Description of problem: When building a new base policy module from the serefpolicy sources (in our source RPM), loading the new base policy segfaults if you have fewer than 1024 categories defined. Version-Release number of selected component (if applicable): policycoreutils-1.33.12-12.el5 (1.33.12-14 has the same issue) How reproducible: Every time Steps to Reproduce: 1. unpack the source RPM (selinux-policy-2.4.6-106.el5_1.3) rpmbuild -bp <specfile> then in the serefpolicy directory... 2. edit build.conf: DISTRO=redhat TYPE=targeted-mcs NAME=targeted POLY=y MONOLITHIC=n QUIET=n DIRECT_INITRC=y 3. make bare 4. make conf 5. cp %_topdir/SOURCES/modules,booleans .conf into the policy dir. 6. build the base policy make base.pp then try and load your new base policy module with 7. semodule -b base.pp Actual results: Segmentation fault with no additional error messaged Expected results: new base policy loads (or fails with a comprehensible error message) Additional info: This appears to be related to the number of categories in the new base (256), when existing/loaded policy modules expect more (1024). A more meaningful error message would be nice, rather than just a segfault :)
This has been fixed in upstream, I will work in RHEL6. But I think we just need to close next release for now. Not a problem many customers will face.