Bug 702865
| Summary: | Major selinux problem after upgrade fc13 to fc14 | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Eddie Lania <eddie> | ||||||
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Ben Levenson <benl> | ||||||
| Severity: | urgent | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 14 | CC: | covex, cpanceac, dwalsh, dwmw2, elad, iglesias, mgrepl | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | selinux-policy-3.9.7-42.fc14 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2011-07-12 05:17:04 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
*** Bug 702793 has been marked as a duplicate of this bug. *** *** Bug 702795 has been marked as a duplicate of this bug. *** *** Bug 702796 has been marked as a duplicate of this bug. *** *** Bug 702797 has been marked as a duplicate of this bug. *** *** Bug 702798 has been marked as a duplicate of this bug. *** *** Bug 702799 has been marked as a duplicate of this bug. *** *** Bug 702800 has been marked as a duplicate of this bug. *** *** Bug 702801 has been marked as a duplicate of this bug. *** *** Bug 702802 has been marked as a duplicate of this bug. *** Also, when I login via ssh i get this message: "Unable to get valid context for root" And when I try to (re)install selinux-policy-targeted, i get: Installing : selinux-policy-targeted-3.9.7-40.fc14.noarch 1/1 libsepol.permission_copy_callback: Module mediawiki depends on permission read_policy in class security, not satisfied (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! Installed: selinux-policy-targeted.noarch 0:3.9.7-40.fc14 Complete! I really hope somebody (Daniel?) is able to help me with this issue soon. Regards, Eddie. Hereby I add another attachment, it's the daily logwatch report from the system affected by this problem. I think that there is more useful information in it. Regards, Eddie. Created attachment 497644 [details]
Logwatch of the problematic system
I seem to have solved it myself by: 1. setenforce 0 2. removing selinux-policy and selinux-policy-targeted 3. reinstalling selinux-policy and selinux-policy-targeted 4. re-enabling selinux 5. touch /.autorelabel 6. reboot in comment 13, i forgot that between step 2 and 3 i removed /etc/selinux/targeted. Eddie, could you try to do these steps # setenforce 0 # rm -rf /etc/selinux/targeted # yum reinstall selinux-policy-targeted # fixfiles restore # reboot Thank you Miroslav but isn't that basically the same as the steps I described in comment 13 and 14? It seems that everything is running fine now I have done that. Do I still need to do your steps as well? You are right. I missed the comment #14. The problem is I added some fixes (relating to read_policy) to RHEL6 (and it means these changes are also in F13). And these changes are not in Fedora 14. Moving to selinux-policy (was 0xFFFF) -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers *** Bug 706750 has been marked as a duplicate of this bug. *** *** Bug 707090 has been marked as a duplicate of this bug. *** Fixed in selinux-policy-3.9.7-42.fc14 selinux-policy-3.9.7-42.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-42.fc14 Package selinux-policy-3.9.7-42.fc14: * should fix your issue, * was pushed to the Fedora 14 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.9.7-42.fc14' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-42.fc14 then log in and leave karma (feedback). Updated: selinux-policy.noarch 0:3.9.7-42.fc14 Dependency Updated: selinux-policy-targeted.noarch 0:3.9.7-42.fc14 Looks fine to me. However, the one system i had this issue on already was being fixed by the steps in comment #13 and #14. Regards, Eddie. I had the same problem - this is still not in updates. I "fixed" it by deleting of /etc/selinux/targeted but it was not a good advice as I lost my modifications to the policy... Well, my fault. I would say # mv /etc/selinux/targeted /etc/selinux/targeted.backup instead of # rm -rf /etc/selinux/targeted Did you have a lot of rules in your local modules? Acctualy it is not that bad. I have a backups. Just want to make a note for others to save some headache. selinux-policy-3.9.7-42.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. |
Created attachment 497578 [details] output of "grep setroubleshoot /var/log/messages" Description of problem: I don't know what went wrong. I updated my fedora 13 system to fedora 14. Now I am having major problems with SELinux. (The upgrade went ok, there were no problems.) I attached the output of "grep setroubleshoot /var/log/messages" as a text file to this bug. I have reinstalled selinux-policy and selinux-policy-targeted and done a "autorelabel" but it doesn't help. I compared several files with a second fc14 system which has been upgraded from fc13 and don't see differences. I must be missing something but what? Please help me! Version-Release number of selected component (if applicable): selinux-policy-3.9.7-40.fc14.noarch selinux-policy-targeted-3.9.7-40.fc14.noarch How reproducible: All the time. Steps to Reproduce: 1. 2. 3. Actual results: A lot of SELinux errors, see attachment. Expected results: No selinux errors. Additional info: