Stephen Smalley wrote:
On Tue, 2006-05-16 at 16:56 +0100, Paul Howarth wrote:
> Next problem:
>
> I built and tested the package on one system, which was fully up to
> date. Worked fine. Then tried installing the package on other system
> that was running an older kernel and had older libsepol and
> selinux-policy-targeted packages. The result was:
>
> # rpm -Uvh contagged-0.3-2.noarch.rpm
> Preparing... ###########################################
> [100%]
> 1:contagged warning: /etc/httpd/conf.d/contagged.conf
> created as /etc/httpd/conf.d/contagged.conf.rpmnew
> ########################################### [100%]
> libsepol.class_copy_callback: contagged: Modules may not yet declare new
> classes.
> libsemanage.semanage_link_sandbox: Link packages failed
> /usr/sbin/semodule: Failed!
> # rpm -q selinux-policy-targeted libsepol libsemanage
> selinux-policy-targeted-2.2.34-3.fc5
> libsepol-1.12.4-1.fc5
> libsemanage-1.6.2-2.fc5
>
> After doing a "yum update" on this system, the package installed cleanly.
>
> Is this a result of the required feature being missing from one of these
> (or some other) packages, or is a compiled .pp module compatible only
> with the specific version of something it was built against?
I'm confused - I thought you said that the policy package only contained
a file contexts section, not a policy module. Was there a policy
module? If so, what was the source? The above looks like a bug to me.
It contains a policy module, but the module only includes file contexts.
The .if file is empty.
The .te file is just:
---------------------------------------------------------------------
# It's currently only necessary to set file contexts for the cache directory
# in this policy, but doing it in a module is easier from a package
maintenance
# point of view than using semanage and chcon in scriptlets
policy_module(contagged, 0.1)
########################################
#
# Declarations
#
# (none needed)
########################################
#
# Local policy
#
# (none needed)
---------------------------------------------------------------------
The .fc file is:
---------------------------------------------------------------------
/var/cache/contagged(/.*)?
gen_context(system_u:object_r:httpd_cache_t,s0)
---------------------------------------------------------------------
The module was built on a system with:
$ rpm -q selinux-policy-targeted libsepol libsemanage
selinux-policy-targeted-2.2.38-1.fc5
libsepol-1.12.6-1.fc5
libsemanage-1.6.2-2.fc5
The error occurred when the package was installed on a system with:
$ rpm -q selinux-policy-targeted libsepol libsemanage
selinux-policy-targeted-2.2.34-3.fc5
libsepol-1.12.4-1.fc5
libsemanage-1.6.2-2.fc5
Paul.