Description of problem: In the course of the most recent update one gets something of that sort Updating : selinux-policy-strict ####################### [15/40] libsemanage.semanage_make_sandbox: Could not copy files to sandbox /etc/selinux/strict/modules/tmp. semodule: Failed on base.pp! A peek with 'rpm -q --scripts selinux-policy-strict' makes "postinstall scriptlet" the most likely candidate. Indeed, the following commands: cd /usr/share/selinux/strict semodule -b base.pp -i prelink.pp -s strict reproduce the quoted error message and an exit status is 1. Luckily this is not the last operation of postinstall so we are not left with installed duplicate packages. No idea if overall update results are correct. Creating a non-existent directory /etc/selinux/strict/modules/tmp does not help. OTOH after a failed operation this directory is removed. :-) Version-Release number of selected component (if applicable): selinux-policy-strict-2.4.3-10.fc6 How reproducible: always
Does restorecon -R -v /etc/selinux fix the problem. Dan
> Does 'restorecon -R -v /etc/selinux' fix the problem. No, it does not. I got the same error message. Is relevant that on a machine where this happens selinux is, in this moment, turned off while selinux-policy-strict-2.4.3-10.fc6 and selinux-policy-targeted-2.4.3-10.fc6 package are actually installed?
I was installing selinux-policy-strict-2.4.6-7.fc6.i386 on another machine and this time I got an error: libsepol.scope_copy_callback: authlogin: Duplicate declaration in module: type/attribute system_chkpwd_t libsemanage.semanage_link_sandbox: Link packages failed semodule: Failed! The same shows up after just: cd /usr/share/selinux/strict semodule -b base.pp -i prelink.pp -s strict Is this another manifestation of the same issue as before or this is something new? That machine has at this moment installed these packages: selinux-policy-2.4.6-7.fc6 selinux-policy-targeted-2.4.6-7.fc6 selinux-policy-strict-2.4.6-7.fc6
The same error like the one described in comment #3 showed up on an update to selinux-policy-strict-2.4.6-13.fc6
Please remove prelink.pp. This file is now included in the base policy package. semodule -r prelink rm /usr/share/selinux/srict/prelink.pp Install the rpm packages.
> Please remove prelink.pp. ??? # rpm -qf /usr/share/selinux/strict/prelink.pp selinux-policy-strict-2.4.6-13.fc6 > semodule -r prelink > rm /usr/share/selinux/strict/prelink.pp OK > Install the rpm packages. You mean those from 'updates-testing'? .... Updating : selinux-policy-strict ######################### [3/6] libsemanage.semanage_make_sandbox: Could not copy files to sandbox /etc/selinux/strict/modules/tmp. semodule: Failed on base.pp! .... Updated: selinux-policy.noarch 0:2.4.6-17.fc6 selinux-policy-strict.noarch 0:2.4.6-17.fc6 selinux-policy-targeted.noarch 0:2.4.6-17.fc6 Complete! Now /usr/share/selinux/strict/prelink.pp is back as a part of selinux-policy-strict-2.4.6-17.fc6 and 'rpm -q --scripts selinux-policy-strict' explicitely says: ( cd /usr/share/selinux/strict; semodule -b base.pp -i prelink.pp -i acct.pp .... ); If you will try just 'semodule -b base.pp -i acct.pp' this responds with libsepol.print_missing_requirements: amavis's global requirements were not met: type/attribute crond_t libsemanage.semanage_link_sandbox: Link packages failed semodule: Failed! I am afraid that I am lost here.
Created attachment 145109 [details] error messages output during yum update I seem to have the same problem while updating from 2.4.6-17.fc6 to 2.4.6-23.fc6.
Fixed in current release