Bug 524630 - SELinus reports bad policy at boot time
Summary: SELinus reports bad policy at boot time
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: BackupPC
Version: rawhide
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Johan Cwiklinski
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-09-21 14:49 UTC by Quentin Armitage
Modified: 2009-09-23 16:15 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-09-23 16:15:12 UTC


Attachments (Terms of Use)

Description Quentin Armitage 2009-09-21 14:49:55 UTC
Description of problem:
The following error message is output at the start of the boot sequence:
SELinux:  permission module_request in class system not found in policy, bad pol
icy
SELinux:  the definition of a class is incorrect

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.6.32-6.fc12.noarch
libselinux-debuginfo-2.0.86-2.fc12.i686
libselinux-devel-2.0.86-2.fc12.i686
libselinux-2.0.86-2.fc12.i686
libselinux-python-2.0.86-2.fc12.i686
selinux-policy-3.6.32-6.fc12.noarch
libselinux-utils-2.0.86-2.fc12.i686

How reproducible:
Always

Steps to Reproduce:
1. Boot the system
2.
3.
  
Actual results:
Messages above output

Expected results:
No error messages

Additional info:

Comment 1 Daniel Walsh 2009-09-22 02:35:29 UTC
Please complete the full yum -y upgrade to get to the latest policy and latest tools.

Comment 2 Quentin Armitage 2009-09-22 07:17:55 UTC
I have done a yum upgrade and selinux-policy and selinux-policy-targeted were upgraded to 3.6.32-7.fc12, and I still get the error messages. The libselinux packages appear to be up to date already.

I subsequently upgraded the two packages to 3.6.32-8.fc12 and the error messages still occur.

I noticed that during the yum upgrade, I get the following error message:
  Updating       : selinux-policy-targeted-3.6.32-8.fc12.noarch             2/4 
libsepol.permission_copy_callback: Module BackupPC depends on permission request_module in class system, not satisfied (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
semodule:  Failed!

I'm not clear if this is pertinent, or what I need to do to resolve it.

Comment 3 Nils Philippsen 2009-09-22 11:47:43 UTC
Same here, this seems related to bug #524113. I'll try removing BackupPC and see if relabeling works.

Comment 4 Daniel Walsh 2009-09-22 12:59:47 UTC
Yes we need an updated BackupPC package to rebuild the policy.  We accidently build a selinux-policy with a named access request_module instead of module_request.  So for now remove the BackupPC module package.

semodule -r BackupPC
Then perform the selinux-policy-upgrade

All BackupPC has do to is rebuild against the latest selinux-policy package and we should be back in sync.  This is a bug in selinux-policy that caused BackupPC to suck in the wrong access type.  Sorry.

Comment 5 Johan Cwiklinski 2009-09-23 16:15:12 UTC
BackupPC has just been rebuilt (BackupPC-3_1_0-8_fc12).


Note You need to log in before you can comment on or make changes to this bug.