Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 138596 - Invalid File Context: lockdev.fc
Invalid File Context: lockdev.fc
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict (Show other bugs)
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2004-11-09 23:06 EST by Alex Ackerman
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-11-10 10:44:32 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Alex Ackerman 2004-11-09 23:06:32 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3)
Gecko/20041104 Firefox/1.0RC1

Description of problem:
Installed selinux-policy-strict*-1.18.2-3. Tried to do a 'make
relabel' prior to reboot and the following error comes up:

/usr/sbin/setfiles:  invalid context system_u:object_r:lockdev_exec_t
on line number 1384

It refers to line 2 of /file_contexts/program/lockdev.fc

# ls -l file_contexts/program/lockdev.fc
-rw-------  1 root root 70 Nov  8 10:33 file_contexts/program/lockdev.fc

This file was not modified on my system after install.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. cd /etc/selinux/strict/src/policy/
2. make relabel


Actual Results:  Building file_contexts ...
/usr/sbin/setfiles file_contexts/file_contexts `mount | grep -v
"context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]|
xfs|reiserfs).*rw/{print $3}';`
/usr/sbin/setfiles:  read 1581 specifications
/usr/sbin/setfiles:  invalid context system_u:object_r:lockdev_exec_t
on line number 1384
make: *** [relabel] Error 1

Expected Results:  All file defined file contexts should compile and
allow the system to relabel.

Additional info:
Comment 1 Daniel Walsh 2004-11-10 10:29:00 EST
I am not seeing that.  Did you do a make load first?

Comment 2 Alex Ackerman 2004-11-10 10:44:32 EST
Nevermind.  I think I see what happened.  When the rpm loaded the new 
strict policy and sources, it may or may not have loaded the new 
policy. The binary policy file located in the sources directory was 
for a previous version of the policy sources.  When it tried to do a 
relabel, it grabbed the rules from the old policy (which didn't have 
the lockdev.te defs).  Sorry about that.  Please close bug with 


Note You need to log in before you can comment on or make changes to this bug.