Bug 165378 - Problems with RPM when SELinux is disabled
Summary: Problems with RPM when SELinux is disabled
Alias: None
Product: Fedora
Classification: Fedora
Component: libselinux   
(Show other bugs)
Version: 4
Hardware: All Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2005-08-08 18:12 UTC by Andy Blanchard
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-01-02 17:55:33 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Andy Blanchard 2005-08-08 18:12:36 UTC
Description of problem:

Six instances of the following line whenever making changes to the RPM database,
or testing actions that would result in changes with "--test":

  error: Macro %__policy_tree has an empty body

I tracked this message down to the file "/usr/lib/rpm/macros", and from there to
the file "/etc/selinux/config" that holds the actual value the RPM macro is using.

Version-Release number of selected component (if applicable):

  rpm v4.4.1-22
  selinux-policy-strict v1.23.16-6
  selinux-policy-targeted v1.25.3-9

How reproducible:


Steps to Reproduce:
1. Edit "/etc/selinux/config"
2. Set "SELINUXTYPE" to be null (not sure under what circumstances this happens,
   but this was how my system was configured after an upgrade from FC3 on which
   SELinux was also disabled)
3. Try and install/upgrade an RPM package (even in --test mode)
Actual results:

Errors displayed

Expected results:

No errors displayed

Additional info:

The fix is to ensure that "SELINUXTYPE" is always assigned a value in
"/etc/selinux/config", even when "SELINUX" is set to "disabled".  Since this
file is provided by both the "selinux-policy-strict" and
"selinux-policy-targeted" packages I think the solution would be to fixed it in
those two RPMs, but it could also be corrected by changing the RPM macro to take
into account the possibility of a null string.

Comment 1 Jeff Johnson 2005-09-29 19:42:56 UTC
The values permitted for seloinux variables are clearly documented in the file, and none of the permitted 
values are null.

Comment 2 Andy Blanchard 2005-09-30 00:12:03 UTC
I know that a null string is not a permitted value.  I initially installed
SELinux with FC3, didn't have time to get it working properly and so disabled
it, but left the policy configured as "targeted" intending to get back to it but
never got around to it.  The problem is that when upgrading from FC3 to FC4 with
SELinux configured as above something in the upgrade process sets the value to a
null string, hence the error messages after the reboot.

This is why my original suggestion was that a solution might be to ensure that a
value is set for "SELINUXTYPE" when installing/upgrading the policy packages,
even if "SELINUX" is set to disabled.  Uninstalling, removing the config file
and then re-installing the two policy packages does seem to create a valid file,
so the issue may be specific to whatever RPM installation method Anaconda is
using during an upgrade.

Comment 3 Jeff Johnson 2005-11-14 03:30:09 UTC
This is a selinux configuration, not an rpm, problem. Changing component.

Note You need to log in before you can comment on or make changes to this bug.