Bug 188060 - Updating policy fails!
Updating policy fails!
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict (Show other bugs)
rawhide
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-04-05 13:13 EDT by Horst H. von Brand
Modified: 2007-11-30 17:11 EST (History)
3 users (show)

See Also:
Fixed In Version: selinux-policy-strict-2.4.6-21.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-10 11:27:29 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Horst H. von Brand 2006-04-05 13:13:26 EDT
Description of problem:
When updating selinux-policy-strict, I get:

  Updating  : selinux-policy-strict        ##################### [ 28/126]
  libsepol.scope_copy_callback: authlogin: Duplicate declaration in module:  
type/attribute system_chkpwd_t
  libsemanage.semanage_link_sandbox: Link packages failed
  semodule:  Failed!

Version-Release number of selected component (if applicable):
selinux-policy-strict-2.2.29-3

How reproducible:
Dunno, don't want to downgrade and try again. Have seen similar messages when
upgrading before.

Steps to Reproduce:
1. Upgrade selinux-polkicy-strict
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 2 Daniel Walsh 2006-05-09 12:59:39 EDT
fixed in selinux-policy-2.2.38-1.FC5.
Comment 3 Valdis Kletnieks 2006-05-09 18:08:03 EDT
selinux-policy-strict-2.2.38-1.noarch.rpm still has the problem.  Is 1.FC5 a
different RPM?
Comment 4 Daniel Walsh 2006-05-09 23:24:34 EDT
No.

It should have executed in the post.

semodule -b /usr/share/selinux/strict/base.pp -r bootloader -r clock -r dpkg -r
fstools -r hotplug -r init -r libraries -r locallogin -r logging -r lvm -r
miscfiles -r modutils -r mount -r mta -r netutils -r selinuxutil -r storage -r
sysnetwork -r udev -r userdomain -r vpnc -r xend $x -s strict

Which should clear up the problem
Comment 5 Daniel Walsh 2006-05-09 23:25:26 EDT
Make that

cd /usr/share/selinux/strict
x=`ls *.pp | grep -v -e base.pp -e enableaudit.pp | awk '{ print "-i " $1 }'`
semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init
-r libraries -r locallogin -r logging -r lvm -r miscfiles -r modutils -r mount
-r mta -r netutils -r selinuxutil -r storage -r sysnetwork -r udev -r userdomain
-r vpnc -r xend $x -s strict
Comment 6 Valdis Kletnieks 2006-05-09 23:55:02 EDT
The RPM I have doesn't specify all the '-r foo' parameters.  And taking what you
have and putting it in a shell script and running it by hand still gets:

libsepol.scope_copy_callback: authlogin: Duplicate declaration in module:
type/attribute system_chkpwd_t
libsemanage.semanage_link_sandbox: Link packages failed
semodule:  Failed!

I'm thinking it has to do with the two gen_require() macros that both specify
system_chkpwd_t, but not sure what's supposed to happen there.... (there's
actually 3, but one is wrapped with an ifdef for targeted policy)...
Comment 7 Daniel Walsh 2006-05-10 14:26:06 EDT
You can just remove strict policy package

rpm -e selinux-policy-strict
rm -rf /etc/selinux/strict
Then reinstall it.

The problem was that certain packages at one time were in policy packages have
now been rolled into the base.pp, but the old pp files did not get removed.

Dan
Comment 8 Daniel Walsh 2006-05-10 14:26:34 EDT
You probably want to
rm -rf /usr/share/selinux/strict 

also
Comment 9 Horst H. von Brand 2006-07-19 13:29:49 EDT
OK, did as told in #7 (the directory mentioned in #8 doesn't exist here). Now,
installing 2.3.3-3:

  Installing: selinux-policy-strict        ######################### [1/1] 
/etc/selinux/strict/contexts/files/file_contexts: Multiple different
specifications for /usr/bin/apt-get  (system_u:object_r:rpm_exec_t:s0 and
system_u:object_r:apt_exec_t:s0).
/etc/selinux/strict/contexts/files/file_contexts: Multiple different
specifications for /usr/bin/apt-shell  (system_u:object_r:rpm_exec_t:s0 and
system_u:object_r:apt_exec_t:s0).

apt-* are not installed here.

Installed: selinux-policy-strict.noarch 0:2.3.3-3
Comment 10 Horst H. von Brand 2006-08-08 16:11:04 EDT
Today (selinux-policy-strict-:2.3.4-1) I get:

(1/1): selinux-policy-str 100% |=========================| 1.3 MB    02:45     
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing: selinux-policy-strict        ######################### [1/1] 
libsemanage.semanage_install_active: Could not copy
/etc/selinux/strict/modules/active/netfilter_contexts to
/etc/selinux/strict/contexts/netfilter_contexts.
libsemanage.semanage_install_active: Could not copy
/etc/selinux/strict/modules/active/policy.kern to
/etc/selinux/strict/policy/policy.20.
semodule:  Failed!

Installed: selinux-policy-strict.noarch 0:2.3.4-1
Complete!
Comment 11 Horst H. von Brand 2007-01-10 11:27:29 EST
Haven't seen this one lately.

Note You need to log in before you can comment on or make changes to this bug.