I'm updating a custom policy from CentOS 5 to CentOS 6. The module builds successfully, but fails to load: # semodule -i mypolicy.pp /etc/selinux/targeted/contexts/files/file_contexts: Invalid argument libsemanage.semanage_install_active: setfiles returned error code 1. semodule: Failed! It took me some time to work out that the error should have read: File context already exists for /var/run/passenger: mypolicy.fc line 5 Now that I know there is already policy for Passenger, I can adjust mine accordingly. Any chance of getting a more helpful version of the error included in semodule?

Moray. "To err is human; to purr, feline." -- selinux mailing list selinux(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux

From: Daniel J Walsh [mailto:dwalsh@redhat.com] Sent: 04 June 2012 15:23 On 06/04/2012 02:55 AM, Miroslav Grepl wrote: > On 05/31/2012 11:46 AM, Moray Henderson wrote: >> I'm updating a custom policy from CentOS 5 to CentOS 6. The module >> builds successfully, but fails to load: >> >> # semodule -i mypolicy.pp >> /etc/selinux/targeted/contexts/files/file_contexts: Invalid argument >> libsemanage.semanage_install_active: setfiles returned error code 1. >> semodule: Failed! >> >> It took me some time to work out that the error should have read: >> >> File context already exists for /var/run/passenger: mypolicy.fc line >> 5 >> >> Now that I know there is already policy for Passenger, I can adjust >> mine accordingly. Any chance of getting a more helpful version of >> the error included in semodule? > There is a bug > > https://bugzilla.redhat.com/show_bug.cgi?id=822320 >> >> >> Moray. "To err is human; to purr, feline." >> >> >> >> -- selinux mailing list selinux(a)lists.fedoraproject.org >> https://admin.fedoraproject.org/mailman/listinfo/selinux > > -- selinux mailing list selinux(a)lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/selinux > > Not sure this is the right bugzilla. In Fedora 17 I get semodule -i mypol.pp /etc/selinux/targeted/contexts/files/file_contexts: Multiple different specifications for /var/run/passenger(/.*)? (system_u:object_r:passenger_var_run_t:s0 and system_u:object_r:var_run_t:s0). /etc/selinux/targeted/contexts/files/file_contexts: Invalid argument libsemanage.semanage_install_active: setfiles returned error code 1. semodule: Failed!

From: Daniel J Walsh [mailto:dwalsh@redhat.com] Sent: 06 June 2012 13:54 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/06/2012 07:05 AM, Moray Henderson wrote: >> From: Daniel J Walsh [mailto:dwalsh@redhat.com] Sent: 04 June 2012 >> 15:23 >> >> On 06/04/2012 02:55 AM, Miroslav Grepl wrote: >>> On 05/31/2012 11:46 AM, Moray Henderson wrote: >>>> I'm updating a custom policy from CentOS 5 to CentOS 6. The module >>>> builds successfully, but fails to load: >>>> >>>> # semodule -i mypolicy.pp >>>> /etc/selinux/targeted/contexts/files/file_contexts: Invalid >>>> argument >>>> libsemanage.semanage_install_active: setfiles returned error code 1. >>>> semodule: Failed! >>>> >>>> It took me some time to work out that the error should have read: >>>> >>>> File context already exists for /var/run/passenger: mypolicy.fc >>>> line >>>> 5 >>>> >>>> Now that I know there is already policy for Passenger, I can adjust >>>> mine accordingly. Any chance of getting a more helpful version of >>>> the error included in semodule? >>> There is a bug >>> >>> https://bugzilla.redhat.com/show_bug.cgi?id=822320 >>>> >>>> >>>> Moray. "To err is human; to purr, feline." >>>> >>>> >>>> >>>> -- selinux mailing list selinux(a)lists.fedoraproject.org >>>> https://admin.fedoraproject.org/mailman/listinfo/selinux >>> >>> -- selinux mailing list selinux(a)lists.fedoraproject.org >>> https://admin.fedoraproject.org/mailman/listinfo/selinux >>> >>> >> Not sure this is the right bugzilla. >> >> In Fedora 17 I get >> >> semodule -i mypol.pp /etc/selinux/targeted/contexts/files/file_contexts: >> Multiple different specifications for /var/run/passenger(/.*)? >> (system_u:object_r:passenger_var_run_t:s0 and >> system_u:object_r:var_run_t:s0). >> /etc/selinux/targeted/contexts/files/file_contexts: Invalid argument >> libsemanage.semanage_install_active: setfiles returned error code 1. >> semodule: Failed! > > Thanks Daniel, that looks like the one. Would be nice if it could > display which line of the .fc file caused the problem, but if not > there is enough information now to track it down. I couldn't find > "file_contexts multiple different specifications" in Red Hat's > bugzilla, though. There were a few for "file_contexts invalid argument", but none of them describe this issue. > Do you know if that fix from Fedora 17 will get through to RHEL 6? > > > Moray. “To err is human; to purr, feline.” > > > -- selinux mailing list selinux(a)lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/selinux The fix is in libsemanage, actually. Open a bugzilla on libsemanage for this and we will see if libsemanage gets on the approved package list.