After a yum upgrade from f13 I get filespec_add: conflicting specifications for /usr/bin/git-shell and /usr/libexec/git-core/git-shell, using system_u:object_r:bin_t:s0. selinux-policy-3.9.5-7.fc14.noarch (There are other se errors on the system, but this seems like a good place to start.)
matchpathcon /usr/libexec/git-core/git-shell /usr/bin/git-shell /usr/libexec/git-core/git-shell system_u:object_r:shell_exec_t:s0 /usr/bin/git-shell system_u:object_r:shell_exec_t:s0 They look the same to me on F14. Could you do yum -y reinstall selinux-policy-targeted And tell me if you see any errors?
*** Bug 638136 has been marked as a duplicate of this bug. ***
Right, before: # matchpathcon /usr/libexec/git-core/git-shell /usr/bin/git-shell /usr/libexec/git-core/git-shell system_u:object_r:bin_t:s0 /usr/bin/git-shell system_u:object_r:shell_exec_t:s0 After reinstall: # matchpathcon /usr/libexec/git-core/git-shell /usr/bin/git-shell /usr/libexec/git-core/git-shell system_u:object_r:shell_exec_t:s0 /usr/bin/git-shell system_u:object_r:shell_exec_t:s0 (By the way: reinstalling the policy package showed ***** as progress. I guess it should have been silent.) (I will relabel and reboot now and see what have changed.)
Yes, that fixed it. So ... will you file this as unexplained/user error? Or does it make sense to try to track down what happened? As a mitigation I can imagine that it could be handy if the troubleshooter could tell which policy had been _successfully_ installed. My packages got updated in this order: Updated: checkpolicy-2.0.22-1.fc14.i686 Updated: selinux-policy-3.9.5-5.fc14.noarch Updated: polkit-desktop-policy-0.98-4.fc14.noarch Updated: selinux-policy-targeted-3.9.5-5.fc14.noarch Updated: setroubleshoot-plugins-2.1.61-1.fc14.noarch Updated: selinux-policy-3.9.5-7.fc14.noarch Updated: selinux-policy-targeted-3.9.5-7.fc14.noarch Updated: libselinux-2.0.96-5.fc14.i686 Updated: libselinux-python-2.0.96-5.fc14.i686 Updated: libselinux-utils-2.0.96-5.fc14.i686 Updated: policycoreutils-2.0.83-28.fc14.i686 Updated: policycoreutils-python-2.0.83-28.fc14.i686 Updated: setroubleshoot-server-2.2.99-1.fc14.i686 Updated: policycoreutils-gui-2.0.83-28.fc14.i686 Updated: setroubleshoot-2.2.99-1.fc14.i686 Installed: selinux-policy-targeted-3.9.5-7.fc14.noarch so could it perhaps be caused by the policy being loaded by too old (f13) policycoreutils? Missing dependencies or yum not interpreting the dependencies sufficiently hard?
*** Bug 638154 has been marked as a duplicate of this bug. ***
*** Bug 638172 has been marked as a duplicate of this bug. ***
It looks like this is an actual bug in F13.
Fixed in selinux-policy-3.7.19-63.fc13
selinux-policy-3.7.19-65.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/selinux-policy-3.7.19-65.fc13
selinux-policy-3.7.19-65.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/selinux-policy-3.7.19-65.fc13
selinux-policy-3.7.19-65.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.