Description of problem: I'm not sure how serious it is, but when doing a yum update of selinux-policy and a couple of related packages from F16 to F17 I got this error message when yum was running the postinstall scripts: libsepol.scope_copy_callback: entropyd: Duplicate declaration in module: type/attribute entropyd_var_run_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). /usr/sbin/semodule: Failed! ****... (many more asterisks) Version-Release number of selected component (if applicable): selinux-policy-3.10.0-110.fc17.noarch How reproducible: I upgraded two systems, and it happened on both.
Strange issue. What does $ ls -1 /etc/selinux/targeted/modules/active/modules/ | grep audio
It returns a single match: pulseaudio.pp
I'm not sure if this could be the same problem or not, but I got messages from setroubleshoot that entropyd_use_audio is needed if I want to use audio-entropyd. So I tried set it, and got an error message like this: mimmi$ sudo setsebool -P entropyd_use_audio 1 libsepol.context_from_record: type unconfined_execmem_exec_t is not defined (No such file or directory). libsepol.context_from_record: could not create context structure (Invalid argument). libsemanage.validate_handler: invalid context system_u:object_r:unconfined_execmem_exec_t:s0 specified for /usr/lib64/ghc-6.10.4/ghc [all files] (Invalid argument). libsemanage.dbase_llist_iterate: could not iterate over records (Invalid argument). Could not change policy booleans I had ghc defined to have the unconfined_execmem_exec_t type in a local fcontext. I don't remember when I set that, but I tried to run without allow_execmem set before it was replaced with deny_execmem, so it's probably related to that. After removing that particular fcontext I could set the boolean, so that problem is fixed. I don't have an environment where I can easily test if the yum upgrade of selinux would also succeed if I removed that fcontext first. But I thought I could mention it here in case you would think it might have caused the other issue too.
Could you try to execute $ /usr/sbin/semodule -n -s targeted -r xfs kudzu kerneloops execmem openoffice ada tzdata hal hotplug howl java mono moilscanner gamin audio_entropy audioentropy iscsid polkit_auth polkit rtkit_daemon ModemManager telepathysofiasip ethereal passanger qpidd
I did, and it complained that it didn't find most of them. In most but not all cases with the additional comment "No such file or directory". But the two modules hotplug and howl were indeed removed.
Inspired by your suggestion I also did "rpm -qf *" in /etc/selinux/targeted/modules/active/modules. It found six modules which didn't belong to any package. Three are local additions I've made, but three are probably remnants from older packages that for some reason haven't been removed. evolution.pp pki.pp thunderbird.pp I guess I should clean up those too, but I'll wait a little in case you want me to test something before I do.
I would remove those packages.
try to execute: su -c "setsebool -P samba_export_all_rw 1" su -c "setsebool -P samba_export_all_rw 1" libsepol.scope_copy_callback: entropyd: Duplicate declaration in module: type/attribute entropyd_var_run_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). Could not change policy booleans
Kai do this # setenforce 0 # rm -rf /etc/selinux/targeted # yum reinstall selinux-policy-targeted # restorecon -R -v /etc/selinux/targeted # setenforce 1 Then it should work. Thank you.