selinux Multiple different specifications complaint

Daniel J Walsh dwalsh at redhat.com
Tue Oct 23 20:41:05 UTC 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If you are a newbie and you have selinux disabled, why are you using
strict policy?  I would change to targeted policy and force a relabel.

Strict policy is only for experienced users.  I think at some point you
got a update with an apt policy module, that has screwed up your
policy pool.

yum upgrade selinux-policy-targeted
Change to targeted policy
rpm -e selinux-policy-strict
touch /.autorelabel
reboot

Of course the best solution would be to upgrade to F7 or F8.  :^)


Dave Burns wrote:
>>> /etc/selinux/strict/contexts/files/file_contexts: Multiple different
>>> specifications for /usr/bin/apt-get  [...]
>>>
>>>
>> This means you have both the apt policy and the rpm policy installed at
>> the same time.  Both label the files differently.  Can you remove the
>> apt policy
>>
>> semodule -r apt
> 
> semodule -r apt
> libsepol.context_from_record: invalid security context:
> system_u:object_r:amanda_usr_lib_t:s0
> libsepol.context_from_record: could not create context structure
> libsepol.context_from_string: could not create context structure
> libsepol.sepol_context_to_sid: could not convert
> system_u:object_r:amanda_usr_lib_t:s0 to sid
> /etc/selinux/strict/contexts/files/file_contexts:  line 3124 has
> invalid context system_u:object_r:amanda_usr_lib_t:s0
> libsemanage.semanage_install_active: setfiles returned error code 1.
> /etc/selinux/strict/contexts/files/file_contexts: Multiple different
> specifications for /usr/bin/apt-get  (system_u:object_r:rpm_exec_t:s0
> and system_u:object_r:apt_exec_t:s0).
> /etc/selinux/strict/contexts/files/file_contexts: Multiple different
> specifications for /usr/bin/apt-shell
> (system_u:object_r:rpm_exec_t:s0 and system_u:object_r:apt_exec_t:s0).
> semodule:  Failed!
> 
> 
> More context - I am a selinux newbie and have done nothing (that I
> know of) to alter the default policy that was installed with fc5.
> 
> I thought I had done an autorelabel, but it turns out I was thinking
> of another machine. SELinux is *disabled* on this machine! How
> could/why would apt start nipping my ankles?
> 
> So far as I know, I have no use for amanda. Of course, it may be an
> obscure dependency of something else I love, hard for me to know.
> 
> S0 I re-enabled selinux but set it to permissive after rebooting to do
> an autorelabel. Unfortunately, same errors with some additional info:
> 
> [root at hostname ~]# semodule -r apt
> libsepol.context_from_record: invalid security context:
> system_u:object_r:amanda_usr_lib_t:s0
> libsepol.context_from_record: could not create context structure
> libsepol.context_from_string: could not create context structure
> libsepol.sepol_context_to_sid: could not convert
> system_u:object_r:amanda_usr_lib_t:s0 to sid
> /etc/selinux/strict/contexts/files/file_contexts:  line 3124 has
> invalid context system_u:object_r:amanda_usr_lib_t:s0
> libsemanage.semanage_install_active: setfiles returned error code 1.
> libsemanage.semanage_exec_prog: Child process /usr/sbin/load_policy
> did not exit cleanly.
> libsemanage.semanage_reload_policy: load_policy returned error code -1.
> semodule:  Failed!
> [root at hostname ~]#
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: Oops: 0000 [#1]
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: SMP
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: CPU:    1
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: EIP:    0060:[<c04c9adc>]    Not tainted VLI
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: EFLAGS: 00010246   (2.6.20-1.2320.fc5smp #1)
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: EIP is at symhash+0xc/0x33
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: eax: 00000000   ebx: f6f8afe0   ecx: ffffffff   edx: 00000000
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: esi: f6f8afe0   edi: 00000000   ebp: ed613cf4   esp: ed613cbc
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: ds: 007b   es: 007b   ss: 0068
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: Process load_policy (pid: 3158, ti=ed613000
> task=f6af3320 task.ti=ed613000)
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: Stack: f6f8afe0 ed613f14 00000000 c04c989a 00000000
> ed613f14 f668c7c4 c04cf78b
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel:        00000040 00000000 00000001 00000002 00000000
> 00000001 00000000 00000000
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel:        00000001 00000000 00000000 dcc8fcc4 ed613ecc
> c04c9de2 000000ff f668c7c0
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel: Call Trace:
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel:  [<c0
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel:  [<c04cf78b>] convert_context+0xc9/0x1f4
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 20
> ca
> 
> Message from sysl
> hostname kernel:  [<
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel:  [<c04cf6c2>] convert_context+0x0/0x1f4
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel:  [<c04ced79>] security_load_policy+0x1a0/0x26e
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel:  [<c042677b>] __call_console_drivers+0x4f/0x5b
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel:  [<c04c215b>] avc_audit+0xcc3/0xcce
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel:  [<c045727c>] __alloc_pages+0x68/0x2aa
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel:  [<c04200fd>] task_running_tick+0x2d/0x237
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel:  [<c04236be>] scheduler_tick+0x7c/0xdc
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel:  [<c04c7f6f>] sel_write_load+0x
> 
> 
> hostname kernel:  [<c04c7edb>] sel_write_load+0x0/0x2cb
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel:  [<c04706e4>]
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel:  [<c0470cff>] sys_write+0x41/0x67
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel:  [<
> 
> Message from syslogd at hostname at Tue Oct 23 10:00:52 2007 ...
> hostname kernel:  =======================
> 
> Message from syslogd at hostname at Tue Oct 23
> hostname kernel: Code: db e8 20 27 fa ff eb 0e 8b 03 c7 04 90 00 00 00
> 00 42 39 f2 75 f2 89 d8 5b 5e 5f 5d c3 90 90 57 83 c9 ff 56 89 d7 89
> c6 31
> 
> Message from syslogd at hostname at T
> hostname kernel: EIP: [<c04c9adc>] symhash+0xc/0x33 SS:ESP 0068:ed613cbc
> 
> Whoa dude!
> 
> Dave
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD4DBQFHHlxhrlYvE4MpobMRAmvKAKDfDS7Md7Bhrfs8MseLuT4y6ejoCQCXX3Ax
XCAHdUl4zc58iinXm+SMAA==
=VXtf
-----END PGP SIGNATURE-----

More information about the fedora-list mailing list