Bug 810383
| Summary: | Error with entropyd when upgrading selinux-policy | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Göran Uddeborg <goeran> |
| Component: | selinux-policy-targeted | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED NOTABUG | QA Contact: | Ben Levenson <benl> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 17 | CC: | dwalsh, kaiarne5 |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-11-01 12:08:43 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Göran Uddeborg
2012-04-05 19:49:26 UTC
Strange issue. What does $ ls -1 /etc/selinux/targeted/modules/active/modules/ | grep audio It returns a single match: pulseaudio.pp I'm not sure if this could be the same problem or not, but I got messages from setroubleshoot that entropyd_use_audio is needed if I want to use audio-entropyd. So I tried set it, and got an error message like this: mimmi$ sudo setsebool -P entropyd_use_audio 1 libsepol.context_from_record: type unconfined_execmem_exec_t is not defined (No such file or directory). libsepol.context_from_record: could not create context structure (Invalid argument). libsemanage.validate_handler: invalid context system_u:object_r:unconfined_execmem_exec_t:s0 specified for /usr/lib64/ghc-6.10.4/ghc [all files] (Invalid argument). libsemanage.dbase_llist_iterate: could not iterate over records (Invalid argument). Could not change policy booleans I had ghc defined to have the unconfined_execmem_exec_t type in a local fcontext. I don't remember when I set that, but I tried to run without allow_execmem set before it was replaced with deny_execmem, so it's probably related to that. After removing that particular fcontext I could set the boolean, so that problem is fixed. I don't have an environment where I can easily test if the yum upgrade of selinux would also succeed if I removed that fcontext first. But I thought I could mention it here in case you would think it might have caused the other issue too. Could you try to execute $ /usr/sbin/semodule -n -s targeted -r xfs kudzu kerneloops execmem openoffice ada tzdata hal hotplug howl java mono moilscanner gamin audio_entropy audioentropy iscsid polkit_auth polkit rtkit_daemon ModemManager telepathysofiasip ethereal passanger qpidd I did, and it complained that it didn't find most of them. In most but not all cases with the additional comment "No such file or directory". But the two modules hotplug and howl were indeed removed. Inspired by your suggestion I also did "rpm -qf *" in /etc/selinux/targeted/modules/active/modules. It found six modules which didn't belong to any package. Three are local additions I've made, but three are probably remnants from older packages that for some reason haven't been removed. evolution.pp pki.pp thunderbird.pp I guess I should clean up those too, but I'll wait a little in case you want me to test something before I do. I would remove those packages. try to execute: su -c "setsebool -P samba_export_all_rw 1" su -c "setsebool -P samba_export_all_rw 1" libsepol.scope_copy_callback: entropyd: Duplicate declaration in module: type/attribute entropyd_var_run_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). Could not change policy booleans Kai do this # setenforce 0 # rm -rf /etc/selinux/targeted # yum reinstall selinux-policy-targeted # restorecon -R -v /etc/selinux/targeted # setenforce 1 Then it should work. Thank you. |