Bug 247206 - update stalls with error: libsepol.sepol_genbools_array: boolean allow_unconfined_execmem_dyntrans no longer in policy
Summary: update stalls with error: libsepol.sepol_genbools_array: boolean allow_unconf...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: rawhide
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-07-05 23:58 UTC by Kai Engert (:kaie) (inactive account)
Modified: 2007-11-30 22:12 UTC (History)
0 users

Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-08-22 14:14:23 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Kai Engert (:kaie) (inactive account) 2007-07-05 23:58:09 UTC
Description of problem:
Rawhide system, haven't updated for a couple of weeks.
Today I used
  yum update --exclude=kernel*
(because of a conflict)

System downloaded 158 new packages, started to install, and for the last 20
minutes it's been stalling at:
  Updating  : system-config-printer-libs   ##################### [144/322]
  Updating  : selinux-policy-targeted      ##################### [145/322]
libsepol.sepol_genbools_array: boolean allow_unconfined_execmem_dyntrans no
longer in policy


When I start a new SSH session to that machine, I get:
[kaie@kaiez1:~]$ ssh root@leise
root@leise's password:
Last login: Fri Jul  6 01:49:39 2007 from laptop
-bash: /root/.bash_profile: Permission denied
-bash-3.2#


When starting "top" from that bash, I only get two process lines:
top - 02:01:43 up  1:26,  2 users,  load average: 0.09, 0.06, 0.38
Tasks:   2 total,   1 running,   1 sleeping,   0 stopped,   0 zombie
Cpu(s):  0.0%us,  0.0%sy,  0.0%ni, 99.7%id,  0.3%wa,  0.0%hi,  0.0%si,  0.0%st
Mem:    963780k total,   889076k used,    74704k free,    54832k buffers
Swap:   524280k total,       84k used,   524196k free,   537172k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
 3728 root      15   0  4700 1524 1300 S  0.0  0.2   0:00.06 bash
 3764 root      15   0  2272  936  788 R  0.0  0.1   0:00.00 top


What should I do now?

Comment 1 Daniel Walsh 2007-07-06 14:50:55 UTC
What policy version are you using?

When logged in as root, execute id -Z?

Comment 2 Kai Engert (:kaie) (inactive account) 2007-07-06 18:05:53 UTC
[root@leise ~]# sestatus
...
Policy version:                 21
Policy from config file:        targeted

[root@leise ~]# id -Z
root:staff_r:staff_t:-s0:c0.c255


When I ran the update, I was using enforcing mode.
I have now switched to permissive.

But my rpm database is pretty much confused now, I have tons of duplicate
package entries.

I consider to reinstall that machine.


Comment 3 Daniel Walsh 2007-07-06 21:06:36 UTC
Yes hopefully this is fixed by tonights update.  selinux-policy-3.0.2-3

Comment 4 Kai Engert (:kaie) (inactive account) 2007-07-11 16:42:14 UTC
Sorry, I'm not able to test the fix.

Should we resolve this as worksforme?

Thanks


Comment 5 Kai Engert (:kaie) (inactive account) 2007-07-11 16:42:59 UTC
Oh wait, I have a rawhide xen guest, that I haven't updated for a couple of
weeks either, so I could try upgrading it now.


Comment 6 Kai Engert (:kaie) (inactive account) 2007-07-11 16:52:36 UTC
x86_64 host, RHEL 5 based (recompiled kernel to enable firewire)
Rawhide x86_64 xen guest

I no longer get the hard failure that I had reported in this bug, good.

FYI, the update still gave me some errors, see below.

[root@kaiexenrawhide ~]# yum update selinux-policy-targeted
Loading "installonlyn" plugin
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package selinux-policy-targeted.noarch 0:3.0.2-3.fc8 set to be updated
--> Processing Dependency: selinux-policy = 3.0.2-3.fc8 for package:
selinux-policy-targeted
--> Processing Dependency: policycoreutils >= 2.0.21-1 for package:
selinux-policy-targeted
--> Restarting Dependency Resolution with new changes.
--> Running transaction check
---> Package policycoreutils.x86_64 0:2.0.22-4.fc8 set to be updated
---> Package selinux-policy.noarch 0:3.0.2-3.fc8 set to be updated
--> Processing Dependency: policycoreutils = 2.0.20-1.fc8 for package:
policycoreutils-gui
--> Processing Dependency: libsepol >= 2.0.4-1 for package: policycoreutils
--> Restarting Dependency Resolution with new changes.
--> Running transaction check
---> Package libsepol.x86_64 0:2.0.4-1.fc8 set to be updated
---> Package policycoreutils-gui.x86_64 0:2.0.22-4.fc8 set to be updated

Dependencies Resolved

=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Updating:
 selinux-policy-targeted  noarch     3.0.2-3.fc8      development       1.3 M
Updating for dependencies:
 libsepol                x86_64     2.0.4-1.fc8      development       134 k
 policycoreutils         x86_64     2.0.22-4.fc8     development       586 k
 policycoreutils-gui     x86_64     2.0.22-4.fc8     development       133 k
 selinux-policy          noarch     3.0.2-3.fc8      development       358 k

Transaction Summary
=============================================================================
Install      0 Package(s)
Update       5 Package(s)
Remove       0 Package(s)

Total download size: 2.5 M
Is this ok [y/N]: y
Downloading Packages:
(1/5): selinux-policy-3.0 100% |=========================| 358 kB    00:00
(2/5): selinux-policy-tar 100% |=========================| 1.3 MB    00:00
(3/5): policycoreutils-2. 100% |=========================| 586 kB    00:00
(4/5): policycoreutils-gu 100% |=========================| 133 kB    00:00
(5/5): libsepol-2.0.4-1.f 100% |=========================| 134 kB    00:00
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating  : libsepol                     ####################### [ 1/10]
  Updating  : policycoreutils              ####################### [ 2/10]
  Updating  : selinux-policy               ####################### [ 3/10]
  Updating  : policycoreutils-gui          ####################### [ 4/10]
  Updating  : selinux-policy-targeted      ####################### [ 5/10]
libsepol.sepol_genbools_array: boolean allow_unconfined_execmem_dyntrans no
longer in policy
/sbin/setfiles: symbol lookup error: /sbin/setfiles: undefined symbol:
selinux_set_callback
libsemanage.semanage_install_active: setfiles returned error code 127.
libsepol.sepol_genbools_array: boolean allow_mplayer_execstack no longer in policy
libsepol.sepol_genbools_array: boolean allow_user_postgresql_connect no longer
in policy
libsepol.sepol_genbools_array: boolean allow_write_xshm no longer in policy
libsepol.sepol_genbools_array: boolean allow_xserver_execmem no longer in policy
libsepol.sepol_genbools_array: boolean browser_confine_staff no longer in policy
libsepol.sepol_genbools_array: boolean browser_confine_sysadm no longer in policy
libsepol.sepol_genbools_array: boolean browser_confine_user no longer in policy
libsepol.sepol_genbools_array: boolean browser_write_staff_data no longer in policy
libsepol.sepol_genbools_array: boolean browser_write_sysadm_data no longer in policy
libsepol.sepol_genbools_array: boolean browser_write_user_data no longer in policy
libsepol.sepol_genbools_array: boolean cdrecord_read_content no longer in policy
libsepol.sepol_genbools_array: boolean openvpn_enable_homedirs no longer in policy
libsepol.sepol_genbools_array: boolean pppd_for_user no longer in policy
libsepol.sepol_genbools_array: boolean user_net_control no longer in policy
libsepol.sepol_genbools_array: boolean user_ping no longer in policy
libsepol.sepol_genbools_array: boolean webadm_manage_user_files no longer in policy
libsepol.sepol_genbools_array: boolean webadm_read_user_files no longer in policy
/sbin/setfiles: symbol lookup error: /sbin/setfiles: undefined symbol:
selinux_set_callback
libsemanage.semanage_install_active: setfiles returned error code 127.
semodule:  Failed!
/sbin/restorecon: symbol lookup error: /sbin/restorecon: undefined symbol:
selabel_open
  Cleanup   : libsepol                     ####################### [ 6/10]
  Cleanup   : policycoreutils-gui          ####################### [ 7/10]
  Cleanup   : policycoreutils              ####################### [ 8/10]
  Cleanup   : selinux-policy-targeted      ####################### [ 9/10]
/sbin/setfiles: symbol lookup error: /sbin/setfiles: undefined symbol:
selinux_set_callback
libsemanage.semanage_install_active: setfiles returned error code 127.
/sbin/setfiles: symbol lookup error: /sbin/setfiles: undefined symbol:
selinux_set_callback
libsemanage.semanage_install_active: setfiles returned error code 127.
Could not change policy booleans
/var/tmp/rpm-tmp.86616: line 2:  2200 Segmentation fault      semanage login -m
-s "system_u" __default__ 2> /dev/null
/var/tmp/rpm-tmp.86616: line 3:  2201 Segmentation fault      semanage user -a
-P unconfined -R "unconfined_r system_r" unconfined_u 2> /dev/null
  Cleanup   : selinux-policy               ####################### [10/10]

Updated: selinux-policy-targeted.noarch 0:3.0.2-3.fc8
Dependency Updated: libsepol.x86_64 0:2.0.4-1.fc8 policycoreutils.x86_64
0:2.0.22-4.fc8 policycoreutils-gui.x86_64 0:2.0.22-4.fc8 selinux-policy.noarch
0:3.0.2-3.fc8
Complete!

[root@kaiexenrawhide ~]# id -Z
root:system_r:unconfined_t:SystemLow-SystemHigh

[root@kaiexenrawhide ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 21
Policy from config file:        targeted


Comment 7 Kai Engert (:kaie) (inactive account) 2007-07-11 17:04:24 UTC
Changing status back to assigned.
Please feel free to resolve.

I will file a separate bug if the above error should cause any problems for
using that installation


Comment 8 Daniel Walsh 2007-07-12 18:29:58 UTC
This is caused by a version mismatch between policycoreutils and libselinux.  
Fixed in policycoreutils-2.0.22-5.fc8  Updated requires line to pull libselinux
first.

Comment 9 Daniel Walsh 2007-08-22 14:14:23 UTC
Should be fixed in the current release



Note You need to log in before you can comment on or make changes to this bug.