Bug 1567980 - container.if duplicate definition errors when building policy module
Summary: container.if duplicate definition errors when building policy module
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 31
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-16 14:04 UTC by Pierre Ossman
Modified: 2020-01-21 01:38 UTC (History)
10 users (show)

Fixed In Version: selinux-policy-3.14.4-44.fc31
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-01-21 01:38:38 UTC


Attachments (Terms of Use)

Description Pierre Ossman 2018-04-16 14:04:26 UTC
Trying to build a third party policy module using the selinux devel package results in these errors from the core interfaces:

/usr/share/selinux/devel/include/contrib/container.if:14: Error: duplicate definition of container_runtime_domtrans(). Original definition on 14.
/usr/share/selinux/devel/include/contrib/container.if:40: Error: duplicate definition of container_runtime_run(). Original definition on 40.
/usr/share/selinux/devel/include/contrib/container.if:60: Error: duplicate definition of container_runtime_exec(). Original definition on 60.
/usr/share/selinux/devel/include/contrib/container.if:79: Error: duplicate definition of container_read_state(). Original definition on 79.
/usr/share/selinux/devel/include/contrib/container.if:97: Error: duplicate definition of container_search_lib(). Original definition on 97.
/usr/share/selinux/devel/include/contrib/container.if:116: Error: duplicate definition of container_exec_lib(). Original definition on 116.
/usr/share/selinux/devel/include/contrib/container.if:135: Error: duplicate definition of container_read_lib_files(). Original definition on 135.
/usr/share/selinux/devel/include/contrib/container.if:154: Error: duplicate definition of container_read_share_files(). Original definition on 154.
/usr/share/selinux/devel/include/contrib/container.if:176: Error: duplicate definition of container_exec_share_files(). Original definition on 176.
/usr/share/selinux/devel/include/contrib/container.if:194: Error: duplicate definition of container_manage_lib_files(). Original definition on 194.
/usr/share/selinux/devel/include/contrib/container.if:214: Error: duplicate definition of container_manage_files(). Original definition on 214.
/usr/share/selinux/devel/include/contrib/container.if:233: Error: duplicate definition of container_manage_dirs(). Original definition on 233.
/usr/share/selinux/devel/include/contrib/container.if:251: Error: duplicate definition of container_manage_lib_dirs(). Original definition on 251.
/usr/share/selinux/devel/include/contrib/container.if:287: Error: duplicate definition of container_lib_filetrans(). Original definition on 287.
/usr/share/selinux/devel/include/contrib/container.if:305: Error: duplicate definition of container_read_pid_files(). Original definition on 305.
/usr/share/selinux/devel/include/contrib/container.if:324: Error: duplicate definition of container_systemctl(). Original definition on 324.
/usr/share/selinux/devel/include/contrib/container.if:349: Error: duplicate definition of container_rw_sem(). Original definition on 349.
/usr/share/selinux/devel/include/contrib/container.if:367: Error: duplicate definition of container_use_ptys(). Original definition on 367.
/usr/share/selinux/devel/include/contrib/container.if:385: Error: duplicate definition of container_filetrans_named_content(). Original definition on 385.
/usr/share/selinux/devel/include/contrib/container.if:431: Error: duplicate definition of container_stream_connect(). Original definition on 431.
/usr/share/selinux/devel/include/contrib/container.if:452: Error: duplicate definition of container_spc_stream_connect(). Original definition on 452.
/usr/share/selinux/devel/include/contrib/container.if:473: Error: duplicate definition of container_admin(). Original definition on 473.
/usr/share/selinux/devel/include/contrib/container.if:520: Error: duplicate definition of container_auth_domtrans(). Original definition on 520.
/usr/share/selinux/devel/include/contrib/container.if:539: Error: duplicate definition of container_auth_exec(). Original definition on 539.
/usr/share/selinux/devel/include/contrib/container.if:558: Error: duplicate definition of container_auth_stream_connect(). Original definition on 558.
/usr/share/selinux/devel/include/contrib/container.if:577: Error: duplicate definition of container_runtime_typebounds(). Original definition on 577.
/usr/share/selinux/devel/include/contrib/container.if:596: Error: duplicate definition of container_runtime_entrypoint(). Original definition on 596.
/usr/share/selinux/devel/include/contrib/container.if:603: Error: duplicate definition of docker_exec_lib(). Original definition on 603.
/usr/share/selinux/devel/include/contrib/container.if:607: Error: duplicate definition of docker_read_share_files(). Original definition on 607.
/usr/share/selinux/devel/include/contrib/container.if:611: Error: duplicate definition of docker_exec_share_files(). Original definition on 611.
/usr/share/selinux/devel/include/contrib/container.if:615: Error: duplicate definition of docker_manage_lib_files(). Original definition on 615.
/usr/share/selinux/devel/include/contrib/container.if:620: Error: duplicate definition of docker_manage_lib_dirs(). Original definition on 620.
/usr/share/selinux/devel/include/contrib/container.if:624: Error: duplicate definition of docker_lib_filetrans(). Original definition on 624.
/usr/share/selinux/devel/include/contrib/container.if:628: Error: duplicate definition of docker_read_pid_files(). Original definition on 628.
/usr/share/selinux/devel/include/contrib/container.if:632: Error: duplicate definition of docker_systemctl(). Original definition on 632.
/usr/share/selinux/devel/include/contrib/container.if:636: Error: duplicate definition of docker_use_ptys(). Original definition on 636.
/usr/share/selinux/devel/include/contrib/container.if:640: Error: duplicate definition of docker_stream_connect(). Original definition on 640.
/usr/share/selinux/devel/include/contrib/container.if:644: Error: duplicate definition of docker_spc_stream_connect(). Original definition on 644.
/usr/share/selinux/devel/include/contrib/container.if:658: Error: duplicate definition of container_spc_read_state(). Original definition on 658.
/usr/share/selinux/devel/include/contrib/container.if:677: Error: duplicate definition of container_domain_template(). Original definition on 677.
/usr/share/selinux/devel/include/contrib/container.if:706: Error: duplicate definition of container_spc_rw_pipes(). Original definition on 706.

selinux-policy-devel-3.13.1-283.30.fc27.noarch

Comment 1 Daniel Walsh 2018-04-16 16:46:38 UTC
THis is not a bug.  What is happening here is the selinux-policy is shipping its own container.if so that third parties can use it to compile against.  When you build container-selinux from scratch you also get a version of contianer.if and their compiler is just pointing out this fact. 

The compiler will use the local container.if, rather then the selinux-policy-targeted version.

Comment 2 Dominik 'Rathann' Mierzejewski 2020-01-03 22:52:33 UTC
This only happens if container-selinux and selinux-policy-devel are installed at the same time. They're shipping identical container.if in two different locations. I'd argue this is a bug in container-selinux package. There should be only one container.if.

$ rpm -qf /usr/share/selinux/devel/include/services/container.if
container-selinux-2.123.0-2.fc31.noarch
$ rpm -qf /usr/share/selinux/devel/include/contrib/container.if
selinux-policy-devel-3.14.4-43.fc31.noarch
$ sha512sum /usr/share/selinux/devel/include/services/container.if /usr/share/selinux/devel/include/contrib/container.if
f6987ed181c24b7de0aacf4c3dd9e5b07d906df7ed87157290656e0f4c6a6663ff87b7ccb8a38ccd90c4778950fed4e50204d5458b57534aaba2c5a5b708cd3b  /usr/share/selinux/devel/include/services/container.if
f6987ed181c24b7de0aacf4c3dd9e5b07d906df7ed87157290656e0f4c6a6663ff87b7ccb8a38ccd90c4778950fed4e50204d5458b57534aaba2c5a5b708cd3b  /usr/share/selinux/devel/include/contrib/container.if

Comment 3 Daniel Walsh 2020-01-04 11:09:39 UTC
The container.if that is in selinux-policy is the downstream of container-selinux.

Now whether or not it should be carried, is up to the selinux-policy maintainers.  I do not
know how often it is copied from the upstream.

It is needed so that if policy packages in the selinux-policy package use container interfaces, it will
compile.

Comment 4 Lukas Vrabec 2020-01-10 14:23:57 UTC
We're taking the latest version of container.if file from container-selinux with every build of selinux-policy. It should be fixed with the next build of selinux-policy.

Comment 5 Fedora Update System 2020-01-14 01:43:27 UTC
selinux-policy-3.14.4-44.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-397eea28b7

Comment 6 Fedora Update System 2020-01-21 01:38:38 UTC
selinux-policy-3.14.4-44.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.