Bug 312401

Summary: Error messages when updating strict policy on some systems
Product: [Fedora] Fedora Reporter: Bruno Wolff III <bruno>
Component: selinux-policy-strictAssignee: Daniel Walsh <dwalsh>
Status: CLOSED NOTABUG QA Contact: Ben Levenson <benl>
Severity: low Docs Contact:
Priority: low    
Version: 7   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-10-01 22:24:39 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Bruno Wolff III 2007-09-29 16:23:15 UTC 
Description of problem:
When upgrading from selinux-policy-strict-2.6.4-42 to
selinux-policy-strict-2.6.4-43, I got the messages:

/etc/selinux/strict/contexts/files/file_contexts: Multiple different
specifications for /usr/bin/apt-get  (system_u:object_r:rpm_exec_t:s0 and
system_u:object_r:apt_exec_t:s0).
/etc/selinux/strict/contexts/files/file_contexts: Multiple different
specifications for /usr/bin/apt-shell  (system_u:object_r:rpm_exec_t:s0 and
system_u:object_r:apt_exec_t:s0).
/etc/selinux/strict/contexts/files/file_contexts: Multiple different
specifications for /usr/sbin/synaptic  (system_u:object_r:rpm_exec_t:s0 and
system_u:object_r:apt_exec_t:s0).

Neither targeted nor mls policies had this issue.

Version-Release number of selected component (if applicable):
2.6.4-43

How reproducible:
50% It happened on one of two systems I upgraded.

Steps to Reproduce:
1. Update selinux-policy-strict to 2.6.4-43
  
Actual results:
Update occurred with the error messages above.

Expected results:
No error messages while updating.

Additional info:
Both systems had synaptics-0.14.4-8.fc6 installed.
The systems do have different package sets installed on them, so they aren't
identical.
Comment 1 Daniel Walsh 2007-10-01 20:46:57 UTC 
Do you see an apt policy installed 

semodule -r apt -s strict
Comment 2 Bruno Wolff III 2007-10-01 21:34:22 UTC 
On the machine where I saw the error message, when running "semodule -r apt -s
strict", I just got a prompt back.

Just for the heck of it, I tried "semodule -r apt -s targeted", and got the
following message:
libsemanage.semanage_direct_remove: Module apt was not found.
semodule:  Failed on apt!

I'll probably get a chance to test this on the machine where I didn't get the
message during the update tonight.
Comment 3 Daniel Walsh 2007-10-01 22:24:39 UTC 
That means that somewhere along the line someone installed the apt policy on
your machine, for strict policy.  It is removed now, so updating to strict
policy should work.  BTW, if you do not use strict policy, just remove it from
the system,

rpm -e selinux-policy-strict