Bug 120279 - rpm checks selinux/file_contents when selinux is disabled
rpm checks selinux/file_contents when selinux is disabled
Product: Fedora
Classification: Fedora
Component: rpm (Show other bugs)
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Jeff Johnson
: 120612 121226 (view as bug list)
Depends On:
Blocks: FC2Blocker
  Show dependency treegraph
Reported: 2004-04-07 11:34 EDT by shmuel siegel
Modified: 2007-11-30 17:10 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-05-07 00:12:23 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description shmuel siegel 2004-04-07 11:34:05 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040312

Description of problem:
I am running with SELINUX=disabled in /etc/sysconfig/selinux
ls -Z says that I need a Selinux kernel
getenforce says disabled

so far nothing strange. However when I run up2date and it actually does
something, (i.e., I have something to install) I get about a thousand
invalid context warnings from /etc/security/selinux/file_contexts. 

Typical messages are 
/etc/security/selinux/file_contexts:  invalid context
root:object_r:staff_home_xauth_t on line number 1750
/etc/security/selinux/file_contexts:  invalid context
system_u:object_r:default_context_t on line number 1751

On the fedora-test-list I was told

RPM is checking to see the contents of
/etc/security/selinux/file_context for
each file installed, and the kernel is telling rpm it has no idea what 
it is talking about and rpm is reporting this as an error (Warning
actually).  So RPM should be doing a check to is_selinux_enabled()
before trying to assign context.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Make sure that SELinux is disabled
2.Login as root
3.run up2date when there is something to update

Actual Results:  up2date ran and installed the new packages but gave
about a thousand warning messages

Expected Results:  install packages without warning messages

Additional info:

I am using kernel-2.6.4-1.305 and policy-1.9.2-12
Comment 1 Captain 2004-04-26 14:36:40 EDT
"same here" on FC2test3 (didn't have this scenario on FC2test2)

kernel 2.6.5-1.327
policy policy-1.11.2-13
Comment 2 Phil Schaffner 2004-04-27 10:19:12 EDT
Similar problems with "yum upgrade" - lots of selinux errors.  (OT -
yum insists on "updating" compat-db which does not appear to have been
installed originally and installs several compat packages to satisfy
# yum upgrade
... grabs lots of headers ...
Finding obsoleted packages
Resolving dependencies
..Dependencies resolved
I will do the following:
[update: compat-db 4.1.25-2.1.i386]
I will install/upgrade these to satisfy the dependencies:
[deps: compat-libstdc++-devel 7.3-2.96.126.i386]
[deps: compat-gcc 7.3-2.96.126.i386]
[deps: compat-gcc-c++ 7.3-2.96.126.i386]
[deps: compat-libstdc++ 7.3-2.96.126.i386]
Is this ok [y/N]: y

This is where the selinux errors appear...
Comment 3 Scott Sloan 2004-04-27 23:42:48 EDT
rpm -e policy 

will shut rpm up pretty much. 
Comment 4 Scott Sloan 2004-04-27 23:57:36 EDT
Discussed in #fedora-devel

(22:57:24) jeremy: devscott: simple workaround is to put
%__file_context_path %{nil} in /etc/rpm/macros

Tis works to!
Comment 5 Gerald Teschl 2004-05-02 05:51:29 EDT
Same here. Pretty annoying, in particular since selinux is off
by default!

Does one need the macro in case one turns selinux on?
Comment 6 Gerald Teschl 2004-05-02 05:57:34 EDT
*** Bug 120612 has been marked as a duplicate of this bug. ***
Comment 7 Gerald Teschl 2004-05-02 05:58:20 EDT
*** Bug 121226 has been marked as a duplicate of this bug. ***
Comment 8 Jeremy Katz 2004-05-07 00:12:23 EDT
Should be better with current SysVinit + kernel.

Note You need to log in before you can comment on or make changes to this bug.