Red Hat Bugzilla – Bug 470316
semodule segfaults when loading a base policy with fewer categories than the currently loaded policy
Last modified: 2009-12-21 09:36:41 EST
Description of problem:
When building a new base policy module from the serefpolicy sources (in our source RPM), loading the new base policy segfaults if you have fewer than 1024 categories defined.
Version-Release number of selected component (if applicable):
(1.33.12-14 has the same issue)
Steps to Reproduce:
1. unpack the source RPM (selinux-policy-2.4.6-106.el5_1.3)
rpmbuild -bp <specfile>
then in the serefpolicy directory...
2. edit build.conf:
3. make bare
4. make conf
5. cp %_topdir/SOURCES/modules,booleans .conf into the policy dir.
6. build the base policy
then try and load your new base policy module with
7. semodule -b base.pp
Segmentation fault with no additional error messaged
new base policy loads (or fails with a comprehensible error message)
This appears to be related to the number of categories in the new base (256), when existing/loaded policy modules expect more (1024).
A more meaningful error message would be nice, rather than just a segfault :)
This has been fixed in upstream, I will work in RHEL6. But I think we just need to close next release for now. Not a problem many customers will face.