Description of problem: During installation on s390x as well as on installed system, I can see the following error messages in journalctl: Oct 18 05:02:30 localhost.localdomain systemd-sysusers[631]: /etc/selinux/targeted/contexts/files/file_contexts.bin: line 1 error due to: Non-ASCII characters found Oct 18 05:02:30 localhost.localdomain systemd-sysusers[631]: /etc/selinux/targeted/contexts/files/file_contexts.homedirs.bin: line 1 error due to: Non-ASCII characters found Oct 18 05:02:30 localhost.localdomain systemd-sysusers[631]: /etc/selinux/targeted/contexts/files/file_contexts.local.bin: line 1 error due to: Non-ASCII characters found It's easy to reproduce on installed system: [root@rtt7 ~]# restorecon /root/anaconda-ks.cfg /etc/selinux/targeted/contexts/files/file_contexts.bin: line 1 error due to: Non-ASCII characters found /etc/selinux/targeted/contexts/files/file_contexts.homedirs.bin: line 1 error due to: Non-ASCII characters found /etc/selinux/targeted/contexts/files/file_contexts.local.bin: line 1 error due to: Non-ASCII characters found [root@rtt7 ~]# rpm -qf /etc/selinux/targeted/contexts/files/file_contexts.bin selinux-policy-targeted-3.13.1-219.fc25.noarch [root@rtt7 ~]# [root@rtt7 ~]# udevadm --help /etc/selinux/targeted/contexts/files/file_contexts.bin: line 1 error due to: Non-ASCII characters found /etc/selinux/targeted/contexts/files/file_contexts.homedirs.bin: line 1 error due to: Non-ASCII characters found /etc/selinux/targeted/contexts/files/file_contexts.local.bin: line 1 error due to: Non-ASCII characters found udevadm [--help] [--version] [--debug] COMMAND [COMMAND OPTIONS] ... I tried the same on x86_64, but I cannot reproduce it there. Version-Release number of selected component (if applicable): selinux-policy-targeted-3.13.1-219.fc25.noarch policycoreutils-2.5-17.fc25 libselinux-2.5-12.fc25 How reproducible: always on s390x Steps to Reproduce: 1. install f25 on s390x and see journalctl Actual results: errors in journalctl: /etc/selinux/targeted/contexts/files/file_contexts.bin: line 1 error due to: Non-ASCII characters found /etc/selinux/targeted/contexts/files/file_contexts.homedirs.bin: line 1 error due to: Non-ASCII characters found /etc/selinux/targeted/contexts/files/file_contexts.local.bin: line 1 error due to: Non-ASCII characters found Expected results: no error messages
Created attachment 1211659 [details] strace udevadm --help
just saw it when update F-25 ppc64 machine - isn't a big endian related issue? ... /etc/selinux/targeted/contexts/files/file_contexts.local.bin: line 1 error due to: Non-ASCII characters found /etc/selinux/targeted/contexts/files/file_contexts.local.bin: line 1 error due to: Non-ASCII characters found /etc/selinux/targeted/contexts/files/file_contexts.local.bin: line 1 error due to: Non-ASCII characters found /etc/selinux/targeted/contexts/files/file_contexts.local.bin: line 1 error due to: Non-ASCII characters found /etc/selinux/targeted/contexts/files/file_contexts.local.bin: line 1 error due to: Non-ASCII characters found /etc/selinux/targeted/contexts/files/file_contexts.local.bin: line 1 error due to: Non-ASCII characters found /etc/selinux/targeted/contexts/files/file_contexts.local.bin: line 1 error due to: Non-ASCII characters found /var/tmp/rpm-tmp.z7vEzH: line 5: syntax error near unexpected token `else' /var/tmp/rpm-tmp.z7vEzH: line 5: ` else' warning: unknown(texlive-5:2016-7.20160520.fc25.ppc64) scriptlet failed, exit status 2 Traceback (most recent call last): File "/usr/lib/python3.5/site-packages/dnf/yum/rpmtrans.py", line 427, in callback self._scriptError(bytes, total, h) File "/usr/lib/python3.5/site-packages/dnf/yum/rpmtrans.py", line 557, in _scriptError pkg, _, _ = self._extract_cbkey(h) File "/usr/lib/python3.5/site-packages/dnf/yum/rpmtrans.py", line 229, in _extract_cbkey return self._extract_str_cbkey(cbkey) File "/usr/lib/python3.5/site-packages/dnf/yum/rpmtrans.py", line 237, in _extract_str_cbkey assert(isinstance(name, basestring)) AssertionError FATAL ERROR: python callback ??? failed, aborting!
from dnf history Upgraded libselinux-2.5-11.fc25.ppc64 @fedora Upgrade 2.5-12.fc25.ppc64 (unknown) Upgraded libselinux-devel-2.5-11.fc25.ppc64 @fedora Upgrade 2.5-12.fc25.ppc64 (unknown) Upgraded libselinux-python-2.5-11.fc25.ppc64 @fedora Upgrade 2.5-12.fc25.ppc64 (unknown) Upgraded libselinux-python3-2.5-11.fc25.ppc64 @fedora Upgrade 2.5-12.fc25.ppc64 (unknown) Upgraded libselinux-utils-2.5-11.fc25.ppc64 @fedora Upgrade 2.5-12.fc25.ppc64 (unknown) Upgraded libsemanage-2.5-7.fc25.ppc64 @fedora Upgrade 2.5-8.fc25.ppc64 (unknown) Upgrade libsepol-2.5-10.fc25.ppc64 (unknown) Upgraded libsepol-2.5-9.fc25.ppc64 @fedora Upgrade libsepol-devel-2.5-10.fc25.ppc64 (unknown) Upgraded libsepol-devel-2.5-9.fc25.ppc64 @fedora Upgraded selinux-policy-3.13.1-214.fc25.noarch @fedora Upgrade 3.13.1-219.fc25.noarch (unknown) Upgraded selinux-policy-targeted-3.13.1-214.fc25.noarch @fedora Upgrade 3.13.1-219.fc25.noarch (unknown)
Also I suspect this bug to cause a failed load of selinux policy during boot (probably after a kernel update when a new initrd got created) and causing an unbootable system (workaround with selinux=0).
selinux-policy-targeted contains following binary files created in little endian environment: /targeted/contexts/files/file_contexts.bin /targeted/contexts/files/file_contexts.homedirs.bin /targeted/contexts/files/file_contexts.local.bin These files should be recompiled during installation (which sometimes fails). The following commands should fix the issue: # sefcontext_compile -o /targeted/contexts/files/file_contexts.bin /targeted/contexts/files/file_contexts # sefcontext_compile -o /targeted/contexts/files/file_contexts.homedirs.bin /targeted/contexts/files/file_contexts.homedirs # sefcontext_compile -o /targeted/contexts/files/file_contexts.local.bin /targeted/contexts/files/file_contexts.local
So is it a transient issue that was caused by a policy update and not a general issue?
Yes, we are still determining the exact cause of the installation procedure failure, but the issue should not occur without policy update (local policy changes should not trigger it). Furthermore, the issue was observed only on a few s390x machines with the majority unaffected.
For the record we had it also on a F-25 ppc64 machine.
I ran into this issue today twice while trying to install a Fedora 25 ppc64 instance in QEMU on an x86_64 Fedora 25 host, both during installation and after boot of the newly installed systems. Running the first two commands in Comment #5 fixed the problem for me after boot. (The first install failed with a "Pane is dead" error after creating the swap in Anaconda; switching from LVM to standard partitioning fixed this problem for me on the second try. I am not sure if this issue is related.) I was able to reproduce it using the following virt-install command: virt-install --name=fedora-25-ppc64 --arch=ppc64 --machine=pseries --cpu=POWER8 --vcpus=1 --os-type=linux --os-variant=fedora22 --ram=3072 --nographics --serial=pty --disk size=8,bus=scsi --controller scsi,model=virtio-scsi --location=https://dl.fedoraproject.org/pub/fedora-secondary/releases/25/Everything/ppc64/os/
Created attachment 1270485 [details] /var/log/anaconda/program.log for f26 ppc64 (BE) Same error message while install ppc64 f26 as reported by attached log.
Same problem when I try the following: sudo semanage fcontext -a -t samba_share_t /home/ruben/Imágenes Error message: /var/lib/selinux/final/targeted/contexts/files/file_contexts.local: line 5 error due to: Non-ASCII characters found /var/lib/selinux/final/targeted/contexts/files/file_contexts.local: line 5 error due to: Non-ASCII characters found /var/lib/selinux/final/targeted/contexts/files/file_contexts: Invalid argument libsemanage.semanage_validate_and_compile_fcontexts: setfiles returned error code 1. OSError: [Errno 0] Error
seen in F27 per: Date: Thu, 5 Oct 2017 09:09:22 To: devel.org Subject: f-dev] Re: Odd message when escalating priveledge with sudo - F27 - LXQt - QTerminal ( Apologies if wrong list )
Jan Zarsky did an investigation related to the performance of SELinux userspace with and without .bin files [1]. It looks like we don't need to ship .bin files at all. Regular users should not be affected by this change as these files are created on every policy rebuild. [1] https://janzarskyblog.wordpress.com/2017/09/06/why-we-dont-need-to-ship-file_contexts-bin-with-selinux-policy/
*** Bug 1499883 has been marked as a duplicate of this bug. ***
*** This bug has been marked as a duplicate of bug 1502009 ***