Bug 2050774 - Spurious "uavc: op=load_policy lsm=selinux seqno=2 res=1" output on update
Summary: Spurious "uavc: op=load_policy lsm=selinux seqno=2 res=1" output on update
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: rpm
Version: 35
Hardware: All
OS: Linux
unspecified
low
Target Milestone: ---
Assignee: Zdenek Pytela
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-02-04 15:50 UTC by Orion Poplawski
Modified: 2022-10-11 08:40 UTC (History)
16 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-10-11 08:40:30 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github rpm-software-management rpm pull 2201 0 None open Add a handler for libselinux log messages (RhBug:2123719, RhBug:2050774) 2022-10-11 08:40:29 UTC
Red Hat Bugzilla 2123719 0 low CLOSED Weird "uavc: op=load_policy lsm=selinux seqno=11 res=1" printed to terminal when updating/installing a package 2023-05-12 06:28:13 UTC

Description Orion Poplawski 2022-02-04 15:50:28 UTC 
Description of problem:

We run dnf-automatic regularly via cron.  When selinux-policy updates the following output is generated:

uavc:  op=load_policy lsm=selinux seqno=2 res=1

In general, package updates should not produce any output.

Version-Release number of selected component (if applicable):
selinux-policy-35.13-1.fc35.noarch
Comment 1 Ajaykumar Rajappa 2022-05-29 10:51:04 UTC 
We are also been observing similar log message(uavc:  op=load_policy lsm=selinux seqno=21 res=1) while installing our PowerPath rpm package. In general it should not produce such logs. 

Note: PowerPath also load its custom policy and redirect any logs from semodule to /dev/null 

We didn't see this in case of RHEL8.

 

# rpm -ivh /tmp/DellEMCPower.LINUX-8.5.0.00.00-056.RHEL9.x86_64.rpm
Verifying...                          ################################# [100%]
Preparing...                          ################################# [100%]
Updating / installing...
   1:EMCpower.LINUX-8.5.0.00.00-056.el################################# [100%]
All trademarks used herein are the property of their respective owners.

*** IMPORTANT ***
Please check the following configurations before starting PowerPath:
   - Add _netdev to /etc/fstab mount options for PowerPath pseudo devices.
   - Set LVM global_filter in /etc/lvm/lvm.conf according to PowerPath recommendation.
   - Blacklist all devices in /etc/multipath.conf and stop multipathd service.
   - Install PowerPath license(s) and ensure that policy is not set to BasicFailover.
   - If no license is available, ensure that only one HBA port is active in the host.
     PowerPath supports only single-HBA configuration when unlicensed.
Refer to PowerPath Installation and Administration Guide for details.


Installation or use of PowerPath software indicates agreement with the
End User License Agreement available at /etc/opt/emcpower/EULA.pdf.

Non Disruptive Upgrade (NDU) is supported from PowerPath Linux 6.5 or higher releases.
Please refer to support documents for more information.

uavc:  op=load_policy lsm=selinux seqno=21 res=1
#
Comment 2 Panu Matilainen 2022-09-22 08:22:16 UTC 
This is caused by newer libselinux issuing such log messages on selinux_status_updated() which rpm-selinux-plugin calls to see whether somebody updated the policy while a transaction is running. Such as selinux-policy loading a new policy from its scriptlets. I find it all somewhat strange, but seems it's rpm's responsibility to suppress the message, reassigning.

More details in bug 2123719.
Note You need to log in before you can comment on or make changes to this bug.