From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20041104 Firefox/1.0RC1 Description of problem: Installed selinux-policy-strict*-1.18.2-3. Tried to do a 'make relabel' prior to reboot and the following error comes up: /usr/sbin/setfiles: invalid context system_u:object_r:lockdev_exec_t on line number 1384 It refers to line 2 of /file_contexts/program/lockdev.fc # ls -l file_contexts/program/lockdev.fc -rw------- 1 root root 70 Nov 8 10:33 file_contexts/program/lockdev.fc This file was not modified on my system after install. Version-Release number of selected component (if applicable): 1.18.2-3 How reproducible: Always Steps to Reproduce: 1. cd /etc/selinux/strict/src/policy/ 2. make relabel Actual Results: Building file_contexts ... /usr/sbin/setfiles file_contexts/file_contexts `mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs|reiserfs).*rw/{print $3}';` /usr/sbin/setfiles: read 1581 specifications /usr/sbin/setfiles: invalid context system_u:object_r:lockdev_exec_t on line number 1384 make: *** [relabel] Error 1 Expected Results: All file defined file contexts should compile and allow the system to relabel. Additional info:
I am not seeing that. Did you do a make load first? Dan
Nevermind. I think I see what happened. When the rpm loaded the new strict policy and sources, it may or may not have loaded the new policy. The binary policy file located in the sources directory was for a previous version of the policy sources. When it tried to do a relabel, it grabbed the rules from the old policy (which didn't have the lockdev.te defs). Sorry about that. Please close bug with NOTABUG. Alex