Description of problem: # setsebool -P httpd_enable_homedirs 1 libsepol.context_from_record: type unconfined_execmem_exec_t is not defined (No such file or directory). libsepol.context_from_record: could not create context structure (Invalid argument). libsemanage.validate_handler: invalid context system_u:object_r:unconfined_execmem_exec_t:s0 specified for /usr/sbin/condor_startd [all files] (Invalid argument). libsemanage.dbase_llist_iterate: could not iterate over records (Invalid argument). Could not change policy booleans Version-Release number of selected component (if applicable): policycoreutils-2.1.11-5.fc17.x86_64 How reproducible: perfectly, on my one F17 system. Steps to Reproduce: 1. 2. 3. Actual results: Boolean is unchanged. Expected results: Boolean should be updated. Additional info:
DO you have a local label for /usr/sbin/condor_startd semanage fcontext -d /usr/sbin/condor_startd Should remove the definition and then you should be able to enable the boolean.
Added unconfined_execmem_exec_t as an alias to bin_t in selinux-policy-3.10.0-118.fc17
(In reply to comment #1) > DO you have a local label for /usr/sbin/condor_startd > > semanage fcontext -d /usr/sbin/condor_startd > > Should remove the definition and then you should be able to enable the boolean. It wouldn't surprise me if I did. It seems that /usr/bin/dropbox also has type unconfined_execmem_exec_t, so trying to delete the contexts for /usr/sbin/condor_startd fails because of /usr/bin/dropbox (and vice versa): [root@feynman condor]# semanage fcontext -d /usr/sbin/condor_startd libsepol.context_from_record: type unconfined_execmem_exec_t is not defined (No such file or directory). libsepol.context_from_record: could not create context structure (Invalid argument). libsemanage.validate_handler: invalid context system_u:object_r:unconfined_execmem_exec_t:s0 specified for /usr/bin/dropbox [all files] (Invalid argument). libsemanage.dbase_llist_iterate: could not iterate over records (Invalid argument). /sbin/semanage: Could not commit semanage transaction [root@feynman condor]# semanage fcontext -d /usr/bin/dropbox libsepol.context_from_record: type unconfined_execmem_exec_t is not defined (No such file or directory). libsepol.context_from_record: could not create context structure (Invalid argument). libsemanage.validate_handler: invalid context system_u:object_r:unconfined_execmem_exec_t:s0 specified for /usr/sbin/condor_startd [all files] (Invalid argument). libsemanage.dbase_llist_iterate: could not iterate over records (Invalid argument). /sbin/semanage: Could not commit semanage transaction That said, I'll just wait for the new selinux-policy package w/ the alias. Thanks!
Strange that we got to this state. But Yes, you will need to wait until 118 is released. Or you could remove the labels from /etc/selinux/targeted/modules/active/file_contexts.local Then you should be able to rebuild.
policycoreutils-2.1.12-4.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/policycoreutils-2.1.12-4.fc17
Package policycoreutils-2.1.12-4.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing policycoreutils-2.1.12-4.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-16848/policycoreutils-2.1.12-4.fc17 then log in and leave karma (feedback).
Package policycoreutils-2.1.12-5.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing policycoreutils-2.1.12-5.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-16848/policycoreutils-2.1.12-5.fc17 then log in and leave karma (feedback).
policycoreutils-2.1.12-5.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.