On Tue, 2005-09-13 at 10:44 -0700, Tom London wrote: > Running targeted/enforcing, latest rawhide. > > Today's updates broke lots. Booting hangs with many messages about > 'invalid type' from file-contexts, etc. > > Anyone seeing this or did I break something? Looks like libselinux is broken. And in such a manner that it is looking in /etc/selinux/targeted regardless of what /etc/selinux/config says; I am getting similar errors on the _targeted_ file_contexts file on a machine that is supposed to be using strict policy after updating just now. Dan?

On Tue, 2005-09-13 at 11:19 -0700, Tom London wrote: > Will backing out the latest libselinux fix? (the only way I could get > 'up and running' was to boot with 'selinux=0'). It should. I booted single-user with enforcing=0 and then installed the upstream libselinux 1.26 from our cvs, and it worked fine. Fedora CVS tree has a patch that affects getting the policy type (which seems to be broken, as it always returning targeted even when /etc/selinux/config says strict) and that calls the new libsetrans (which is likely breaking the context validation).

On Tue, 2005-09-13 at 14:11 -0400, Stephen Smalley wrote: >On Tue, 2005-09-13 at 10:44 -0700, Tom London wrote: > > >>Running targeted/enforcing, latest rawhide. >> >>Today's updates broke lots. Booting hangs with many messages about >>'invalid type' from file-contexts, etc. >> >>Anyone seeing this or did I break something? >> >> >Looks like libselinux is broken. And in such a manner that it is >looking in /etc/selinux/targeted regardless of what /etc/selinux/config >says; I am getting similar errors on the _targeted_ file_contexts file >on a machine that is supposed to be using strict policy after updating >just now. Dan? > > Just to confirm, reverting to the upstream libselinux 1.26 (not the patched one in Fedora) makes the system work again for me. Looks like there are two problems, one with respect to getting the policy type and one with respect to context validation (the latter likely related to libsetrans).