Bug 952352
| Summary: | During livecd run: ERROR: policydb magic number 0x000008 does not match expected magic number 0xf97cff8c or 0xf97cff8d | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Fabian Deutsch <fdeutsch> | ||||
| Component: | policycoreutils | Assignee: | Daniel Walsh <dwalsh> | ||||
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 18 | CC: | dominick.grift, dwalsh, mgrepl | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2013-07-11 19:12:13 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 952206 | ||||||
| Attachments: |
|
||||||
|
Description
Fabian Deutsch
2013-04-15 18:44:04 UTC
ML thread for reference: http://lists.ovirt.org/pipermail/infra/2013-April/002577.html Later on during the livecd run we see this additionall errors (which I guess are follow up errors): Listing /usr/share/virt-manager/virtManagerTui/importblacklist ... Configuring SELinux Compiling targeted ovirt module ovirt.te":58:ERROR 'unknown type passwd_file_t' at token ';' on line 1036: allow collectd_t passwd_file_t:file read; #============= collectd_t ============== /usr/bin/checkmodule: error(s) encountered while parsing configuration /usr/bin/checkmodule: loading policy configuration from tmp/ovirt.tmp make: *** [tmp/ovirt.mod] Error 1 semodule: Failed on ovirt.pp! Attempting to install module 'ovirt.pp': Created attachment 736038 [details]
selinux policy
Is there anything else we can provide to solve this problem? Looks like it might be a problem with policycoreutils/sepolicy. rpm -q policycoreutils rpm -q policycoreutils policycoreutils-2.1.13-59.fc18.x86_64 I'm happy to rpovide any informations needed, as this blocks our whole automation. I should also note that we can reliably reproduce this in a jenkins job running on a Fedora 18 host. The module we use can be found here: http://gerrit.ovirt.org/gitweb?p=ovirt-node.git;a=blob;f=recipe/ovirt17-post.ks;hb=HEAD <dwalsh> Why are you generating this rather then just installing a pp file. <dwalsh> Looks like a lot of cruft in it … <fabiand> dwalsh, yep - can be that there is cruft in it ... the whole relevant part of the error iand creation can be foun dhere: http://www.fpaste.org/vuwk/ <fabiand> dwalsh, what do you mean by installing a pp file? <dwalsh> You should compile your pp file during the build and just install it no, no need to compile and install during installation. semanage boolean -m -S targeted -F /dev/stdin << \EOF_semanage
allow_execstack=0
virt_use_nfs=1
virt_use_sanlock=1
sanlock_use_nfs=1
EOF_semanage
leads to:
ERROR: policydb magic number 0x000008 does not match expected magic number 0xf97cff8c or 0xf97cff8d
ERROR: Unable to open policy /sys/fs/selinux/policy.
Traceback (most recent call last):
File "/usr/sbin/semanage", line 25, in <module>
import seobject
File "/usr/lib64/python2.7/site-packages/seobject.py", line 27, in <module>
import sepolicy
File "/usr/lib64/python2.7/site-packages/sepolicy/__init__.py", line 65, in <module>
raise e
ValueError: Failed to read /sys/fs/selinux/policy policy file
warning: %post(ovirt-node-selinux-2.6.999-999.20130418161252gita49caae.fc18.noarch) scriptlet failed, exit status 1
-- snip --
/usr/sbin/setsebool -P allow_execstack=0 \
virt_use_nfs=1 \
virt_use_sanlock=1 \
sanlock_use_nfs=1
works withou errors
I would go with that for now. they are equivalent. Although I have no idea why you are getting that error on policy read. Just a feedback. We migrated our whole policy into a subpackage and that seems to solve many of the problems we saw. I'd say this can be closed, and we'll reopen it as needed. |