Bug 524630

Summary: SELinus reports bad policy at boot time
Product: [Fedora] Fedora Reporter: Quentin Armitage <quentin>
Component: BackupPCAssignee: Johan Cwiklinski <fedora>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: fedora, nphilipp
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-09-23 16:15:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Quentin Armitage 2009-09-21 14:49:55 UTC 
Description of problem:
The following error message is output at the start of the boot sequence:
SELinux:  permission module_request in class system not found in policy, bad pol
icy
SELinux:  the definition of a class is incorrect

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.6.32-6.fc12.noarch
libselinux-debuginfo-2.0.86-2.fc12.i686
libselinux-devel-2.0.86-2.fc12.i686
libselinux-2.0.86-2.fc12.i686
libselinux-python-2.0.86-2.fc12.i686
selinux-policy-3.6.32-6.fc12.noarch
libselinux-utils-2.0.86-2.fc12.i686

How reproducible:
Always

Steps to Reproduce:
1. Boot the system
2.
3.
  
Actual results:
Messages above output

Expected results:
No error messages

Additional info:
Comment 1 Daniel Walsh 2009-09-22 02:35:29 UTC 
Please complete the full yum -y upgrade to get to the latest policy and latest tools.
Comment 2 Quentin Armitage 2009-09-22 07:17:55 UTC 
I have done a yum upgrade and selinux-policy and selinux-policy-targeted were upgraded to 3.6.32-7.fc12, and I still get the error messages. The libselinux packages appear to be up to date already.

I subsequently upgraded the two packages to 3.6.32-8.fc12 and the error messages still occur.

I noticed that during the yum upgrade, I get the following error message:
  Updating       : selinux-policy-targeted-3.6.32-8.fc12.noarch             2/4 
libsepol.permission_copy_callback: Module BackupPC depends on permission request_module in class system, not satisfied (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
semodule:  Failed!

I'm not clear if this is pertinent, or what I need to do to resolve it.
Comment 3 Nils Philippsen 2009-09-22 11:47:43 UTC 
Same here, this seems related to bug #524113. I'll try removing BackupPC and see if relabeling works.
Comment 4 Daniel Walsh 2009-09-22 12:59:47 UTC 
Yes we need an updated BackupPC package to rebuild the policy.  We accidently build a selinux-policy with a named access request_module instead of module_request.  So for now remove the BackupPC module package.

semodule -r BackupPC
Then perform the selinux-policy-upgrade

All BackupPC has do to is rebuild against the latest selinux-policy package and we should be back in sync.  This is a bug in selinux-policy that caused BackupPC to suck in the wrong access type.  Sorry.
Comment 5 Johan Cwiklinski 2009-09-23 16:15:12 UTC 
BackupPC has just been rebuilt (BackupPC-3_1_0-8_fc12).