Bug 951260
Summary: | interface mozilla_role(xguest_r, xguest_t) fails when loading module containing it. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Rumen B. <rumen> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 18 | CC: | dominick.grift, dwalsh, mgrepl, rumen |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-04-18 02:52:18 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Rumen B.
2013-04-11 20:58:34 UTC
Fedora 19 rc2 is also affected. [root@localhost rumen]# cat myxguest.te policy_module(myxguest,1.0) gen_require(` type xguest_t; role xguest_r; ') mozilla_role(xguest_r, xguest_t) [root@localhost rumen]# make -f /usr/share/selinux/devel/Makefile Compiling targeted myxguest module /usr/bin/checkmodule: loading policy configuration from tmp/myxguest.tmp /usr/bin/checkmodule: policy configuration loaded /usr/bin/checkmodule: writing binary representation (version 17) to tmp/myxguest.mod Creating targeted myxguest.pp policy package rm tmp/myxguest.mod tmp/myxguest.mod.fc [root@localhost rumen]# semodule -i myxguest.pp libsepol.expand_terule_helper: conflicting TE rule for (mozilla_t, tmp_t:dir): old was mozilla_tmp_t, new is user_tmp_t libsepol.expand_module: Error during expand libsemanage.semanage_expand_sandbox: Expand module failed semodule: Failed! [root@localhost rumen]# cat /etc/redhat-release Fedora release 19 (Schrödinger’s Cat) One clue: comenting lines in mozilla.te: 109: #files_tmp_filetrans(mozilla_t, mozilla_tmp_t, { file dir }) 379: #fs_tmpfs_filetrans(mozilla_plugin_t, mozilla_plugin_tmpfs_t, { file lnk_file sock_file fifo_file }) #userdom_tmpfs_filetrans_to(mozilla_plugin_t, mozilla_plugin_tmpfs_t, { file lnk_file sock_file fifo_file }) makes possible for the module myxguest.pp to load. Ruben, yes, we need to comment out files_tmp_filetrans(mozilla_t, mozilla_tmp_t, { file dir }) selinux-policy-3.11.1-90.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/selinux-policy-3.11.1-90.fc18 Package selinux-policy-3.11.1-90.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.11.1-90.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-5742/selinux-policy-3.11.1-90.fc18 then log in and leave karma (feedback). No it is not fixed. Now it is different. [rumen@localhost ~]$ make -f /usr/share/selinux/devel/Makefile Compiling targeted myxgyest module /usr/bin/checkmodule: loading policy configuration from tmp/myxgyest.tmp /usr/bin/checkmodule: policy configuration loaded /usr/bin/checkmodule: writing binary representation (version 15) to tmp/myxgyest.mod Creating targeted myxgyest.pp policy package rm tmp/myxgyest.mod.fc tmp/myxgyest.mod [rumen@localhost ~]$ sudo semodule -i myxgyest.pp [sudo] password for rumen: libsepol.expand_terule_helper: conflicting TE rule for (mozilla_plugin_t, tmpfs_t:fifo_file): old was mozilla_plugin_tmpfs_t, new is user_tmpfs_t libsepol.expand_module: Error during expand libsemanage.semanage_expand_sandbox: Expand module failed semodule: Failed! [rumen@localhost ~]$ The 3 lines I have mentioned above must be commented or fixed in order to be able to load minule containing interface mozilla_role() I am looking at this again. selinux-policy-3.11.1-90.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. |