Bug 174953 - selinux-policy-targeted complaints about missing policy.kern file
selinux-policy-targeted complaints about missing policy.kern file
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-12-04 15:56 EST by Michal Jaegermann
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-12-07 13:47:08 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
base.pp from selinux-policy-targeted-2.0.8-1 (4.08 MB, application/octet-stream)
2005-12-06 13:34 EST, Michal Jaegermann
no flags Details

  None (edit)
Description Michal Jaegermann 2005-12-04 15:56:19 EST
Description of problem:

While installing I am getting the following on my screen (with SELinux actually
turned off):

libsepol.policydb_write: Discarding booleans and conditional rules
libsepol.policydb_write: Discarding booleans and conditional rules
libsepol.context_read_and_validate: invalid security context
libsepol.policydb_to_image: new policy image is invalid
libsepol.policydb_to_image: could not create policy image
libsepol.policydb_write: Discarding booleans and conditional rules
libsepol.policydb_write: Discarding booleans and conditional rules
/usr/sbin/load_policy:  Can't load policy:  No such file or directory
libsemanage.semanage_reload_policy: load_policy returned error code 2.
libsemanage.semanage_install_active: Could not copy
/etc/selinux/targeted/modules/active/policy.kern to
/etc/selinux/targeted/policy/policy.20.
Failed!

/etc/selinux/targeted/modules/active/policy.kern indeed is absent
even if 'rpm -V selinux-policy-targeted' does not have any complaints
and 'rpm -s selinux-policy-targeted' lists everything as "normal".

/etc/selinux/targeted/policy/policy.20 is recreated despite of "Failed!"
message.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-2.0.8-1

How reproducible:
Always. It is enough to re-run:
semodule -b /usr/share/selinux/targeted/base.pp -s targeted
to see the message quoted above.
Comment 1 Daniel Walsh 2005-12-05 10:39:21 EST
try 

cd /etc/selinux/targeted/modules/active/
cp booleans.local seusers /tmp
rm -rf *
cp /tmp/booleans.local /tmp/seusers .
semodule -b /usr/share/selinux/targeted/base.pp -s targeted
Comment 2 Michal Jaegermann 2005-12-05 11:01:28 EST
> cp booleans.local seusers /tmp

Here is a problem.  I do not see any booleans.local anywhere and, apart of
seusers file, only an empty modules subdirectory.  Is this booleans.local
optional?

Following the recipe above, with obvious modifications, does not change anything
An empty booleans.local is not effective too. I am not alone seeing this
"Failed!" judging from some postings on fedora-devel-list.
Comment 3 Joshua Brindle 2005-12-06 10:14:20 EST
It isn't the booleans.local causing the problem. You appear to be getting a 
corrupt policy image somehow. 

First, please attach your /usr/share/selinux/targeted/base.pp to this bug so I 
can check it out

Assuming you don't have any local modifications (seuser, users.local or 
booleans.local), which the above post seems to indicate, just remove the entire 
modules directory:
rm -rf /etc/selinux/targeted/modules

be sure to update libsemanage (there were some recent bug fixes)
yum upgrade libsemanage

and remove the selinux-policy-targeted rpm
rpm -e selinux-policy-targeted

once this is removed reinstall it, if you are using yum
yum install selinux-policy-targeted

This should succeed, please post your results here
Comment 4 Michal Jaegermann 2005-12-06 13:34:14 EST
Created attachment 121934 [details]
base.pp from selinux-policy-targeted-2.0.8-1

> First, please attach your /usr/share/selinux/targeted/base.pp to this bug so
I
> can check it out

Done. Like I wrote, 'rpm -V selinux-policy-targeted' does not have any
complaints.

> Assuming you don't have any local modifications ...

No modifications anywhere.  Everything here is straight from packages.

> rm -rf /etc/selinux/targeted/modules

I did that on earlier trials.

> be sure to update libsemanage

I have installed libsemanage-1.3.61-1 and I do not see for now anything
newer.	This version was actually installed on 2005-12-01.

> once this is removed reinstall it

I removed and installed again selinux-policy-targeted-2.0.8-1. Actually
on the second try I removed the whole /etc/selinux/ tree before installing
again.	I got back the same message.

/etc/selinux/targeted/policy/policy.20 does exist after this exercise
but /etc/selinux/targeted/modules/active/policy.kern, which could not be
copied to the former according to the complaint, is nowhere in sight.
Comment 5 Michal Jaegermann 2005-12-06 14:11:33 EST
I repeated the same exercise with selinux-policy-targeted-2.0.9-1 and got
the same complaints.  I wonder if this is really not libsepol mishandling
some binary data on a 64-bit architecture.
Comment 6 Daniel Walsh 2005-12-06 14:26:39 EST
I believe the problem is caused by libsemanage calling load_policy even though
SELinux is disabled.  If you update to the files located in my yum repository on
people, I thinkg the problem might be solved.  These files will be in tonights
rawhide.

ftp://people.redhat.com/dwalsh/SELinux/Fedora/
Comment 7 Michal Jaegermann 2005-12-07 13:47:08 EST
With libsemanage-1.3.64-1 installed, and possibly new policycoreutils-1.27.36-2
too, the error indeed vanished.

Note You need to log in before you can comment on or make changes to this bug.