Description of problem: When updating selinux-policy-strict, I get: Updating : selinux-policy-strict ##################### [ 28/126] libsepol.scope_copy_callback: authlogin: Duplicate declaration in module: type/attribute system_chkpwd_t libsemanage.semanage_link_sandbox: Link packages failed semodule: Failed! Version-Release number of selected component (if applicable): selinux-policy-strict-2.2.29-3 How reproducible: Dunno, don't want to downgrade and try again. Have seen similar messages when upgrading before. Steps to Reproduce: 1. Upgrade selinux-polkicy-strict 2. 3. Actual results: Expected results: Additional info:
fixed in selinux-policy-2.2.38-1.FC5.
selinux-policy-strict-2.2.38-1.noarch.rpm still has the problem. Is 1.FC5 a different RPM?
No. It should have executed in the post. semodule -b /usr/share/selinux/strict/base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init -r libraries -r locallogin -r logging -r lvm -r miscfiles -r modutils -r mount -r mta -r netutils -r selinuxutil -r storage -r sysnetwork -r udev -r userdomain -r vpnc -r xend $x -s strict Which should clear up the problem
Make that cd /usr/share/selinux/strict x=`ls *.pp | grep -v -e base.pp -e enableaudit.pp | awk '{ print "-i " $1 }'` semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init -r libraries -r locallogin -r logging -r lvm -r miscfiles -r modutils -r mount -r mta -r netutils -r selinuxutil -r storage -r sysnetwork -r udev -r userdomain -r vpnc -r xend $x -s strict
The RPM I have doesn't specify all the '-r foo' parameters. And taking what you have and putting it in a shell script and running it by hand still gets: libsepol.scope_copy_callback: authlogin: Duplicate declaration in module: type/attribute system_chkpwd_t libsemanage.semanage_link_sandbox: Link packages failed semodule: Failed! I'm thinking it has to do with the two gen_require() macros that both specify system_chkpwd_t, but not sure what's supposed to happen there.... (there's actually 3, but one is wrapped with an ifdef for targeted policy)...
You can just remove strict policy package rpm -e selinux-policy-strict rm -rf /etc/selinux/strict Then reinstall it. The problem was that certain packages at one time were in policy packages have now been rolled into the base.pp, but the old pp files did not get removed. Dan
You probably want to rm -rf /usr/share/selinux/strict also
OK, did as told in #7 (the directory mentioned in #8 doesn't exist here). Now, installing 2.3.3-3: Installing: selinux-policy-strict ######################### [1/1] /etc/selinux/strict/contexts/files/file_contexts: Multiple different specifications for /usr/bin/apt-get (system_u:object_r:rpm_exec_t:s0 and system_u:object_r:apt_exec_t:s0). /etc/selinux/strict/contexts/files/file_contexts: Multiple different specifications for /usr/bin/apt-shell (system_u:object_r:rpm_exec_t:s0 and system_u:object_r:apt_exec_t:s0). apt-* are not installed here. Installed: selinux-policy-strict.noarch 0:2.3.3-3
Today (selinux-policy-strict-:2.3.4-1) I get: (1/1): selinux-policy-str 100% |=========================| 1.3 MB 02:45 Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing: selinux-policy-strict ######################### [1/1] libsemanage.semanage_install_active: Could not copy /etc/selinux/strict/modules/active/netfilter_contexts to /etc/selinux/strict/contexts/netfilter_contexts. libsemanage.semanage_install_active: Could not copy /etc/selinux/strict/modules/active/policy.kern to /etc/selinux/strict/policy/policy.20. semodule: Failed! Installed: selinux-policy-strict.noarch 0:2.3.4-1 Complete!
Haven't seen this one lately.