selinux Multiple different specifications complaint
Daniel J Walsh
dwalsh at redhat.com
Tue Oct 23 20:41:05 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
If you are a newbie and you have selinux disabled, why are you using
strict policy? I would change to targeted policy and force a relabel.
Strict policy is only for experienced users. I think at some point you
got a update with an apt policy module, that has screwed up your
policy pool.
yum upgrade selinux-policy-targeted
Change to targeted policy
rpm -e selinux-policy-strict
touch /.autorelabel
reboot
Of course the best solution would be to upgrade to F7 or F8. :^)
Dave Burns wrote:
>>> /etc/selinux/strict/contexts/files/file_contexts: Multiple different
>>> specifications for /usr/bin/apt-get [...]
>>>
>>>
>> This means you have both the apt policy and the rpm policy installed at
>> the same time. Both label the files differently. Can you remove the
>> apt policy
>>
>> semodule -r apt
>
> semodule -r apt
> libsepol.context_from_record: invalid security context:
> system_u:object_r:amanda_usr_lib_t:s0
> libsepol.context_from_record: could not create context structure
> libsepol.context_from_string: could not create context structure
> libsepol.sepol_context_to_sid: could not convert
> system_u:object_r:amanda_usr_lib_t:s0 to sid
> /etc/selinux/strict/contexts/files/file_contexts: line 3124 has
> invalid context system_u:object_r:amanda_usr_lib_t:s0
> libsemanage.semanage_install_active: setfiles returned error code 1.
> /etc/selinux/strict/contexts/files/file_contexts: Multiple different
> specifications for /usr/bin/apt-get (system_u:object_r:rpm_exec_t:s0
> and system_u:object_r:apt_exec_t:s0).
> /etc/selinux/strict/contexts/files/file_contexts: Multiple different
> specifications for /usr/bin/apt-shell
> (system_u:object_r:rpm_exec_t:s0 and system_u:object_r:apt_exec_t:s0).
> semodule: Failed!
>
>
> More context - I am a selinux newbie and have done nothing (that I
> know of) to alter the default policy that was installed with fc5.
>
> I thought I had done an autorelabel, but it turns out I was thinking
> of another machine. SELinux is *disabled* on this machine! How
> could/why would apt start nipping my ankles?
>
> So far as I know, I have no use for amanda. Of course, it may be an
> obscure dependency of something else I love, hard for me to know.
>
> S0 I re-enabled selinux but set it to permissive after rebooting to do
> an autorelabel. Unfortunately, same errors with some additional info:
>
> [root at hostname ~]# semodule -r apt
> libsepol.context_from_record: invalid security context:
> system_u:object_r:amanda_usr_lib_t:s0
> libsepol.context_from_record: could not create context structure
> libsepol.context_from_string: could not create context structure
> libsepol.sepol_context_to_sid: could not convert
> system_u:object_r:amanda_usr_lib_t:s0 to sid
> /etc/selinux/strict/contexts/files/file_contexts: line 3124 has
> invalid context system_u:object_r:amanda_usr_lib_t:s0
> libsemanage.semanage_install_active: setfiles returned error code 1.
> libsemanage.semanage_exec_prog: Child process /usr/sbin/load_policy
> did not exit cleanly.
> libsemanage.semanage_reload_policy: load_policy returned error code -1.
> semodule: Failed!
> [root at hostname ~]#
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: Oops: 0000 [#1]
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: SMP
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: CPU: 1
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: EIP: 0060:[<c04c9adc>] Not tainted VLI
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: EFLAGS: 00010246 (2.6.20-1.2320.fc5smp #1)
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: EIP is at symhash+0xc/0x33
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: eax: 00000000 ebx: f6f8afe0 ecx: ffffffff edx: 00000000
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: esi: f6f8afe0 edi: 00000000 ebp: ed613cf4 esp: ed613cbc
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: ds: 007b es: 007b ss: 0068
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: Process load_policy (pid: 3158, ti=ed613000
> task=f6af3320 task.ti=ed613000)
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: Stack: f6f8afe0 ed613f14 00000000 c04c989a 00000000
> ed613f14 f668c7c4 c04cf78b
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: 00000040 00000000 00000001 00000002 00000000
> 00000001 00000000 00000000
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: 00000001 00000000 00000000 dcc8fcc4 ed613ecc
> c04c9de2 000000ff f668c7c0
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: Call Trace:
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: [<c0
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: [<c04cf78b>] convert_context+0xc9/0x1f4
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 20
> ca
>
> Message from sysl
> hostname kernel: [<
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: [<c04cf6c2>] convert_context+0x0/0x1f4
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: [<c04ced79>] security_load_policy+0x1a0/0x26e
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: [<c042677b>] __call_console_drivers+0x4f/0x5b
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: [<c04c215b>] avc_audit+0xcc3/0xcce
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: [<c045727c>] __alloc_pages+0x68/0x2aa
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: [<c04200fd>] task_running_tick+0x2d/0x237
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: [<c04236be>] scheduler_tick+0x7c/0xdc
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: [<c04c7f6f>] sel_write_load+0x
>
>
> hostname kernel: [<c04c7edb>] sel_write_load+0x0/0x2cb
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: [<c04706e4>]
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: [<c0470cff>] sys_write+0x41/0x67
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: [<
>
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: =======================
>
> Message from syslogd at hostname at Tue Oct 23
> hostname kernel: Code: db e8 20 27 fa ff eb 0e 8b 03 c7 04 90 00 00 00
> 00 42 39 f2 75 f2 89 d8 5b 5e 5f 5d c3 90 90 57 83 c9 ff 56 89 d7 89
> c6 31
>
> Message from syslogd at hostname at T
> hostname kernel: EIP: [<c04c9adc>] symhash+0xc/0x33 SS:ESP 0068:ed613cbc
>
> Whoa dude!
>
> Dave
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD4DBQFHHlxhrlYvE4MpobMRAmvKAKDfDS7Md7Bhrfs8MseLuT4y6ejoCQCXX3Ax
XCAHdUl4zc58iinXm+SMAA==
=VXtf
-----END PGP SIGNATURE-----
More information about the fedora-list
mailing list