Bug 476420 - fixfiles unable to relabel - lots of "line X has invalid context"
Summary: fixfiles unable to relabel - lots of "line X has invalid context"
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: policycoreutils
Version: rawhide
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-12-14 14:12 UTC by Michal Schmidt
Modified: 2008-12-15 21:51 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-12-15 21:51:01 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Michal Schmidt 2008-12-14 14:12:54 UTC 
Description of problem:
After getting some AVC denials in Rawhide I decided to do a full relabel. So I did: touch /.autorelabel && reboot  - but it was obvious that no relabel was done, because the boot took no longer than usual.

Testing fixfiles from the shell confirmed there was a problem:

[root@vRawhide ~]# fixfiles relabel

    Files in the /tmp directory may be labeled incorrectly, this command 
    can remove all files in /tmp.  If you choose to remove files from /tmp, 
    a reboot will be required after completion.
    
    Do you wish to clean out the /tmp directory [N]? 
/etc/selinux/targeted/contexts/files/file_contexts:  line 2 has invalid context system_u:object_r:quota_db_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:  line 17 has invalid context system_u:object_r:admin_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:  line 89 has invalid context system_u:object_r:snort_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:  line 98 has invalid context system_u:object_r:quota_db_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:  line 99 has invalid context system_u:object_r:quota_db_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:  line 121 has invalid context system_u:object_r:quota_db_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:  line 176 has invalid context system_u:object_r:gpg_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:  line 203 has invalid context system_u:object_r:courier_pop_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:  line 204 has invalid context system_u:object_r:courier_pop_exec_t:s0
Exiting after 10 errors.


Version-Release number of selected component (if applicable):
policycoreutils-2.0.60-5.fc11.x86_64
selinux-policy-3.6.1-10.fc11.noarch
selinux-policy-targeted-3.6.1-10.fc11.noarch

How reproducible:
always

Steps to Reproduce:
1. Run: fixfiles relabel
  
Actual results:
The above error messages. fixfiles changes no contexts.

Expected results:
fixfiles should fix the contexts of files.
Comment 1 Daniel Walsh 2008-12-15 16:21:39 UTC 
This works fine for me.

ls -l /etc/selinux/targeted/policy

rpm -q libsemanage
Comment 2 Michal Schmidt 2008-12-15 21:51:01 UTC 
[root@vRawhide ~]# ls -l /etc/selinux/targeted/policy
total 7620
-rw-r--r-- 1 root root 4328898 2008-12-11 23:42 policy.23
-rw-r--r-- 1 root root 3446365 2008-12-13 18:44 policy.24

Not sure where policy.24 came from. According to RPM it does not belong to any package. Perhaps it's because this was originally an F8 installation, upgraded to F10 and then Rawhide. Something must have gone wrong with the upgrade.

[root@vRawhide ~]# rpm -q libsemanage
libsemanage-2.0.30-2.fc11.x86_64


Another interesting symptom:

[root@vRawhide ~]# semodule -B
libsepol.print_missing_requirements: awstats's global requirements were not met: type/attribute httpd_t
libsemanage.semanage_link_sandbox: Link packages failed
semodule:  Failed!


Anyway, it seems I fixed it with:
yum reinstall selinux-policy selinux-policy-targeted
Note You need to log in before you can comment on or make changes to this bug.