Bug 244815 - yum update gives selinux errors
yum update gives selinux errors
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
7
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
: 246091 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-06-19 07:08 EDT by Need Real Name
Modified: 2007-11-30 17:12 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-04 16:14:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
As requested. (20.85 KB, application/x-gzip)
2007-06-19 11:48 EDT, Need Real Name
no flags Details

  None (edit)
Description Need Real Name 2007-06-19 07:08:07 EDT
Not sure what qiv is doing with a policy for /lost+found/, looks suspicious:

# yum install qiv
[snip]
Downloading Packages:
(1/1): qiv-2.0-7.fc7.i386 100% |=========================|  51 kB    00:00     
Running Transaction Test
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications
for /usr/local/lost\+found/.*.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications
for /usr/local/\.journal.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications
for /usr/local/lost\+found.
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications
for /usr/local/lost\+found/.*.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications
for /usr/local/\.journal.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications
for /usr/local/lost\+found.
  Installing: qiv                          ######################### [1/1] 

Installed: qiv.i386 0:2.0-7.fc7
Complete!
Comment 1 Daniel Walsh 2007-06-19 08:17:04 EDT
I don't see this with qiv.  Could you look at
/etc/selinux/targeted/context/files/file_contexts.local, is there any entries in
there?
Comment 2 Need Real Name 2007-06-19 10:17:23 EDT
I get the same error when I run yum -y upgrade:
Running Transaction Test
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications
for /usr/local/lost\+found/.*.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications
for /usr/local/\.journal.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications
for /usr/local/lost\+found.

To answer your question (amending the filename):
# grep ^/lost /etc/selinux/targeted/contexts/files/file_contexts
/lost\+found/.* <<none>>
/lost\+found    -d      system_u:object_r:lost_found_t:s0

This is an upgraded box from FC6.
Comment 3 Daniel Walsh 2007-06-19 10:35:44 EDT
I want the contents of /etc/selinux/targeted/context/files/file_contexts.local
Comment 4 Need Real Name 2007-06-19 11:48:22 EDT
Created attachment 157385 [details]
As requested.

/etc/selinux/targeted/context/files/file_contexts.local does not exist.
/etc/selinux/targeted/contexts/files/file_contexts is attached.
Comment 5 Need Real Name 2007-06-28 12:08:52 EDT
On two boxes:

[snip]
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications
for /usr/local/lost\+found/.*.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications
for /usr/local/\.journal.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications
for /usr/local/lost\+found.
  Updating  : vte                          ####################### [ 1/10] 
[snip]
Comment 6 Terje Rosten 2007-06-29 10:09:20 EDT
*** Bug 246091 has been marked as a duplicate of this bug. ***
Comment 7 Daniel Walsh 2007-07-01 20:19:24 EDT
Well something is strange here.  Could you do the following?

#grep /usr/local.*journal /etc/selinux/targeted/contexts/files/*
Comment 8 Need Real Name 2007-07-02 01:52:00 EDT
/etc/selinux/targeted/contexts/files/file_contexts:/usr/local/\.journal <<none>>
Comment 9 Terje Rosten 2007-07-02 04:07:06 EDT
$ grep /usr/local.*journal /etc/selinux/targeted/contexts/files/*
/etc/selinux/targeted/contexts/files/file_contexts:/usr/local/\.journal <<none>>
/etc/selinux/targeted/contexts/files/file_contexts.homedirs:/usr/local/\.journal
<<none>>
/etc/selinux/targeted/contexts/files/file_contexts.pre:/usr/local/\.journal <<none>>
Comment 10 Daniel Walsh 2007-07-02 13:34:55 EDT
Do you have a user account homedir under /usr/local?

How did that entry get in that file?

If you run genhomedircon does it remove the entry?
Comment 11 Need Real Name 2007-07-02 13:43:05 EDT
Which person are you asking (me, the bug reporter, or?)

(In reply to comment #10)
> Do you have a user account homedir under /usr/local?

# grep usr.local /etc/passwd
says no.

> How did that entry get in that file?

None of the selinux files have ever been touched.

> If you run genhomedircon does it remove the entry?

I get the same result.
Comment 12 Daniel Walsh 2007-07-02 13:47:37 EDT
Could you execute

#rm -f /etc/selinux/targeted/contexts/files/file_contexts.homedirs 
#rm -f /etc/selinux/targeted/contexts/files/file_contexts.pre
# genhomedircon

Then check if it fixes the problem?
Comment 13 Need Real Name 2007-07-02 14:09:23 EDT
(In reply to comment #12)
> Then check if it fixes the problem?

The problem goes away, but the problem still exists - I got a bad context from
somewhere...
Comment 14 Terje Rosten 2007-07-03 03:22:39 EDT
(In reply to comment #12)
> Could you execute
> 
> #rm -f /etc/selinux/targeted/contexts/files/file_contexts.homedirs 
> #rm -f /etc/selinux/targeted/contexts/files/file_contexts.pre
> # genhomedircon
> 
> Then check if it fixes the problem?

Did not help:

$ rm -f /etc/selinux/targeted/contexts/files/file_contexts.homedirs
/etc/selinux/targeted/contexts/files/file_contexts.pre
$ genhomedircon
$ yum install xemacs
[snip]
Running Transaction Test
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications  
 for /usr/local/lost\+found/.*.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications  
 for /usr/local/\.journal.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications  
 for /usr/local/lost\+found.
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications  
 for /usr/local/lost\+found/.*.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications  
 for /usr/local/\.journal.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications  
 for /usr/local/lost\+found.
  Installing: compface                     ######################### [1/6]
[snip]



Comment 15 Daniel Walsh 2007-07-03 13:48:23 EDT
Does the following
# grep /usr/local.*journal /etc/selinux/targeted/contexts/files/*

Show the double entry again?
Comment 16 Terje Rosten 2007-07-06 06:36:49 EDT
> Show the double entry again?

I did it once more, now pre is fine?

$ grep /usr/local.*journal /etc/selinux/targeted/contexts/files/*
/etc/selinux/targeted/contexts/files/file_contexts:/usr/local/\.journal <<none>>
/etc/selinux/targeted/contexts/files/file_contexts.homedirs:/usr/local/\.journal
       <<none>>
/etc/selinux/targeted/contexts/files/file_contexts.pre:/usr/local/\.journal    
<<none>>

$ rm -f /etc/selinux/targeted/contexts/files/file_contexts.homedirs
/etc/selinux/targeted/contexts/files/file_contexts.pre

$ genhomedircon  

$ grep /usr/local.*journal /etc/selinux/targeted/contexts/files/*
/etc/selinux/targeted/contexts/files/file_contexts:/usr/local/\.journal <<none>>
/etc/selinux/targeted/contexts/files/file_contexts.homedirs:/usr/local/\.journal
       <<none>>
Comment 17 Daniel Walsh 2007-07-06 11:08:14 EDT
This still makes no sense.  Since genhomedircon is only supposed to change the
sed the context in /etc/selinux/targeted/contexts/files/homedir_template in to
file_contexts.homedirs.


rpm -q policycoreutils
rpm -qV policycoreutils
Comment 18 Terje Rosten 2007-07-06 12:38:42 EDT
$ rpm -q policycoreutils
policycoreutils-2.0.16-6.fc7

$ rpm -qV policycoreutils

$ rpm -q selinux-policy-targeted 
selinux-policy-targeted-2.6.4-23.fc7

$ rpm -qV selinux-policy-targeted-2.6.4-23.fc7

$ cat /etc/selinux/targeted/contexts/files/homedir_template
HOME_DIR/.+     system_u:object_r:ROLE_home_t:s0
HOME_DIR/.*/plugins/nprhapengine\.so.*  --      system_u:object_r:textrel_shlib_t:s0
HOME_DIR/.*/plugins/libflashplayer\.so.*        --     
system_u:object_r:textrel_shlib_t:s0
HOME_DIR/((www)|(web)|(public_html))(/.+)?     
system_u:object_r:httpd_ROLE_content_t:s0
HOME_DIR/\.mozilla(/.*)?/plugins/libflashplayer\.so.*   --     
system_u:object_r:textrel_shlib_t:s0
/tmp/\.exchange-USER(/.*)?      system_u:object_r:ROLE_evolution_exchange_tmp_t:s0
HOME_ROOT/lost\+found/.*        <<none>>
HOME_DIR/\.config/gtk-.*        system_u:object_r:ROLE_gnome_home_t:s0
HOME_DIR        -d      system_u:object_r:ROLE_home_dir_t:s0
HOME_ROOT       -d      system_u:object_r:home_root_t:s0
/tmp/gconfd-USER        -d      system_u:object_r:ROLE_tmp_t:s0
HOME_ROOT/\.journal     <<none>>
HOME_ROOT/lost\+found   -d      system_u:object_r:lost_found_t:s0
Comment 19 Daniel Walsh 2007-07-06 13:29:02 EDT
Ok the problem here, i believe,  is that you have users in the /usr/local
directory.  Can you make a subdirectory and move your users to it.

/usr/local/home/XYZ

This will fix the labeling.
Comment 20 Need Real Name 2007-07-06 13:30:53 EDT
But I have no users in /usr/local. How does that explain my problem?
Comment 21 Terje Røsten 2007-07-06 16:11:52 EDT
> Ok the problem here, i believe,  is that you have users in the /usr/local
> directory.  Can you make a subdirectory and move your users to it.
> 
> /usr/local/home/XYZ
> 
> This will fix the labeling.

The box has no normal "users", all non system users is coming from yp.

I believe no users has $home under /usr/local, however I know some
users has $shell in /usr/local eg /usr/local/bin/tsch and /usr/local/bin/bash .


Can that be the trigger? 

Has the orignal reporter (Need Real Name) users with shells in /usr/local ?





Comment 22 Need Real Name 2007-07-06 16:50:27 EDT
As comments 11, 20 and now comment 22 say: no.
Comment 23 Daniel Walsh 2007-07-06 17:00:06 EDT
# ypcat passwd | grep /usr/local > /tmp/found
# grep /usr/local /etc/passwd > /tmp/found

Any regular user or system user IE any account with a Home Directory beginning
with /usr/local?

Shell's do not matter.  

If you do not find something that matches, then the problem must be in
genhomedircon.
Comment 24 Terje Røsten 2007-07-06 17:57:54 EDT
> Any regular user or system user IE any account with a Home Directory beginning
> with /usr/local?

I can check, however it has to wait, no access to system at the moment.

.
Comment 25 Adam Spiers 2007-09-05 11:02:26 EDT
For future reference, it looks like slimserver can cause this problem:

http://bugs.slimdevices.com/show_bug.cgi?id=5389

Note You need to log in before you can comment on or make changes to this bug.