Bug 312401 - Error messages when updating strict policy on some systems
Error messages when updating strict policy on some systems
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict (Show other bugs)
7
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-09-29 12:23 EDT by Bruno Wolff III
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-10-01 18:24:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bruno Wolff III 2007-09-29 12:23:15 EDT
Description of problem:
When upgrading from selinux-policy-strict-2.6.4-42 to
selinux-policy-strict-2.6.4-43, I got the messages:

/etc/selinux/strict/contexts/files/file_contexts: Multiple different
specifications for /usr/bin/apt-get  (system_u:object_r:rpm_exec_t:s0 and
system_u:object_r:apt_exec_t:s0).
/etc/selinux/strict/contexts/files/file_contexts: Multiple different
specifications for /usr/bin/apt-shell  (system_u:object_r:rpm_exec_t:s0 and
system_u:object_r:apt_exec_t:s0).
/etc/selinux/strict/contexts/files/file_contexts: Multiple different
specifications for /usr/sbin/synaptic  (system_u:object_r:rpm_exec_t:s0 and
system_u:object_r:apt_exec_t:s0).

Neither targeted nor mls policies had this issue.

Version-Release number of selected component (if applicable):
2.6.4-43

How reproducible:
50% It happened on one of two systems I upgraded.

Steps to Reproduce:
1. Update selinux-policy-strict to 2.6.4-43
  
Actual results:
Update occurred with the error messages above.

Expected results:
No error messages while updating.

Additional info:
Both systems had synaptics-0.14.4-8.fc6 installed.
The systems do have different package sets installed on them, so they aren't
identical.
Comment 1 Daniel Walsh 2007-10-01 16:46:57 EDT
Do you see an apt policy installed 

semodule -r apt -s strict
Comment 2 Bruno Wolff III 2007-10-01 17:34:22 EDT
On the machine where I saw the error message, when running "semodule -r apt -s
strict", I just got a prompt back.

Just for the heck of it, I tried "semodule -r apt -s targeted", and got the
following message:
libsemanage.semanage_direct_remove: Module apt was not found.
semodule:  Failed on apt!

I'll probably get a chance to test this on the machine where I didn't get the
message during the update tonight.
Comment 3 Daniel Walsh 2007-10-01 18:24:39 EDT
That means that somewhere along the line someone installed the apt policy on
your machine, for strict policy.  It is removed now, so updating to strict
policy should work.  BTW, if you do not use strict policy, just remove it from
the system,

rpm -e selinux-policy-strict

Note You need to log in before you can comment on or make changes to this bug.