119522 – "invalid context" for default "fixfiles relabel"

Bug 119522 - "invalid context" for default "fixfiles relabel"

Summary: "invalid context" for default "fixfiles relabel"

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	policycoreutils
Sub Component:
Version:	rawhide
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	122683
TreeView+	depends on / blocked

Reported:	2004-03-31 02:24 UTC by John Reiser
Modified:	2007-11-30 22:10 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-02-09 18:55:23 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description John Reiser 2004-03-31 02:24:50 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040312

Description of problem:
Default install of FC2test2 (Software Development Workstation) would
not boot successfully with [default] SELINUX=enforcing in
/etc/sysconfig/selinux.  I changed to SELINUX=disabled, booted
successfully (including 'firstboot' one-time setup), up2date all
packages (except: esound, esound-devel, fedora-logos, gimp, gstreamer,
libdv; which give dependency errors), change back to
SELINUX=enforcing, and try to run "fixfiles relabel" before rebooting.
 This fails with multiple "invalid context" complaints.

Version-Release number of selected component (if applicable):
policycoreutils-1.9-16

How reproducible:
Didn't try

Steps to Reproduce:
1.Default install FC2test2 Software Development Workstation (sets
SELINUX=enforcing).  Pentium4, ASUS mobo, 2001 BIOS, ide disks, ide
DVD and CD-R, PS/2 keyboard, USB mouse [very "vanilla".]
2.Attempt to boot [fails with console spewing SELinux complaints.]
3.Set SELINUX=disabled, boot, up2date, set SELINUX=enforcing, run
"fixfiles relabel".
    

Actual Results:  /usr/sbin/setfiles:  read 1345 specifications
Cleaning out /tmp
/usr/sbin/setfiles:  invalid context system_u:object_r:default_t on
line number 39
/usr/sbin/setfiles:  invalid context system_u:object_r:root_t on line
number 44
/usr/sbin/setfiles:  invalid context system_u:object_r:home_root_t on
line number 53
/usr/sbin/setfiles:  invalid context system_u:object_r:home_root_t on
line number 54
/usr/sbin/setfiles:  invalid context system_u:object_r:user_home_dir_t
on line number 55
/usr/sbin/setfiles:  invalid context system_u:object_r:user_home_dir_t
on line number 56
/usr/sbin/setfiles:  invalid context system_u:object_r:user_home_t on
line number 57
/usr/sbin/setfiles:  invalid context system_u:object_r:user_home_t on
line number 58
/usr/sbin/setfiles:  invalid context system_u:object_r:mnt_t on line
number 62
/usr/sbin/setfiles:  invalid context system_u:object_r:var_t on line
number 67
Exiting after 10 errors.


Expected Results:  1. Successful boot after default install of
Software Development Workstation with SELINUX=enforcing on vanilla box.
2. Successful execution of "fixfiles relabel" in default install.

Additional info:

Comment 1 Daniel Walsh 2004-03-31 03:16:19 UTC

You need to reload the policy before the fixfiles.  

/usr/sbin/load_policy /etc/security/selinux/policy.15

Or 

make -c /etc/security/selinux/src/policy load

RPM does not currently load the policy after install.

You do not need to disable selinux, you should be able to put it in
non-enforcing mode.

Comment 2 Daniel Walsh 2004-04-01 18:40:22 UTC

Policy has been update to automatically load so this problem should go
away.  policy-1.9.2-1

Dan

Comment 3 Daniel Walsh 2005-02-09 18:55:23 UTC

Fixed in current release

Note You need to log in before you can comment on or make changes to this bug.