1567980 – container.if duplicate definition errors when building policy module

Bug 1567980 - container.if duplicate definition errors when building policy module

Summary: container.if duplicate definition errors when building policy module

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	31
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Lukas Vrabec
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-04-16 14:04 UTC by Pierre Ossman
Modified:	2022-05-30 01:07 UTC (History)
CC List:	12 users (show)
Fixed In Version:	selinux-policy-3.14.4-44.fc31
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-01-21 01:38:38 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Pierre Ossman 2018-04-16 14:04:26 UTC

Trying to build a third party policy module using the selinux devel package results in these errors from the core interfaces:

/usr/share/selinux/devel/include/contrib/container.if:14: Error: duplicate definition of container_runtime_domtrans(). Original definition on 14.
/usr/share/selinux/devel/include/contrib/container.if:40: Error: duplicate definition of container_runtime_run(). Original definition on 40.
/usr/share/selinux/devel/include/contrib/container.if:60: Error: duplicate definition of container_runtime_exec(). Original definition on 60.
/usr/share/selinux/devel/include/contrib/container.if:79: Error: duplicate definition of container_read_state(). Original definition on 79.
/usr/share/selinux/devel/include/contrib/container.if:97: Error: duplicate definition of container_search_lib(). Original definition on 97.
/usr/share/selinux/devel/include/contrib/container.if:116: Error: duplicate definition of container_exec_lib(). Original definition on 116.
/usr/share/selinux/devel/include/contrib/container.if:135: Error: duplicate definition of container_read_lib_files(). Original definition on 135.
/usr/share/selinux/devel/include/contrib/container.if:154: Error: duplicate definition of container_read_share_files(). Original definition on 154.
/usr/share/selinux/devel/include/contrib/container.if:176: Error: duplicate definition of container_exec_share_files(). Original definition on 176.
/usr/share/selinux/devel/include/contrib/container.if:194: Error: duplicate definition of container_manage_lib_files(). Original definition on 194.
/usr/share/selinux/devel/include/contrib/container.if:214: Error: duplicate definition of container_manage_files(). Original definition on 214.
/usr/share/selinux/devel/include/contrib/container.if:233: Error: duplicate definition of container_manage_dirs(). Original definition on 233.
/usr/share/selinux/devel/include/contrib/container.if:251: Error: duplicate definition of container_manage_lib_dirs(). Original definition on 251.
/usr/share/selinux/devel/include/contrib/container.if:287: Error: duplicate definition of container_lib_filetrans(). Original definition on 287.
/usr/share/selinux/devel/include/contrib/container.if:305: Error: duplicate definition of container_read_pid_files(). Original definition on 305.
/usr/share/selinux/devel/include/contrib/container.if:324: Error: duplicate definition of container_systemctl(). Original definition on 324.
/usr/share/selinux/devel/include/contrib/container.if:349: Error: duplicate definition of container_rw_sem(). Original definition on 349.
/usr/share/selinux/devel/include/contrib/container.if:367: Error: duplicate definition of container_use_ptys(). Original definition on 367.
/usr/share/selinux/devel/include/contrib/container.if:385: Error: duplicate definition of container_filetrans_named_content(). Original definition on 385.
/usr/share/selinux/devel/include/contrib/container.if:431: Error: duplicate definition of container_stream_connect(). Original definition on 431.
/usr/share/selinux/devel/include/contrib/container.if:452: Error: duplicate definition of container_spc_stream_connect(). Original definition on 452.
/usr/share/selinux/devel/include/contrib/container.if:473: Error: duplicate definition of container_admin(). Original definition on 473.
/usr/share/selinux/devel/include/contrib/container.if:520: Error: duplicate definition of container_auth_domtrans(). Original definition on 520.
/usr/share/selinux/devel/include/contrib/container.if:539: Error: duplicate definition of container_auth_exec(). Original definition on 539.
/usr/share/selinux/devel/include/contrib/container.if:558: Error: duplicate definition of container_auth_stream_connect(). Original definition on 558.
/usr/share/selinux/devel/include/contrib/container.if:577: Error: duplicate definition of container_runtime_typebounds(). Original definition on 577.
/usr/share/selinux/devel/include/contrib/container.if:596: Error: duplicate definition of container_runtime_entrypoint(). Original definition on 596.
/usr/share/selinux/devel/include/contrib/container.if:603: Error: duplicate definition of docker_exec_lib(). Original definition on 603.
/usr/share/selinux/devel/include/contrib/container.if:607: Error: duplicate definition of docker_read_share_files(). Original definition on 607.
/usr/share/selinux/devel/include/contrib/container.if:611: Error: duplicate definition of docker_exec_share_files(). Original definition on 611.
/usr/share/selinux/devel/include/contrib/container.if:615: Error: duplicate definition of docker_manage_lib_files(). Original definition on 615.
/usr/share/selinux/devel/include/contrib/container.if:620: Error: duplicate definition of docker_manage_lib_dirs(). Original definition on 620.
/usr/share/selinux/devel/include/contrib/container.if:624: Error: duplicate definition of docker_lib_filetrans(). Original definition on 624.
/usr/share/selinux/devel/include/contrib/container.if:628: Error: duplicate definition of docker_read_pid_files(). Original definition on 628.
/usr/share/selinux/devel/include/contrib/container.if:632: Error: duplicate definition of docker_systemctl(). Original definition on 632.
/usr/share/selinux/devel/include/contrib/container.if:636: Error: duplicate definition of docker_use_ptys(). Original definition on 636.
/usr/share/selinux/devel/include/contrib/container.if:640: Error: duplicate definition of docker_stream_connect(). Original definition on 640.
/usr/share/selinux/devel/include/contrib/container.if:644: Error: duplicate definition of docker_spc_stream_connect(). Original definition on 644.
/usr/share/selinux/devel/include/contrib/container.if:658: Error: duplicate definition of container_spc_read_state(). Original definition on 658.
/usr/share/selinux/devel/include/contrib/container.if:677: Error: duplicate definition of container_domain_template(). Original definition on 677.
/usr/share/selinux/devel/include/contrib/container.if:706: Error: duplicate definition of container_spc_rw_pipes(). Original definition on 706.

selinux-policy-devel-3.13.1-283.30.fc27.noarch

Comment 1 Daniel Walsh 2018-04-16 16:46:38 UTC

THis is not a bug.  What is happening here is the selinux-policy is shipping its own container.if so that third parties can use it to compile against.  When you build container-selinux from scratch you also get a version of contianer.if and their compiler is just pointing out this fact. 

The compiler will use the local container.if, rather then the selinux-policy-targeted version.

Comment 2 Dominik 'Rathann' Mierzejewski 2020-01-03 22:52:33 UTC

This only happens if container-selinux and selinux-policy-devel are installed at the same time. They're shipping identical container.if in two different locations. I'd argue this is a bug in container-selinux package. There should be only one container.if.

$ rpm -qf /usr/share/selinux/devel/include/services/container.if
container-selinux-2.123.0-2.fc31.noarch
$ rpm -qf /usr/share/selinux/devel/include/contrib/container.if
selinux-policy-devel-3.14.4-43.fc31.noarch
$ sha512sum /usr/share/selinux/devel/include/services/container.if /usr/share/selinux/devel/include/contrib/container.if
f6987ed181c24b7de0aacf4c3dd9e5b07d906df7ed87157290656e0f4c6a6663ff87b7ccb8a38ccd90c4778950fed4e50204d5458b57534aaba2c5a5b708cd3b  /usr/share/selinux/devel/include/services/container.if
f6987ed181c24b7de0aacf4c3dd9e5b07d906df7ed87157290656e0f4c6a6663ff87b7ccb8a38ccd90c4778950fed4e50204d5458b57534aaba2c5a5b708cd3b  /usr/share/selinux/devel/include/contrib/container.if

Comment 3 Daniel Walsh 2020-01-04 11:09:39 UTC

The container.if that is in selinux-policy is the downstream of container-selinux.

Now whether or not it should be carried, is up to the selinux-policy maintainers.  I do not
know how often it is copied from the upstream.

It is needed so that if policy packages in the selinux-policy package use container interfaces, it will
compile.

Comment 4 Lukas Vrabec 2020-01-10 14:23:57 UTC

We're taking the latest version of container.if file from container-selinux with every build of selinux-policy. It should be fixed with the next build of selinux-policy.

Comment 5 Fedora Update System 2020-01-14 01:43:27 UTC

selinux-policy-3.14.4-44.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-397eea28b7

Comment 6 Fedora Update System 2020-01-21 01:38:38 UTC

selinux-policy-3.14.4-44.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.

Comment 7 Samuel 2021-04-01 07:42:39 UTC

The problem persists in Fedora 33.

$ rpm -qa selinux-policy
selinux-policy-3.14.6-36.fc33.noarch

$ rpm -qa selinux-policy-devel
selinux-policy-devel-3.14.6-36.fc33.noarch

$ rpm -qa container-selinux
container-selinux-2.158.0-1.fc33.noarch

Note You need to log in before you can comment on or make changes to this bug.