Bug 730073

Summary:

invalid SELinux context

Product:

[Retired] Dogtag Certificate System

Reporter:

ultima.ratio.regum69

Component:

Assignee:

Ade Lee <alee>

Status:

CLOSED NOTABUG

QA Contact:

Chandrasekar Kannan <ckannan>

Severity:

medium

Docs Contact:

Priority:

unspecified

Version:

9.0

CC:

benl, cfu

Target Milestone:

---

Target Release:

---

Hardware:

x86_64

OS:

Linux

Whiteboard:

Fixed In Version:

Doc Type:

Bug Fix

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2011-08-11 20:37:44 UTC

Type:

---

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
install log file	none

Description ultima.ratio.regum69 2011-08-11 17:27:34 UTC

Created attachment 517849 [details]
install log file

On a clean F15 x86_64 install
dogtag-pki 9.0.0.5
dogtag-pki-ra-theme 9.0.6.1
selinux-policy 3.9.16-38

Runing :
pkicreate -pki_instance_root=/var/lib        \
          -pki_instance_name=pki-ra          \
          -subsystem_type=ra                 \
          -secure_port=12889                 \
          -non_clientauth_secure_port=12890  \
          -unsecure_port=12888               \
          -user=pkiuser                      \
          -group=pkiuser                     \
          -redirect conf=/etc/pki-ra         \
          -redirect logs=/var/log/pki-ra     \
          -verbose

give me this :
libsepol.context_from_record: type pki_ra_etc_rw_t is not defined (No such file or directory).
libsepol.context_from_record: could not create context structure (Invalid argument).
libsemanage.validate_handler: invalid context system_u:object_r:pki_ra_etc_rw_t:s0 specified for /etc/pki-ra(/.*)? [all files] (Invalid argument).
libsemanage.dbase_llist_iterate: could not iterate over records (Invalid argument).
/usr/sbin/semanage: Could not commit semanage transaction

and this :
Starting pki-ra: runcon: invalid context: unconfined_u:system_r:pki_ra_t:s0: Invalid argument

same trouble with tps, but not with others subsystems (ca, tks, ocsp are fine).

same trouble in permissive mode.

Comment 1 Ade Lee 2011-08-11 19:19:37 UTC

What is the output of rpm -qa |grep pki ?

In particular, I'm looking for the versions of pki-common, pki-setup and pki-selinux.

It really looks like pki-selinux is not correctly installed.  You might want to re-install it and see if it makes a difference.

Comment 2 ultima.ratio.regum69 2011-08-11 20:37:44 UTC

rpm -qa |grep pki
dogtag-pki-ca-theme-9.0.6-1.fc15.noarch
dogtag-pki-console-theme-9.0.6-1.fc15.noarch
pki-ocsp-9.0.3-1.fc15.noarch
dogtag-pki-9.0.0-5.fc15.noarch
dogtag-pki-common-theme-9.0.6-1.fc15.noarch
pki-setup-9.0.10-1.fc15.noarch
pki-kra-9.0.4-1.fc15.noarch
pki-util-9.0.10-1.fc15.noarch
dogtag-pki-tks-theme-9.0.6-1.fc15.noarch
dogtag-pki-tps-theme-9.0.6-1.fc15.noarch
dogtag-pki-ocsp-theme-9.0.6-1.fc15.noarch
pki-selinux-9.0.10-1.fc15.noarch
pki-common-9.0.10-1.fc15.noarch
pki-java-tools-9.0.10-1.fc15.noarch
dogtag-pki-ra-theme-9.0.6-1.fc15.noarch
pki-tks-9.0.3-1.fc15.noarch
pki-silent-9.0.10-1.fc15.noarch
pki-java-tools-javadoc-9.0.10-1.fc15.noarch
pki-native-tools-9.0.10-1.fc15.x86_64
pki-common-javadoc-9.0.10-1.fc15.noarch
pki-ca-9.0.10-1.fc15.noarch
pki-ra-9.0.3-1.fc15.noarch
pki-symkey-9.0.10-1.fc15.x86_64
dogtag-pki-kra-theme-9.0.6-1.fc15.noarch
pki-util-javadoc-9.0.10-1.fc15.noarch
pki-tps-9.0.5-1.fc15.x86_64
pki-console-9.0.3-1.fc15.noarch

i've reinstalled pki-common, pki-setup and pki-selinux, as you said, and now everything seems correct.

strange error, i wonder where it could come from.

anyway, problem solved.

thanks.