"Could not change policy booleans"

Paul Howarth paul at city-fan.org
Thu Jun 14 14:45:28 UTC 2007


Daniel J Walsh wrote:
> Stephen Smalley wrote:
>> On Wed, 2007-06-13 at 14:35 +0100, Paul Howarth wrote:
>>  
>>> Stephen Smalley wrote:
>>>    
>>>> On Wed, 2007-06-13 at 10:00 +0100, Paul Howarth wrote:
>>>>      
>>>>> Daniel J Walsh wrote:
>>>>>        
>>>>>> Paul Howarth wrote:
>>>>>>          
>>>>>>> Nils Caspar wrote:
>>>>>>>            
>>>>>>>>> That should have been solved by an update to dbus in fc6 a 
>>>>>>>>> month ago.
>>>>>>>>>                 
>>>>>>>> What Fedora
>>>>>>>>              
>>>>>>>>> release are you running? Are you completely updated?
>>>>>>>>>                 
>>>>>>>> I'm running a full updated fedora 7.
>>>>>>>>
>>>>>>>>              
>>>>>>>>> That should have worked. That should be the correct syntax. Was 
>>>>>>>>> there
>>>>>>>>>                 
>>>>>>>> an avc
>>>>>>>>              
>>>>>>>>> associated with trying to set this?
>>>>>>>>>                 
>>>>>>>> There was no other warning.
>>>>>>>>
>>>>>>>> I have the same problem in an other fedora 7 VM. Maybe it's a 
>>>>>>>> fedora 7
>>>>>>>> bug... :(
>>>>>>>>               
>>>>>>> I've just hit the same problem on a fresh Fedora 7 install, with 
>>>>>>> all released updates.
>>>>>>>
>>>>>>> Paul.
>>>>>>>
>>>>>>> -- 
>>>>>>> fedora-selinux-list mailing list
>>>>>>> fedora-selinux-list at redhat.com
>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>>>>>>             
>>>>>> Does this fix the problem?
>>>>>>
>>>>>> restorecon -R -v /etc/selinux/targeted
>>>>>>           
>>>>> No; there are no AVC denials in the audit log (at least not 
>>>>> relating to this...) so I don't think it's an SELinux permissions 
>>>>> issue.
>>>>>
>>>>> Updating to the latest selinux package updates from updates-testing 
>>>>> hasn't helped either.
>>>>>         
>>>> Bug in setsebool (it is actually succeeding, but falling through to the
>>>> error path and thus incorrectly saying that it failed, as a result of a
>>>> "build fix").  Fixed in policycoreutils 2.0.21.
>>>>       
>>> Ah, saves me having to put something in an initscript :-)
>>>
>>> FC7 has policycoreutils-2.0.16-5.fc7 (from updates-testing), which 
>>> seems a long way behind 2.0.21. Is a fix likely any time soon?
>>>     
>>
>> I sent Dan the patch separately as well, in case he wants to just apply
>> it without updating otherwise.
>>   
> Fixed in policycoreutils 
> <https://admin.fedoraproject.org/updates/policycoreutils>-2.0.16-6.fc7

Thanks.

On an unrelated issue, where does the version number in the 
selinux-policy package come from? Upstream seems to do date-based 
releases rather than version number-based. I ask because I need to 
update my policy module for mod_fcgid and I'll need different versions 
for F7 (using patterns) and older releases (using create_file_perms etc.).

Paul.




More information about the fedora-selinux-list mailing list