Bug 769859 - selinux-policy-* packages seem to be testing SELinux status incorrectly
Summary: selinux-policy-* packages seem to be testing SELinux status incorrectly
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy
Version: 6.2
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Michal Trunecka
QA Contact: Michal Trunecka
Depends On:
TreeView+ depends on / blocked
Reported: 2011-12-22 14:56 UTC by jcpunk
Modified: 2014-09-30 23:33 UTC (History)
8 users (show)

Fixed In Version: selinux-policy-3.7.19-132.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2012-06-20 12:30:14 UTC
Target Upstream Version:

Attachments (Terms of Use)
This patch should fix the issue by removing [ ] from around selinuxenabled (467 bytes, patch)
2011-12-22 14:56 UTC, jcpunk
no flags Details | Diff

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2012:0780 normal SHIPPED_LIVE selinux-policy bug fix and enhancement update 2012-06-19 20:34:59 UTC

Description jcpunk 2011-12-22 14:56:20 UTC
Created attachment 549206 [details]
This patch should fix the issue by removing [ ] from around selinuxenabled

Description of problem:
When installing an updated selinux-policy-targeted on a system which has selinux disabled, the following error is displayed:

SELinux:  Could not downgrade policy file /etc/selinux/targeted/policy/policy.24, searching for an older version.
SELinux:  Could not open policy file <= /etc/selinux/targeted/policy/policy.24:  No such file or directory
load_policy:  Can't load policy:  No such file or directory

This error is displayed as the rpm is attempting to run load_policy when a policy cannot be loaded.  This can be a confusing error for people who do not have selinux enabled, but are installing each update as it is released.

Version-Release number of selected component (if applicable): 3.7.19-126.el6

How reproducible: always

Steps to Reproduce:
1. Install a minimal system
2. Ensure getenforce reports 'Disabled'
3. Update selinux-policy-targeted
4. See error produced by the process
Actual results:
The package installs but an error is produced causing concern where none need be given.

Expected results:
The package should install without producing an error so that, if in the future selinux is enabled, the system can be up to date.

Additional info: the attached patch should resolve the problem

Comment 2 Akemi Yagi 2011-12-22 15:34:11 UTC
I can confirm this bug.

Comment 3 Daniel Walsh 2011-12-22 15:35:17 UTC
Fixed in selinux-policy-3.7.19-132.el6

Comment 4 Miroslav Grepl 2011-12-22 15:39:49 UTC
Yes, we discovered this issue after RHEL6.2. Good catch. Thank you.

Comment 7 errata-xmlrpc 2012-06-20 12:30:14 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.