Hide Forgot
+++ This bug was initially created as a clone of Bug #1381112 +++ Description of problem: 'yum provides /etc/selinux/targeted/contexts/files/file_contexts.local' erroneously indicates that selinux-policy-targeted-3.13.1-102.el7_3.4.noarch contains the file_contexts.local referred to. The following shows how this was stumbled upon: # audit2allow -a [Errno 2] No such file or directory: '/etc/selinux/targeted/contexts/files/file_contexts.local' Version-Release number of selected component (if applicable): 3.13.1-102.el7_3.4 How reproducible: - Install selinux-policy-targeted-3.13.1-102.el7_3.4.noarch - Run audit2allow -a
David, I am unable to reproduce this error [root@localhost ~]# lsb_release -d; getenforce; rpm -q selinux-policy-targeted; rpm -q policycoreutils-python; audit2allow -a Description: Red Hat Enterprise Linux Server release 7.3 (Maipo) Enforcing selinux-policy-targeted-3.13.1-102.el7_3.4.noarch policycoreutils-python-2.5-8.el7.x86_64 [root@localhost ~]#
David, Are you still seeing this problem with the latest selinux-policy packages?
I just did a clean new install of 7.3 from the DVD ISO media - then a yum -y update. Packaged installed is: selinux-policy-targeted-3.13.1-102.el7_3.7.noarch I see: # audit2allow -a /var/log/audit/audit.log [Errno 2] No such file or directory: '/etc/selinux/targeted/contexts/files/file_contexts.local' A reinstall via 'yum reinstall selinux-policy-targeted' didn't fix the issue. Fixed via: # touch /etc/selinux/targeted/contexts/files/file_contexts.local audit2allow now works as expected - however this should probably be fixed in the package installation.
I can confirm the same issue, affecting only clean installs of RHEL 7.3 (not systems updated from prior releases). The problem, as described, is that the /etc/selinux/targeted/contexts/files/file_contexts.local file does not exist anymore on a new system, and the audit2allow command fails because of that. "touch"ing the file does indeed fix it. This is with : selinux-policy-3.13.1-102.el7_3.7.noarch selinux-policy-targeted-3.13.1-102.el7_3.7.noarch I have dug a bit into the rpm changes, comparing 3.13.1-60.el7 (RHEL 7.2) with selinux-policy-3.13.1-102.el7_3.7 (RHEL 7.3), and the problem is that this file used to be included empty, but is now referenced as %ghost and no longer included. This change broke audit2allow, since apparently it needs the file and doesn't automatically create it if missing. selinux-policy-3.13.1-60.el7 spec : [...] %ghost %{_sysconfdir}/selinux/%1/contexts/files/*.bin \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/files/file_contexts.local \ [...] selinux-policy-3.13.1-102.el7_3.7 spec : [...] %ghost %{_sysconfdir}/selinux/%1/contexts/files/*.local \ %ghost %{_sysconfdir}/selinux/%1/contexts/files/*.local.bin \ [...] The file needs to be set back to %config(noreplace), or audit2allow modified to create the file when it's missing.
*** Bug 1419929 has been marked as a duplicate of this bug. ***
Experiencing the same issue with updated packages: policycoreutils-2.5-11.el7_3.x86_64 policycoreutils-python-2.5-11.el7_3.x86_64 selinux-policy-3.13.1-102.el7_3.13.noarch selinux-policy-targeted-3.13.1-102.el7_3.13.noarch
*** Bug 1391009 has been marked as a duplicate of this bug. ***
I am experiencing the same issue with redhat 7.3 (kernel-3.10.0-514.16.1.el7.x86_64): policycoreutils-python-2.5-11.el7_3.x86_64 policycoreutils-2.5-11.el7_3.x86_64 selinux-policy-targeted-3.13.1-102.el7_3.16.noarch selinux-policy-3.13.1-102.el7_3.16.noarch Is there a work around? [root@host-1 ~]# audit2allow -a [Errno 2] No such file or directory: '/etc/selinux/targeted/contexts/files/file_contexts.local'
I am experiencing the same issue with redhat 7.3 (kernel-3.10.0-514.16.1.el7.x86_64): policycoreutils-python-2.5-11.el7_3.x86_64 policycoreutils-2.5-11.el7_3.x86_64 selinux-policy-targeted-3.13.1-102.el7_3.16.noarch selinux-policy-3.13.1-102.el7_3.16.noarch [root@host-1 ~]# audit2allow -a [Errno 2] No such file or directory: '/etc/selinux/targeted/contexts/files/file_contexts.local' workaround appears to be creating a zero length file [root@host-1 ~]# touch /etc/selinux/targeted/contexts/files/file_contexts.local
Hello, I can confirm that a fresh install of RHEL 7.3 is missing the file. Also the "sepolicy manpage" command fails until a zero lenght file is created.
I can confirm the workaround in comment 21 has resolved the problem on my machines.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:1883