Created attachment 497578 [details] output of "grep setroubleshoot /var/log/messages" Description of problem: I don't know what went wrong. I updated my fedora 13 system to fedora 14. Now I am having major problems with SELinux. (The upgrade went ok, there were no problems.) I attached the output of "grep setroubleshoot /var/log/messages" as a text file to this bug. I have reinstalled selinux-policy and selinux-policy-targeted and done a "autorelabel" but it doesn't help. I compared several files with a second fc14 system which has been upgraded from fc13 and don't see differences. I must be missing something but what? Please help me! Version-Release number of selected component (if applicable): selinux-policy-3.9.7-40.fc14.noarch selinux-policy-targeted-3.9.7-40.fc14.noarch How reproducible: All the time. Steps to Reproduce: 1. 2. 3. Actual results: A lot of SELinux errors, see attachment. Expected results: No selinux errors. Additional info:
*** Bug 702793 has been marked as a duplicate of this bug. ***
*** Bug 702795 has been marked as a duplicate of this bug. ***
*** Bug 702796 has been marked as a duplicate of this bug. ***
*** Bug 702797 has been marked as a duplicate of this bug. ***
*** Bug 702798 has been marked as a duplicate of this bug. ***
*** Bug 702799 has been marked as a duplicate of this bug. ***
*** Bug 702800 has been marked as a duplicate of this bug. ***
*** Bug 702801 has been marked as a duplicate of this bug. ***
*** Bug 702802 has been marked as a duplicate of this bug. ***
Also, when I login via ssh i get this message: "Unable to get valid context for root" And when I try to (re)install selinux-policy-targeted, i get: Installing : selinux-policy-targeted-3.9.7-40.fc14.noarch 1/1 libsepol.permission_copy_callback: Module mediawiki depends on permission read_policy in class security, not satisfied (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! Installed: selinux-policy-targeted.noarch 0:3.9.7-40.fc14 Complete! I really hope somebody (Daniel?) is able to help me with this issue soon. Regards, Eddie.
Hereby I add another attachment, it's the daily logwatch report from the system affected by this problem. I think that there is more useful information in it. Regards, Eddie.
Created attachment 497644 [details] Logwatch of the problematic system
I seem to have solved it myself by: 1. setenforce 0 2. removing selinux-policy and selinux-policy-targeted 3. reinstalling selinux-policy and selinux-policy-targeted 4. re-enabling selinux 5. touch /.autorelabel 6. reboot
in comment 13, i forgot that between step 2 and 3 i removed /etc/selinux/targeted.
Eddie, could you try to do these steps # setenforce 0 # rm -rf /etc/selinux/targeted # yum reinstall selinux-policy-targeted # fixfiles restore # reboot
Thank you Miroslav but isn't that basically the same as the steps I described in comment 13 and 14? It seems that everything is running fine now I have done that. Do I still need to do your steps as well?
You are right. I missed the comment #14. The problem is I added some fixes (relating to read_policy) to RHEL6 (and it means these changes are also in F13). And these changes are not in Fedora 14.
Moving to selinux-policy (was 0xFFFF) -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
*** Bug 706750 has been marked as a duplicate of this bug. ***
*** Bug 707090 has been marked as a duplicate of this bug. ***
Fixed in selinux-policy-3.9.7-42.fc14
selinux-policy-3.9.7-42.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-42.fc14
Package selinux-policy-3.9.7-42.fc14: * should fix your issue, * was pushed to the Fedora 14 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.9.7-42.fc14' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-42.fc14 then log in and leave karma (feedback).
Updated: selinux-policy.noarch 0:3.9.7-42.fc14 Dependency Updated: selinux-policy-targeted.noarch 0:3.9.7-42.fc14 Looks fine to me. However, the one system i had this issue on already was being fixed by the steps in comment #13 and #14. Regards, Eddie.
I had the same problem - this is still not in updates. I "fixed" it by deleting of /etc/selinux/targeted but it was not a good advice as I lost my modifications to the policy...
Well, my fault. I would say # mv /etc/selinux/targeted /etc/selinux/targeted.backup instead of # rm -rf /etc/selinux/targeted Did you have a lot of rules in your local modules?
Acctualy it is not that bad. I have a backups. Just want to make a note for others to save some headache.
selinux-policy-3.9.7-42.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.