Bug 839032

Summary: f17 SELinux system_u:object_r:firstboot_tmp_t:s0 became invalid during a yum update
Product: [Fedora] Fedora Reporter: Reartes Guillermo <rtguille>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: unspecified    
Version: 17CC: dominick.grift, dwalsh, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-07-11 02:55:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
f17 yum.log
none
dmesg showing the 'message' none

Description Reartes Guillermo 2012-07-10 18:11:18 UTC 
Created attachment 597405 [details]
f17 yum.log

Description of problem:

I noticed the following in /var/log/messages:

[  898.251589] SELinux:  Context system_u:object_r:firstboot_tmp_t:s0 is not valid (left unmapped).

I have never seen such message before.

# grep system_u:object_r:firstboot_tmp_t:s0  /var/log/messages
Jul  7 18:35:31 stark kernel: [ 1870.931874] SELinux:  Context system_u:object_r:firstboot_tmp_t:s0 became invalid (unmapped).
Jul 10 14:01:49 stark kernel: [  898.236511] SELinux:  Context system_u:object_r:firstboot_tmp_t:s0 is not valid (left unmapped).
Jul 10 14:17:24 stark kernel: [  898.251589] SELinux:  Context system_u:object_r:firstboot_tmp_t:s0 is not valid (left unmapped).

So, at "Jul 7 @ 18:35:31" it happened.

There was a yum update at that time.

Jul 07 18:35:28 Updated: selinux-policy-devel-3.10.0-134.fc17.noarch
Jul 07 18:35:33 Updated: selinux-policy-targeted-3.10.0-134.fc17.noarch
Jul 07 18:35:33 Updated: rsyslog-5.8.10-2.fc17.x86_64
Jul 07 18:35:34 Updated: elfutils-0.154-1.fc17.x86_64

So it happened between selinux-policy-devel-3.10.0-134.fc17.noarch and
selinux-policy-targeted-3.10.0-134.fc17.noarch

Version-Release number of selected component (if applicable):

libselinux.i686          2.1.10-3.fc17   @fedora                     
libselinux.x86_64        2.1.10-3.fc17   @koji-override-0/$releasever
libselinux-devel.x86_64  2.1.10-3.fc17   @fedora                     
libselinux-python.x86_64 2.1.10-3.fc17   @koji-override-0/$releasever
libselinux-utils.x86_64  2.1.10-3.fc17   @koji-override-0/$releasever

selinux-policy.noarch          3.10.0-134.fc17 @updates                    
selinux-policy-devel.noarch    3.10.0-134.fc17 @updates                    
selinux-policy-targeted.noarch 3.10.0-134.fc17 @updates    

How reproducible:
allways 

Steps to Reproduce:
1. update
2. boot & reboot
  
Actual results:
message issued in /var/log/messges. 
no other known issues.

Expected results:
no mesages.
Comment 1 Reartes Guillermo 2012-07-10 18:12:23 UTC 
Created attachment 597406 [details]
dmesg showing the 'message'
Comment 2 Daniel Walsh 2012-07-11 02:55:59 UTC 
Yes we just removed firstboot_tmp_t from SELinux which causes the kernel to print this message, it was expected.