Description of problem: Error messages from yum during update of selinux-policy-targeted to version selinux-policy-targeted-2.4.6-62.fc6 Version-Release number of selected component (if applicable): selinux-policy-targeted-2.4.6-62.fc6 How reproducible: yum shell update Steps to Reproduce: 1. 2. 3. Actual results: Yum displayed the following message /etc/selinux/targeted/contexts/files/file_contexts: Multiple different specifications for /usr/lib/vlc/codec/libdmo_plugin.so (system_u:object_r:textrel_shlib_t:s0 and system_u:object_r:shlib_t:s0). /etc/selinux/targeted/contexts/files/file_contexts: Multiple different specifications for /usr/lib/vlc/codec/librealaudio_plugin.so (system_u:object_r:textrel_shlib_t:s0 and system_u:object_r:shlib_t:s0). Both .so files mentioned are from vlc-0.8.6b-1.lvn6 /var/log/messages show restorecond: Will not restore a file with more than one hard link (/etc/resolv.conf) Invalid argument during yum session, as well as during bootup and shutdown Expected results: No messages: Additional info:
Did you modify the context to be textrel_shlib_t? The current policy only requires these to be shlib_t?
It looks like the Livna VLC package performs: $ rpm -q --scripts vlc postinstall scriptlet (using /bin/sh): /usr/bin/gtk-update-icon-cache -qf /usr/share/icons/hicolor &>/dev/null || : /sbin/ldconfig # Add new labeling rules for libraries requiring text relocation: /usr/sbin/semanage fcontext -a -t textrel_shlib_t /usr/lib/vlc/codec/libdmo_plugin.so /usr/sbin/semanage fcontext -a -t textrel_shlib_t /usr/lib/vlc/codec/librealaudio_plugin.so # Set correct SELinux security contexts: restorecon /usr/lib/vlc/codec/libdmo_plugin.so /usr/lib/vlc/codec/librealaudio_plugin.so postuninstall scriptlet (using /bin/sh): /usr/bin/gtk-update-icon-cache -qf /usr/share/icons/hicolor &>/dev/null || : /sbin/ldconfig
I have not personally changed anything, just yum shell update If I run cd /etc/selinux/; find * -type f | env LANG=C xargs -r grep vlc I get targeted/modules/previous/file_contexts.local:/usr/lib/vlc/codec/libdmo_plugin.so system_u:object_r:textrel_shlib_t:s0 targeted/modules/previous/file_contexts.local:/usr/lib/vlc/codec/librealaudio_plugin.so system_u:object_r:textrel_shlib_t:s0 Binary file targeted/modules/active/base.linked matches targeted/modules/active/file_contexts.local:/usr/lib/vlc/codec/libdmo_plugin.so system_u:object_r:textrel_shlib_t:s0 targeted/modules/active/file_contexts.local:/usr/lib/vlc/codec/librealaudio_plugin.so system_u:object_r:textrel_shlib_t:s0 Binary file targeted/modules/active/base.pp matches targeted/modules/active/file_contexts.template:/usr/lib/vlc/codec/libdmo_plugin.so -- system_u:object_r:shlib_t:s0 targeted/modules/active/file_contexts.template:/usr/lib/vlc/codec/librealaudio_plugin.so --system_u:object_r:shlib_t:s0 targeted/modules/active/file_contexts:/usr/lib/vlc/codec/libdmo_plugin.so -- system_u:object_r:shlib_t:s0 targeted/modules/active/file_contexts:/usr/lib/vlc/codec/librealaudio_plugin.so -- system_u:object_r:shlib_t:s0 targeted/contexts/files/file_contexts.local:/usr/lib/vlc/codec/libdmo_plugin.so system_u:object_r:textrel_shlib_t:s0 targeted/contexts/files/file_contexts.local:/usr/lib/vlc/codec/librealaudio_plugin.so system_u:object_r:textrel_shlib_t:s0 targeted/contexts/files/file_contexts:/usr/lib/vlc/codec/libdmo_plugin.so -- system_u:object_r:shlib_t:s0 targeted/contexts/files/file_contexts:/usr/lib/vlc/codec/librealaudio_plugin.so -- system_u:object_r:shlib_t:s0 Wojtek
I have fixed the default context for these files to be textrel_shlib_t to match what the distributer wants. It would have been better if they had contacted me or fixed their libraries. But selinux-policy-2.4.6-69 will have the correct context and should prevent this in the future.
dwalsh, Thanks for the update and fix, but its approaching a week and I have not seen an updated selinux policy toi kill the bug, any idea's when it will be released?
It will go to test release today. Sorry I was at the Red Hat Summit all last week.
I have installed selinux-policy-targeted-2.4.6-69.fc6 from updates-testing. Now it is more quiet, when booting the system is says: /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specification s for /usr/lib/vlc/codec/libdmo_plugin.so. /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /usr/lib/vlc/codec/librealaudio_plugin.so. at least two times. The plugins mentioned are from vlc-0.8.6b-1.lvn6.i386. I am wondering if something could be done to quiet the messages?
Yes now you will have to remove the lines added by the vendor to stop the messages Something like semanage fcontext -d /usr/lib/vlc/codec/libdmo_plugin.so
Fixed in current release