Bug 174703 - yum update selinux-policy-targeted fails - can't load policy
yum update selinux-policy-targeted fails - can't load policy
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
5
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-12-01 10:59 EST by Clyde E. Kunkel
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-12-08 09:57:30 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Clyde E. Kunkel 2005-12-01 10:59:27 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20051129 Fedora/1.5-1 Firefox/1.5

Description of problem:
  Updating  : selinux-policy-targeted      ##                    [ 60/156]warnin g: /etc/selinux/targeted/policy/policy.20 created as /etc/selinux/targeted/polic y/policy.20.rpmnew
  Updating  : selinux-policy-targeted      ##################### [ 60/156]
libsepol.policydb_write: Discarding booleans and conditional rules
libsepol.policydb_write: Discarding booleans and conditional rules
libsepol.context_read_and_validate: invalid security context
libsepol.policydb_to_image: new policy image is invalid
libsepol.policydb_to_image: could not create policy image
/usr/sbin/load_policy:  Can't load policy:  No such file or directory
libsemanage.semanage_reload_policy: load_policy returned error code 2.
libsemanage.semanage_install_active: Could not copy /etc/selinux/targeted/module s/active/policy.kern to /etc/selinux/targeted/policy/policy.20.
Failed!



Version-Release number of selected component (if applicable):


How reproducible:
Didn't try

Steps to Reproduce:
1.yum update
2.
3.
  

Actual Results:  failed as in description

Expected Results:  no failure

Additional info:

In addition, yum update is still sitting with the failed msg showing.  Top shows find at the top.  Letting it run since I have a lot of other distros mounted in /mnt and suspect there isn't a -mount option in the find.
Comment 1 Daniel Walsh 2005-12-01 14:36:14 EST
This is caused by a kernel upgrade which supports a new version of policy than
the one in the package.

load_policy /etc/selinux/targeted/policy/policy.19 

Will allow the policy to be installed.  Or rebooting the machine would load the
new policy.

selinux-policy-targeted-1.27.1-2.16 fixes this problem
Comment 2 Allen Kistler 2005-12-06 02:20:21 EST
I got errors similar to (maybe even the same as) the OP's upon update.  I
removed all traces of selinux-policy-targeted and reinstalled the version from
CD #1 (selinux-policy-targeted-1.27.2-19, which is "later" than the one
mentioned in Comment #1 ???).  "rpm -Fv" to the latest rawhide
(selinux-policy-targeted-2.0.8-1) continues to give errors.  Mine are:

libsepol.policydb_write: Discarding booleans and conditional rules
libsepol.policydb_write: Discarding booleans and conditional rules
libsepol.context_read_and_validate: invalid security context
libsepol.policydb_to_image: new policy image is invalid
libsepol.policydb_to_image: could not create policy image
/usr/sbin/load_policy:  Can't load policy:  No such file or directory
libsemanage.semanage_reload_policy: load_policy returned error code 2.
libsemanage.semanage_install_active: Could not copy
/etc/selinux/targeted/modules/active/policy.kern to
/etc/selinux/targeted/policy/policy.20.
Failed!

Then the errors repeat as if trying again.

I've turned selinux off (SELINUX=disabled), so whatever it's not doing right
isn't hurting me.  Perhaps whatever got fixed in Comment #1 got unfixed in major
rev 2?
Comment 3 Allen Kistler 2005-12-08 01:43:53 EST
This bug appears to be fixed for me as of selinux-policy-targeted-2.0.11-1 (or
maybe it was really policycoreutils-1.27.36-2 ?)  Anyway, no errors.

Note You need to log in before you can comment on or make changes to this bug.