Description of problem: Rawhide system, haven't updated for a couple of weeks. Today I used yum update --exclude=kernel* (because of a conflict) System downloaded 158 new packages, started to install, and for the last 20 minutes it's been stalling at: Updating : system-config-printer-libs ##################### [144/322] Updating : selinux-policy-targeted ##################### [145/322] libsepol.sepol_genbools_array: boolean allow_unconfined_execmem_dyntrans no longer in policy When I start a new SSH session to that machine, I get: [kaie@kaiez1:~]$ ssh root@leise root@leise's password: Last login: Fri Jul 6 01:49:39 2007 from laptop -bash: /root/.bash_profile: Permission denied -bash-3.2# When starting "top" from that bash, I only get two process lines: top - 02:01:43 up 1:26, 2 users, load average: 0.09, 0.06, 0.38 Tasks: 2 total, 1 running, 1 sleeping, 0 stopped, 0 zombie Cpu(s): 0.0%us, 0.0%sy, 0.0%ni, 99.7%id, 0.3%wa, 0.0%hi, 0.0%si, 0.0%st Mem: 963780k total, 889076k used, 74704k free, 54832k buffers Swap: 524280k total, 84k used, 524196k free, 537172k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 3728 root 15 0 4700 1524 1300 S 0.0 0.2 0:00.06 bash 3764 root 15 0 2272 936 788 R 0.0 0.1 0:00.00 top What should I do now?
What policy version are you using? When logged in as root, execute id -Z?
[root@leise ~]# sestatus ... Policy version: 21 Policy from config file: targeted [root@leise ~]# id -Z root:staff_r:staff_t:-s0:c0.c255 When I ran the update, I was using enforcing mode. I have now switched to permissive. But my rpm database is pretty much confused now, I have tons of duplicate package entries. I consider to reinstall that machine.
Yes hopefully this is fixed by tonights update. selinux-policy-3.0.2-3
Sorry, I'm not able to test the fix. Should we resolve this as worksforme? Thanks
Oh wait, I have a rawhide xen guest, that I haven't updated for a couple of weeks either, so I could try upgrading it now.
x86_64 host, RHEL 5 based (recompiled kernel to enable firewire) Rawhide x86_64 xen guest I no longer get the hard failure that I had reported in this bug, good. FYI, the update still gave me some errors, see below. [root@kaiexenrawhide ~]# yum update selinux-policy-targeted Loading "installonlyn" plugin Setting up Update Process Resolving Dependencies --> Running transaction check ---> Package selinux-policy-targeted.noarch 0:3.0.2-3.fc8 set to be updated --> Processing Dependency: selinux-policy = 3.0.2-3.fc8 for package: selinux-policy-targeted --> Processing Dependency: policycoreutils >= 2.0.21-1 for package: selinux-policy-targeted --> Restarting Dependency Resolution with new changes. --> Running transaction check ---> Package policycoreutils.x86_64 0:2.0.22-4.fc8 set to be updated ---> Package selinux-policy.noarch 0:3.0.2-3.fc8 set to be updated --> Processing Dependency: policycoreutils = 2.0.20-1.fc8 for package: policycoreutils-gui --> Processing Dependency: libsepol >= 2.0.4-1 for package: policycoreutils --> Restarting Dependency Resolution with new changes. --> Running transaction check ---> Package libsepol.x86_64 0:2.0.4-1.fc8 set to be updated ---> Package policycoreutils-gui.x86_64 0:2.0.22-4.fc8 set to be updated Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Updating: selinux-policy-targeted noarch 3.0.2-3.fc8 development 1.3 M Updating for dependencies: libsepol x86_64 2.0.4-1.fc8 development 134 k policycoreutils x86_64 2.0.22-4.fc8 development 586 k policycoreutils-gui x86_64 2.0.22-4.fc8 development 133 k selinux-policy noarch 3.0.2-3.fc8 development 358 k Transaction Summary ============================================================================= Install 0 Package(s) Update 5 Package(s) Remove 0 Package(s) Total download size: 2.5 M Is this ok [y/N]: y Downloading Packages: (1/5): selinux-policy-3.0 100% |=========================| 358 kB 00:00 (2/5): selinux-policy-tar 100% |=========================| 1.3 MB 00:00 (3/5): policycoreutils-2. 100% |=========================| 586 kB 00:00 (4/5): policycoreutils-gu 100% |=========================| 133 kB 00:00 (5/5): libsepol-2.0.4-1.f 100% |=========================| 134 kB 00:00 Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Updating : libsepol ####################### [ 1/10] Updating : policycoreutils ####################### [ 2/10] Updating : selinux-policy ####################### [ 3/10] Updating : policycoreutils-gui ####################### [ 4/10] Updating : selinux-policy-targeted ####################### [ 5/10] libsepol.sepol_genbools_array: boolean allow_unconfined_execmem_dyntrans no longer in policy /sbin/setfiles: symbol lookup error: /sbin/setfiles: undefined symbol: selinux_set_callback libsemanage.semanage_install_active: setfiles returned error code 127. libsepol.sepol_genbools_array: boolean allow_mplayer_execstack no longer in policy libsepol.sepol_genbools_array: boolean allow_user_postgresql_connect no longer in policy libsepol.sepol_genbools_array: boolean allow_write_xshm no longer in policy libsepol.sepol_genbools_array: boolean allow_xserver_execmem no longer in policy libsepol.sepol_genbools_array: boolean browser_confine_staff no longer in policy libsepol.sepol_genbools_array: boolean browser_confine_sysadm no longer in policy libsepol.sepol_genbools_array: boolean browser_confine_user no longer in policy libsepol.sepol_genbools_array: boolean browser_write_staff_data no longer in policy libsepol.sepol_genbools_array: boolean browser_write_sysadm_data no longer in policy libsepol.sepol_genbools_array: boolean browser_write_user_data no longer in policy libsepol.sepol_genbools_array: boolean cdrecord_read_content no longer in policy libsepol.sepol_genbools_array: boolean openvpn_enable_homedirs no longer in policy libsepol.sepol_genbools_array: boolean pppd_for_user no longer in policy libsepol.sepol_genbools_array: boolean user_net_control no longer in policy libsepol.sepol_genbools_array: boolean user_ping no longer in policy libsepol.sepol_genbools_array: boolean webadm_manage_user_files no longer in policy libsepol.sepol_genbools_array: boolean webadm_read_user_files no longer in policy /sbin/setfiles: symbol lookup error: /sbin/setfiles: undefined symbol: selinux_set_callback libsemanage.semanage_install_active: setfiles returned error code 127. semodule: Failed! /sbin/restorecon: symbol lookup error: /sbin/restorecon: undefined symbol: selabel_open Cleanup : libsepol ####################### [ 6/10] Cleanup : policycoreutils-gui ####################### [ 7/10] Cleanup : policycoreutils ####################### [ 8/10] Cleanup : selinux-policy-targeted ####################### [ 9/10] /sbin/setfiles: symbol lookup error: /sbin/setfiles: undefined symbol: selinux_set_callback libsemanage.semanage_install_active: setfiles returned error code 127. /sbin/setfiles: symbol lookup error: /sbin/setfiles: undefined symbol: selinux_set_callback libsemanage.semanage_install_active: setfiles returned error code 127. Could not change policy booleans /var/tmp/rpm-tmp.86616: line 2: 2200 Segmentation fault semanage login -m -s "system_u" __default__ 2> /dev/null /var/tmp/rpm-tmp.86616: line 3: 2201 Segmentation fault semanage user -a -P unconfined -R "unconfined_r system_r" unconfined_u 2> /dev/null Cleanup : selinux-policy ####################### [10/10] Updated: selinux-policy-targeted.noarch 0:3.0.2-3.fc8 Dependency Updated: libsepol.x86_64 0:2.0.4-1.fc8 policycoreutils.x86_64 0:2.0.22-4.fc8 policycoreutils-gui.x86_64 0:2.0.22-4.fc8 selinux-policy.noarch 0:3.0.2-3.fc8 Complete! [root@kaiexenrawhide ~]# id -Z root:system_r:unconfined_t:SystemLow-SystemHigh [root@kaiexenrawhide ~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 21 Policy from config file: targeted
Changing status back to assigned. Please feel free to resolve. I will file a separate bug if the above error should cause any problems for using that installation
This is caused by a version mismatch between policycoreutils and libselinux. Fixed in policycoreutils-2.0.22-5.fc8 Updated requires line to pull libselinux first.
Should be fixed in the current release