Bug 815478 - setsebool -P httpd_enable_homedirs 1 fails
setsebool -P httpd_enable_homedirs 1 fails
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: policycoreutils (Show other bugs)
17
x86_64 Linux
unspecified Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-23 12:55 EDT by Grant Goodyear
Modified: 2012-12-20 10:21 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-12-20 10:21:53 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Grant Goodyear 2012-04-23 12:55:07 EDT
Description of problem:

# setsebool -P httpd_enable_homedirs 1
libsepol.context_from_record: type unconfined_execmem_exec_t is not defined (No such file or directory).
libsepol.context_from_record: could not create context structure (Invalid argument).
libsemanage.validate_handler: invalid context system_u:object_r:unconfined_execmem_exec_t:s0 specified for /usr/sbin/condor_startd [all files] (Invalid argument).
libsemanage.dbase_llist_iterate: could not iterate over records (Invalid argument).
Could not change policy booleans


Version-Release number of selected component (if applicable):

policycoreutils-2.1.11-5.fc17.x86_64


How reproducible:

perfectly, on my one F17 system.

Steps to Reproduce:
1.
2.
3.
  
Actual results:

Boolean is unchanged.


Expected results:

Boolean should be updated.


Additional info:
Comment 1 Daniel Walsh 2012-04-23 13:42:50 EDT
DO you have a local label for /usr/sbin/condor_startd

semanage fcontext -d /usr/sbin/condor_startd

Should remove the definition and then you should be able to enable the boolean.
Comment 2 Daniel Walsh 2012-04-23 13:44:58 EDT
Added unconfined_execmem_exec_t as an alias to bin_t in selinux-policy-3.10.0-118.fc17
Comment 3 Grant Goodyear 2012-04-23 14:05:05 EDT
(In reply to comment #1)
> DO you have a local label for /usr/sbin/condor_startd
> 
> semanage fcontext -d /usr/sbin/condor_startd
> 
> Should remove the definition and then you should be able to enable the boolean.

It wouldn't surprise me if I did.

It seems that /usr/bin/dropbox also has type unconfined_execmem_exec_t, so trying to delete the contexts for /usr/sbin/condor_startd fails because of /usr/bin/dropbox (and vice versa):

[root@feynman condor]# semanage fcontext -d /usr/sbin/condor_startd
libsepol.context_from_record: type unconfined_execmem_exec_t is not defined (No such file or directory).
libsepol.context_from_record: could not create context structure (Invalid argument).
libsemanage.validate_handler: invalid context system_u:object_r:unconfined_execmem_exec_t:s0 specified for /usr/bin/dropbox [all files] (Invalid argument).
libsemanage.dbase_llist_iterate: could not iterate over records (Invalid argument).
/sbin/semanage: Could not commit semanage transaction
[root@feynman condor]# semanage fcontext -d /usr/bin/dropbox
libsepol.context_from_record: type unconfined_execmem_exec_t is not defined (No such file or directory).
libsepol.context_from_record: could not create context structure (Invalid argument).
libsemanage.validate_handler: invalid context system_u:object_r:unconfined_execmem_exec_t:s0 specified for /usr/sbin/condor_startd [all files] (Invalid argument).
libsemanage.dbase_llist_iterate: could not iterate over records (Invalid argument).
/sbin/semanage: Could not commit semanage transaction

That said, I'll just wait for the new selinux-policy package w/ the alias.

Thanks!
Comment 4 Daniel Walsh 2012-04-23 14:11:06 EDT
Strange that we got to this state.  But Yes, you will need to wait until 118 is released.  Or you could remove the labels from /etc/selinux/targeted/modules/active/file_contexts.local 

Then you should be able to rebuild.
Comment 5 Fedora Update System 2012-10-24 09:04:05 EDT
policycoreutils-2.1.12-4.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/policycoreutils-2.1.12-4.fc17
Comment 6 Fedora Update System 2012-10-24 19:55:55 EDT
Package policycoreutils-2.1.12-4.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing policycoreutils-2.1.12-4.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-16848/policycoreutils-2.1.12-4.fc17
then log in and leave karma (feedback).
Comment 7 Fedora Update System 2012-10-31 21:24:48 EDT
Package policycoreutils-2.1.12-5.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing policycoreutils-2.1.12-5.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-16848/policycoreutils-2.1.12-5.fc17
then log in and leave karma (feedback).
Comment 8 Fedora Update System 2012-12-20 10:21:58 EST
policycoreutils-2.1.12-5.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.