.0.1
pcscd   1.0.0
pyzor   1.1.0
razor   1.1.0
ricci   1.0.0
smartmon        1.1.0
suspend2        1.0
[root@junior ~]# 

and:

[root@junior ~]# date
Fri Sep 21 16:27:51 CDT 2007
[root@junior ~]# izrpm selin
selinux-policy-strict-2.4.6-88.fc6            Wed Sep 19 14:45:58 2007
selinux-policy-targeted-2.4.6-88.fc6          Wed Sep 19 14:45:37 2007
selinux-policy-2.4.6-88.fc6                   Wed Sep 19 14:42:48 2007
libselinux-python-1.33.4-2.fc6                Thu Jan 18 01:51:53 2007
libselinux-devel-1.33.4-2.fc6                 Thu Jan 18 01:51:51 2007
libselinux-1.33.4-2.fc6                       Thu Jan 18 01:47:55 2007
selinux-doc-1.26-1.1                          Wed Jan 17 13:44:25 2007
[root@junior ~]# 

-- john

Comment 5 Daniel Walsh 2007-09-22 11:48:53 UTC
john are you running with strict policy?  Or is this just happening because you
have it installed?

If you are not just remove the paclages
rpm -e selinux-policy-strict

Comment 6 john bray 2007-09-22 16:26:56 UTC
it's just installed.  not in use.

i'll remove it.