Bug 511067
| Summary: | selinux-policy-targeted-3.6.12-62.fc11.noarch update error message | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | H.J. Lu <hongjiu.lu> |
| Component: | selinux-policy-targeted | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED NOTABUG | QA Contact: | Ben Levenson <benl> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 11 | CC: | drfudgeboy, dwalsh, ipepelnjak+redhat, matt.castelein, maurizio.antillon, xyzk |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-03-24 11:21:29 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
H.J. Lu
2009-07-13 14:42:19 UTC
Do you have any private modules installed? Hello, I've the same messages: Lancement de la transaction Installation : selinux-policy-3.6.12-62.fc11.noarch 1/2 Installation : selinux-policy-targeted-3.6.12-62.fc11.noarch 2/2 libsepol.scope_copy_callback: audioentropy: Duplicate declaration in module: type/attribute entropyd_var_run_t libsemanage.semanage_link_sandbox: Link packages failed semodule: Failed! Installé: selinux-policy.noarch 0:3.6.12-62.fc11 selinux-policy-targeted.noarch 0:3.6.12-62.fc11 Terminé ! My fc11 is upgraded from fc10. Hello, I've the same messages: Lancement de la transaction Installation : selinux-policy-3.6.12-62.fc11.noarch 1/2 Installation : selinux-policy-targeted-3.6.12-62.fc11.noarch 2/2 libsepol.scope_copy_callback: audioentropy: Duplicate declaration in module: type/attribute entropyd_var_run_t libsemanage.semanage_link_sandbox: Link packages failed semodule: Failed! Installé: selinux-policy.noarch 0:3.6.12-62.fc11 selinux-policy-targeted.noarch 0:3.6.12-62.fc11 Terminé ! My fc11 is upgraded from fc10. How Dan Walsh asks above, do you have any private modules installed? Hello, I suppose there's no private modules installed. How can I check this? I'm getting this too, on 3.6.12-72. I have no private modules installed. James By the way, I can reproduce it:
[root@oscar james]# yum reinstall selinux-policy-targeted
Loaded plugins: changelog, dellsysidplugin2, fastestmirror, presto, refresh-
: packagekit
Setting up Reinstall Process
Loading mirror speeds from cached hostfile
* fedora: darkstar.ist.utl.pt
* rpmfusion-free: download1.rpmfusion.org
* rpmfusion-free-updates: download1.rpmfusion.org
* rpmfusion-nonfree: download1.rpmfusion.org
* rpmfusion-nonfree-updates: download1.rpmfusion.org
* updates: fedora.tu-chemnitz.de
Resolving Dependencies
--> Running transaction check
---> Package selinux-policy-targeted.noarch 0:3.6.12-72.fc11 set to be erased
---> Package selinux-policy-targeted.noarch 0:3.6.12-72.fc11 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
selinux-policy-targeted noarch 3.6.12-72.fc11 updates 2.2 M
Removing:
selinux-policy-targeted noarch 3.6.12-72.fc11 installed 2.3 M
Transaction Summary
================================================================================
Install 1 Package(s)
Update 0 Package(s)
Remove 1 Package(s)
Total size: 2.2 M
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Erasing : selinux-policy-targeted-3.6.12-72.fc11.noarch 1/2
Installing : selinux-policy-targeted-3.6.12-72.fc11.noarch 1/2
libsepol.scope_copy_callback: audioentropy: Duplicate declaration in module: type/attribute entropyd_var_run_t
libsemanage.semanage_link_sandbox: Link packages failed
semodule: Failed!
Removed:
selinux-policy-targeted.noarch 0:3.6.12-72.fc11
Installed:
selinux-policy-targeted.noarch 0:3.6.12-72.fc11
Complete!
[root@oscar james]#
What does the output of this command show? ls -1 /etc/selinux/targeted/modules/active/modules/ /usr/share/selinux/targeted/ | sort Any extra modules that are not in the targeted policy package? *** Bug 515286 has been marked as a duplicate of this bug. *** I think there might be some problems here. For instance, the audioentropy error message might be related to the existence of 'audio_entropy.pp' (note the underscore) but 'audioentropy.pp.bz2' (no underscore). On another machine, the .pp file doesn't have the underscore. Moving that file out of there generates an error with iscsid, and moving that out as well generates a bunch more errors. Is there a way of regenerating these files? Are they just bunzipped versions of the .bz2 files? I tried rpm -qf but it seems these files aren't owned by any package. I presume they're dynamically generated? James ---- [root@oscar modules]# ls -1 /etc/selinux/targeted/modules/active/modules/ /usr/share/selinux/targeted/ | sort ada.pp ada.pp.bz2 afs.pp.bz2 aide.pp aide.pp.bz2 amanda.pp amanda.pp.bz2 amavis.pp amavis.pp.bz2 amtu.pp amtu.pp.bz2 apache.pp apache.pp.bz2 apcupsd.pp apcupsd.pp.bz2 arpwatch.pp arpwatch.pp.bz2 audio_entropy.pp audioentropy.pp.bz2 automount.pp automount.pp.bz2 avahi.pp avahi.pp.bz2 awstats.pp awstats.pp.bz2 BackupPC.pp base.pp.bz2 bind.pp bind.pp.bz2 bitlbee.pp bitlbee.pp.bz2 bluetooth.pp bluetooth.pp.bz2 calamaris.pp calamaris.pp.bz2 canna.pp canna.pp.bz2 ccs.pp ccs.pp.bz2 cdrecord.pp cdrecord.pp.bz2 certmaster.pp certmaster.pp.bz2 certwatch.pp certwatch.pp.bz2 cipe.pp cipe.pp.bz2 clamav.pp clamav.pp.bz2 comsat.pp comsat.pp.bz2 consolekit.pp consolekit.pp.bz2 courier.pp courier.pp.bz2 cpufreqselector.pp.bz2 cups.pp cups.pp.bz2 cvs.pp cvs.pp.bz2 cyphesis.pp cyphesis.pp.bz2 cyrus.pp cyrus.pp.bz2 daemontools.pp daemontools.pp.bz2 dbskk.pp dbskk.pp.bz2 dcc.pp dcc.pp.bz2 devicekit.pp.bz2 dhcp.pp dhcp.pp.bz2 dictd.pp dictd.pp.bz2 dnsmasq.pp dnsmasq.pp.bz2 dovecot.pp dovecot.pp.bz2 /etc/selinux/targeted/modules/active/modules/: ethereal.pp ethereal.pp.bz2 exim.pp exim.pp.bz2 fail2ban.pp fail2ban.pp.bz2 fetchmail.pp fetchmail.pp.bz2 finger.pp finger.pp.bz2 fprintd.pp.bz2 ftp.pp ftp.pp.bz2 games.pp games.pp.bz2 gitosis.pp gitosis.pp.bz2 git.pp.bz2 gnomeclock.pp gnomeclock.pp.bz2 gnome.pp gnome.pp.bz2 gpg.pp gpg.pp.bz2 gpm.pp gpm.pp.bz2 gpsd.pp gpsd.pp.bz2 guest.pp guest.pp.bz2 hal.pp hal.pp.bz2 howl.pp howl.pp.bz2 inn.pp inn.pp.bz2 ipsec.pp ipsec.pp.bz2 irc.pp irc.pp.bz2 iscsid.pp iscsi.pp.bz2 jabber.pp.bz2 java.pp java.pp.bz2 kerberos.pp kerberos.pp.bz2 kerneloops.pp kerneloops.pp.bz2 kismet.pp kismet.pp.bz2 ktalk.pp ktalk.pp.bz2 ldap.pp ldap.pp.bz2 lircd.pp lircd.pp.bz2 livecd.pp livecd.pp.bz2 lockdev.pp lockdev.pp.bz2 logadm.pp logadm.pp.bz2 lpd.pp lpd.pp.bz2 mailman.pp mailman.pp.bz2 mailscanner.pp memcached.pp memcached.pp.bz2 milter.pp milter.pp.bz2 mono.pp mono.pp.bz2 mozilla.pp mozilla.pp.bz2 mplayer.pp mplayer.pp.bz2 mrtg.pp mrtg.pp.bz2 munin.pp munin.pp.bz2 mysql.pp mysql.pp.bz2 nagios.pp nagios.pp.bz2 netlabel.pp netlabel.pp.bz2 nis.pp nis.pp.bz2 nslcd.pp.bz2 nsplugin.pp nsplugin.pp.bz2 ntp.pp ntp.pp.bz2 nx.pp nx.pp.bz2 oddjob.pp oddjob.pp.bz2 openct.pp openct.pp.bz2 openoffice.pp openoffice.pp.bz2 openvpn.pp openvpn.pp.bz2 pads.pp pads.pp.bz2 pcscd.pp pcscd.pp.bz2 pegasus.pp pegasus.pp.bz2 pingd.pp pingd.pp.bz2 pki.pp podsleuth.pp podsleuth.pp.bz2 polkit_auth.pp polkit.pp.bz2 portmap.pp portmap.pp.bz2 portreserve.pp portreserve.pp.bz2 postfix.pp postfix.pp.bz2 postgresql.pp postgresql.pp.bz2 postgrey.pp postgrey.pp.bz2 ppp.pp ppp.pp.bz2 prelude.pp prelude.pp.bz2 privoxy.pp privoxy.pp.bz2 procmail.pp procmail.pp.bz2 psad.pp psad.pp.bz2 publicfile.pp publicfile.pp.bz2 pulseaudio.pp.bz2 pyzor.pp pyzor.pp.bz2 qemu.pp qemu.pp.bz2 qmail.pp qmail.pp.bz2 radius.pp radius.pp.bz2 radvd.pp radvd.pp.bz2 razor.pp razor.pp.bz2 rdisc.pp rdisc.pp.bz2 remotelogin.pp remotelogin.pp.bz2 rhgb.pp rhgb.pp.bz2 ricci.pp ricci.pp.bz2 rlogin.pp rlogin.pp.bz2 roundup.pp roundup.pp.bz2 rpcbind.pp rpcbind.pp.bz2 rshd.pp rshd.pp.bz2 rssh.pp.bz2 rsync.pp rsync.pp.bz2 rwho.pp rwho.pp.bz2 sambagui.pp sambagui.pp.bz2 samba.pp samba.pp.bz2 sandbox.pp.bz2 sasl.pp sasl.pp.bz2 screen.pp screen.pp.bz2 slocate.pp slocate.pp.bz2 smartmon.pp smartmon.pp.bz2 snmp.pp snmp.pp.bz2 snort.pp snort.pp.bz2 soundserver.pp soundserver.pp.bz2 spamassassin.pp spamassassin.pp.bz2 squid.pp squid.pp.bz2 sssd.pp.bz2 staff.pp staff.pp.bz2 stunnel.pp stunnel.pp.bz2 sysstat.pp sysstat.pp.bz2 tcpd.pp tcpd.pp.bz2 telnet.pp telnet.pp.bz2 tftp.pp tftp.pp.bz2 tmpreaper.pp tmpreaper.pp.bz2 tor.pp tor.pp.bz2 tvtime.pp tvtime.pp.bz2 ulogd.pp ulogd.pp.bz2 uml.pp uml.pp.bz2 unconfined.pp unconfined.pp.bz2 unconfineduser.pp.bz2 unprivuser.pp unprivuser.pp.bz2 usbmodules.pp usbmodules.pp.bz2 userhelper.pp userhelper.pp.bz2 usernetctl.pp usernetctl.pp.bz2 /usr/share/selinux/targeted/: uucp.pp uucp.pp.bz2 varnishd.pp.bz2 virt.pp virt.pp.bz2 vmware.pp vmware.pp.bz2 vpn.pp vpn.pp.bz2 w3c.pp w3c.pp.bz2 webadm.pp webadm.pp.bz2 webalizer.pp webalizer.pp.bz2 wine.pp wine.pp.bz2 xen.pp xen.pp.bz2 xfs.pp xfs.pp.bz2 xguest.pp xguest.pp.bz2 zabbix.pp zabbix.pp.bz2 zebra.pp zebra.pp.bz2 zosremote.pp zosremote.pp.bz2 [root@oscar modules]# I moved /etc/selinux/targeted to /tmp, then reinstalled selinux-policy-targeted. I relabelled the filesystem; on rebooting, it generated a bunch of errors about undefined contexts before it did the relabelling. After the relabelling, I rebooted again, and there were no error messages. All seems happy now. Have I missed anything? (I hadn't made any customized changes to the selinux config on this machine.) Thanks for the help. semodule -r audio_entropy Looks like the problem to me. On upgrade the following script is supposed to run semodule -n -s targeted -r moilscanner -r mailscanner -r gamin -r audio_entropy -r iscsid -r polkit Which should remove all old policies. Ah, OK. The failure might be related to the fact that I am still getting an error when reinstalling selinux-policy-targeted. I don't know whether the following error is fatal or not, but conceivably it bales out at that point and stops running any other scripts. Running Transaction Erasing : selinux-policy-targeted-3.6.12-72.fc11.noarch 1/2 Installing : selinux-policy-targeted-3.6.12-72.fc11.noarch 1/2 libsemanage.dbase_llist_query: could not query record value (No such file or directory). Removed: selinux-policy-targeted.noarch 0:3.6.12-72.fc11 Installed: selinux-policy-targeted.noarch 0:3.6.12-72.fc11 Complete! (In reply to comment #8) > What does the output of this command show? > > ls -1 /etc/selinux/targeted/modules/active/modules/ > /usr/share/selinux/targeted/ | sort > > Any extra modules that are not in the targeted policy package? ada.pp ada.pp.bz2 afs.pp.bz2 aide.pp aide.pp.bz2 amanda.pp amanda.pp.bz2 amavis.pp amavis.pp.bz2 amtu.pp amtu.pp.bz2 apache.pp apache.pp.bz2 apcupsd.pp apcupsd.pp.bz2 arpwatch.pp arpwatch.pp.bz2 audio_entropy.pp audioentropy.pp.bz2 automount.pp automount.pp.bz2 avahi.pp avahi.pp.bz2 awstats.pp awstats.pp.bz2 BackupPC.pp base.pp.bz2 bind.pp bind.pp.bz2 bitlbee.pp bitlbee.pp.bz2 bluetooth.pp bluetooth.pp.bz2 calamaris.pp calamaris.pp.bz2 canna.pp canna.pp.bz2 ccs.pp ccs.pp.bz2 cdrecord.pp cdrecord.pp.bz2 certmaster.pp certmaster.pp.bz2 certwatch.pp certwatch.pp.bz2 cipe.pp cipe.pp.bz2 clamav.pp clamav.pp.bz2 comsat.pp comsat.pp.bz2 consolekit.pp consolekit.pp.bz2 courier.pp courier.pp.bz2 cpufreqselector.pp.bz2 cups.pp cups.pp.bz2 cvs.pp cvs.pp.bz2 cyphesis.pp cyphesis.pp.bz2 cyrus.pp cyrus.pp.bz2 daemontools.pp daemontools.pp.bz2 dbskk.pp dbskk.pp.bz2 dcc.pp dcc.pp.bz2 devicekit.pp.bz2 dhcp.pp dhcp.pp.bz2 dictd.pp dictd.pp.bz2 dnsmasq.pp dnsmasq.pp.bz2 dovecot.pp dovecot.pp.bz2 /etc/selinux/targeted/modules/active/modules/: ethereal.pp ethereal.pp.bz2 exim.pp exim.pp.bz2 fail2ban.pp fail2ban.pp.bz2 fetchmail.pp fetchmail.pp.bz2 finger.pp finger.pp.bz2 fprintd.pp.bz2 ftp.pp ftp.pp.bz2 games.pp games.pp.bz2 gitosis.pp gitosis.pp.bz2 git.pp.bz2 gnomeclock.pp gnomeclock.pp.bz2 gnome.pp gnome.pp.bz2 gpg.pp gpg.pp.bz2 gpm.pp gpm.pp.bz2 gpsd.pp gpsd.pp.bz2 guest.pp guest.pp.bz2 hal.pp hal.pp.bz2 howl.pp howl.pp.bz2 inn.pp inn.pp.bz2 ipsec.pp ipsec.pp.bz2 irc.pp irc.pp.bz2 iscsid.pp iscsi.pp.bz2 jabber.pp.bz2 java.pp java.pp.bz2 kerberos.pp kerberos.pp.bz2 kerneloops.pp kerneloops.pp.bz2 kismet.pp kismet.pp.bz2 ktalk.pp ktalk.pp.bz2 ldap.pp ldap.pp.bz2 lircd.pp lircd.pp.bz2 livecd.pp livecd.pp.bz2 lockdev.pp lockdev.pp.bz2 logadm.pp logadm.pp.bz2 lpd.pp lpd.pp.bz2 mailman.pp mailman.pp.bz2 mailscanner.pp memcached.pp memcached.pp.bz2 milter.pp milter.pp.bz2 mono.pp mono.pp.bz2 mozilla.pp mozilla.pp.bz2 mplayer.pp mplayer.pp.bz2 mrtg.pp mrtg.pp.bz2 munin.pp munin.pp.bz2 mysql.pp mysql.pp.bz2 nagios.pp nagios.pp.bz2 netlabel.pp netlabel.pp.bz2 nis.pp nis.pp.bz2 nslcd.pp.bz2 nsplugin.pp nsplugin.pp.bz2 ntp.pp ntp.pp.bz2 nx.pp nx.pp.bz2 oddjob.pp oddjob.pp.bz2 openct.pp openct.pp.bz2 openoffice.pp openoffice.pp.bz2 openvpn.pp openvpn.pp.bz2 pads.pp pads.pp.bz2 pcscd.pp pcscd.pp.bz2 pegasus.pp pegasus.pp.bz2 pingd.pp pingd.pp.bz2 pki.pp podsleuth.pp podsleuth.pp.bz2 polkit_auth.pp polkit.pp.bz2 portmap.pp portmap.pp.bz2 portreserve.pp portreserve.pp.bz2 postfix.pp postfix.pp.bz2 postgresql.pp postgresql.pp.bz2 postgrey.pp postgrey.pp.bz2 ppp.pp ppp.pp.bz2 prelude.pp prelude.pp.bz2 privoxy.pp privoxy.pp.bz2 procmail.pp procmail.pp.bz2 psad.pp psad.pp.bz2 publicfile.pp publicfile.pp.bz2 pulseaudio.pp.bz2 pyzor.pp pyzor.pp.bz2 qemu.pp qemu.pp.bz2 qmail.pp qmail.pp.bz2 radius.pp radius.pp.bz2 radvd.pp radvd.pp.bz2 razor.pp razor.pp.bz2 rdisc.pp rdisc.pp.bz2 remotelogin.pp remotelogin.pp.bz2 rhgb.pp rhgb.pp.bz2 ricci.pp ricci.pp.bz2 rlogin.pp rlogin.pp.bz2 roundup.pp roundup.pp.bz2 rpcbind.pp rpcbind.pp.bz2 rshd.pp rshd.pp.bz2 rssh.pp.bz2 rsync.pp rsync.pp.bz2 rwho.pp rwho.pp.bz2 sambagui.pp sambagui.pp.bz2 samba.pp samba.pp.bz2 sandbox.pp.bz2 sasl.pp sasl.pp.bz2 screen.pp screen.pp.bz2 slocate.pp slocate.pp.bz2 smartmon.pp smartmon.pp.bz2 snmp.pp snmp.pp.bz2 snort.pp snort.pp.bz2 soundserver.pp soundserver.pp.bz2 spamassassin.pp spamassassin.pp.bz2 squid.pp squid.pp.bz2 sssd.pp.bz2 staff.pp staff.pp.bz2 stunnel.pp stunnel.pp.bz2 sysstat.pp sysstat.pp.bz2 tcpd.pp tcpd.pp.bz2 telnet.pp telnet.pp.bz2 tftp.pp tftp.pp.bz2 tmpreaper.pp tmpreaper.pp.bz2 tor.pp tor.pp.bz2 tvtime.pp tvtime.pp.bz2 ulogd.pp ulogd.pp.bz2 uml.pp uml.pp.bz2 unconfined.pp unconfined.pp.bz2 unconfineduser.pp.bz2 unprivuser.pp unprivuser.pp.bz2 usbmodules.pp usbmodules.pp.bz2 userhelper.pp userhelper.pp.bz2 usernetctl.pp usernetctl.pp.bz2 /usr/share/selinux/targeted/: uucp.pp uucp.pp.bz2 varnishd.pp.bz2 virt.pp virt.pp.bz2 vmware.pp vmware.pp.bz2 vpn.pp vpn.pp.bz2 w3c.pp w3c.pp.bz2 webadm.pp webadm.pp.bz2 webalizer.pp webalizer.pp.bz2 wine.pp wine.pp.bz2 xen.pp xen.pp.bz2 xfs.pp xfs.pp.bz2 xguest.pp xguest.pp.bz2 zabbix.pp zabbix.pp.bz2 zebra.pp zebra.pp.bz2 zosremote.pp zosremote.pp.bz2 James setenforce 0 mv /etc/selinux/targetd /etc/selinux/targetd.old yum reinstall selinux-policy-targeted restorecon -R -v /etc/selinux setenforce 1 Should fix your problem, not that I know what your problem is. Thanks. That's effectively what I've done, though, except that I moved it to /tmp, and I did the relabelling by touch /.autorelabel and rebooting. I still get the error (see #14) when I reinstall selinux-policy-targeted, though. Any idea what file or directory is being referred to? libsemanage.dbase_llist_query: could not query record value (No such file or directory). James What does semodule -l | grep unconfined Show? semanage user -l semanage login -l [root@oscar james]# semodule -l | grep unconfined
[root@oscar james]# semanage user -l
Labeling MLS/ MLS/
SELinux User Prefix MCS Level MCS Range SELinux Roles
guest_u user s0 s0 guest_r
root user s0 s0-s0:c0.c1023 staff_r sysadm_r system_r unconfined_r
staff_u user s0 s0-s0:c0.c1023 staff_r sysadm_r system_r
sysadm_u user s0 s0-s0:c0.c1023 sysadm_r
system_u user s0 s0-s0:c0.c1023 system_r
user_u user s0 s0 user_r
xguest_u user s0 s0 xguest_r
[root@oscar james]# semanage login -l
Login Name SELinux User MLS/MCS Range
__default__ unconfined_u s0-s0:c0.c1023
root unconfined_u s0-s0:c0.c1023
system_u system_u s0-s0:c0.c1023
[root@oscar james]#
Try setenforce 0 mv /etc/selinux/targetd /etc/selinux/targetd.old yum reinstall selinux-policy\* restorecon -R -v /etc/selinux setenforce 1 Thanks. I've now sorted it out by yum remove selinux-policy-targeted (which also removed setroubleshoot) and then yum install selinux-policy-targeted setroubleshoot I'm a bit bothered by this. I'd expected a reinstall to have the same effect as an uninstall/install. Maybe different scripts are run? Or maybe a reinstall overwrites files and uninstall/install deletes and replaces files? In any case, I'm now back to the default setup, with unconfined and unconfineduser installed. I am not sure why it would be different. But I believe we have reverted the change that was causing you problem in the next F11 selinux-policy update. I'm seeing this on F12: Installing : selinux-policy-targeted-3.6.32-78.fc12.noarch 1/4 libsepol.scope_copy_callback: audioentropy: Duplicate declaration in module: type/attribute entropyd_var_run_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! (In reply to comment #21) > Thanks. I've now sorted it out by > > yum remove selinux-policy-targeted > > (which also removed setroubleshoot) and then > > yum install selinux-policy-targeted setroubleshoot I've removed and re-installed everything selinux related I can find, but it did not help.. Also, /etc/init.d/setroubleshoot is missing.. F12 docs say that's supposed to be there, unless I'm mistaken.. semodule -l | grep entropy You want to remove this module then the upgrade should succeed, Tell me what module you see # semodule -l | grep entropy audio_entropy 1.3.0 Installing : policycoreutils-2.0.78-12.fc12.x86_64 1/9 Installing : mcstrans-0.3.1-3.fc12.x86_64 2/9 Installing : selinux-policy-3.6.32-78.fc12.noarch 3/9 Installing : policycoreutils-python-2.0.78-12.fc12.x86_64 4/9 Installing : policycoreutils-gui-2.0.78-12.fc12.x86_64 5/9 Installing : selinux-policy-targeted-3.6.32-78.fc12.noarch 6/9 libsepol.scope_copy_callback: iscsid: Duplicate declaration in module: type/attribute iscsid_exec_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! Installing : setroubleshoot-server-2.2.60-1.fc12.x86_64 7/9 Installing : setroubleshoot-plugins-2.1.37-1.fc12.noarch 8/9 Installing : setroubleshoot-2.2.60-1.fc12.x86_64 9/9 /etc/init.d/setroubleshoot is still missing... Where did you get that filename from? My system is working fine, and has those packages installed, with no sign of /etc/init.d/setroubleshoot, or anything like it. You can try yum provides "/etc/*setroubleshoot" to find any packages that install anything that'll match that pattern (i.e., any filename ending in "setroubleshoot" that gets put anywhere in the /etc hierarchy). Running that on mine doesn't give anything approximating to the file you're looking for. semodule -r audio_entropy Then update the packages. This is supposed to happen within the transaction. See if this is failing for some reason. (In reply to comment #29) > semodule -r audio_entropy > > Then update the packages. That is exactly what I did. No change. (In reply to comment #28) > Where did you get that filename from? My system is working fine, and has those > packages installed, with no sign of /etc/init.d/setroubleshoot, or anything > like it. In the Fedora 12 SELinux user guide from docs.fedoraproject.org; Page 23, step 1: "After installing the setroubleshoot-server package, use the /sbin/chkconfig --list setroubleshoot command to confirm that setroubleshootd starts when the system is running in runlevel 3, 4, and 5: $ /sbin/chkconfig --list setroubleshoot setroubleshoot 0:off 1:off 2:off 3:on 4:on 5:on 6:off" I get: /sbin/chkconfig --list setroubleshoot error reading information on service setroubleshoot: No such file or directory > You can try > > yum provides "/etc/*setroubleshoot" > > to find any packages that install anything that'll match that pattern (i.e., > any filename ending in "setroubleshoot" that gets put anywhere in the /etc > hierarchy). > > Running that on mine doesn't give anything approximating to the file you're > looking for. I've already done that and no package provides this file. Either the file is missing or the docs are wrong. The docs are wrong, setroubleshoot is not longer an init service, it is started via dbus when and avc arrives. And Matt this is not your bug, please report your problem in a separate bugzilla. The original bug was to do with audioentropy. Matt execute semodule -r iscid (In reply to comment #32) > The docs are wrong, setroubleshoot is not longer an init service, it is started > via dbus when and avc arrives. > > > > And Matt this is not your bug, please report your problem in a separate > bugzilla. > > The original bug was to do with audioentropy. Done. Sorry to have gotten off on a tangent. (In reply to comment #33) > Matt execute > > semodule -r iscid I get: libsemanage.semanage_direct_remove: Module iscid was not found. semodule: Failed! Oh, you meant iscsid.. I now get this: Installing : selinux-policy-targeted-3.6.32-78.fc12.noarch 1/1 libsepol.scope_copy_callback: polkit_auth: Duplicate declaration in module: type/attribute polkit_var_lib_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! Is this now also a separate bug? Matt I think something very strange is going on. Can do the following #setenforce 0 #mv /etc/selinux/targeted /etc/selinux/targeted.old #yum reinstall selinux-policy-targeted #restorecon -R -v /etc/selinux #setenforce 1 Or try semodule -n -s targeted -r moilscanner -r mailscanner -r gamin -r audio_entropy -r iscsid -r polkit_auth -r polkit -r rtkit_daemon -r ModemManager Which is supposed to be done in the package. (In reply to comment #38) > Matt I think something very strange is going on. > > Can do the following > > > #setenforce 0 > #mv /etc/selinux/targeted /etc/selinux/targeted.old > #yum reinstall selinux-policy-targeted > #restorecon -R -v /etc/selinux > #setenforce 1 That nailed it. |