Bug 437662
Summary: | Selinux prevents audit daemon from starting | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Göran Uddeborg <goeran> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED NOTABUG | QA Contact: | Ben Levenson <benl> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 8 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-03-18 13:58:27 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Göran Uddeborg
2008-03-15 22:21:04 UTC
So you are saying the updated did not label file file correctly and even after running restorecon, th file ends up with an unlabeled_t label after reboot? I'm not sure what the label was after the update but before I rebooted. It was my first guess that the error happened. But what I know is that after reboot it was "unlabeled_t", and I had to do the semodule command before restorecon. After the next reboot, it was back to unlabeled_t again, and I had to do it again. I'm not sure if this is related. But I noticed that /selinux/policyvers says 21. But it's /etc/selinux/targeted/policy/policy.22 that gets rebuilt when I do the semanage command, judging from the timestamps. There is a file /etc/selinux/targeted/policy/policy.21 too, belonging to the policy package, but it has a modification time in December. Is this an indication that I have broken my configuration somehow? Or is this natural? I'm not sure what defines what policy version to use. Remove the 21 file. Just to make sure. The 21 file must be getting reloaded on reboot and the 22 file gets loaded on semanage. After removing the policy.21 file, the system became unbootable. The boot stopped with a message Enforcing mode requested but no policy loaded. Halting now. Using a rescue disk, I made an attempt to move the generated policy.22 to policy.21 and reboot, but that simple trick wasn't successful: security: policydb version 22 does not match my version range 15-21 That range is defined by the kernel, right? And I do have the latest F8 kernel. So what can I have done to my system to make semanage create a policy with a too high version number? Some additional package version numbers, in case they matter: kernel-2.6.24.3-34.fc8.x86_64 policycoreutils-2.0.33-3.fc8.x86_64 # rpm -q libsemanage checkpolicy libsepol libsemanage-2.0.12-3.fc8 checkpolicy-2.0.4-1.fc8 libsepol-2.0.15-1.fc8 Aha! I had installed F9α versions of libsepol and libselinux (for satisfying dependencies when debugging another issue). Downgrading back to F8 version made things behave normally again. I apologize for the false alarm. |