I posted this message to the fedora-list mailing list, but I haven't as of yet gotten any answer. Could someone here shed some light on the errors I'm seeing?
Thanks.
--- Vladimir
To: fedora-list@redhat.com Date: Wed, 26 Oct 2005 00:30:15 -0700 Subject: SELinux errors
I'm getting lots of errors like:
/etc/selinux/targeted/contexts/files/file_contexts: line 1851 has invalid context system_u:object_r:texrel_shlib_t /etc/selinux/targeted/contexts/files/file_contexts.homedirs: line 14 has invalid context user_u:object_r:user_home_dir_t
when I run "rpm -V selinux-policy-targeted". (As far as I can tell, every non-null, non-comment line in /etc/..../files/* generates an error.)
In my syslog I have thousands of errors like:
Oct 26 00:21:16 bach kernel: inode_doinit_with_dentry: context_to_sid(system_u:object_r:policy_src_t:s0) returned 22 for dev=sda4 ino=1145588 Oct 26 00:21:16 bach kernel: inode_doinit_with_dentry: context_to_sid(system_u:object_r:policy_src_t:s0) returned 22 for dev=sda4 ino=266929
which I assume are related.
I've tried reinstalling the RPMs selinux-policy-targeted and selinux-policy-targeted-sources, and then booting with selinux=0, running "fixfiles relabel" and then rebooting normally. No change.
I've tried googling, but I didn't find anything. Any advice (other than turning SELinux off)?
Thanks.
--- Vladimir
kernel-smp-2.6.13-1.1532_FC4
checkpolicy-1.23.1-1 libselinux-1.26-1 libselinux-devel-1.26-1 policycoreutils-1.27.2-1.2 selinux-doc-1.19.5-1 selinux-policy-strict-1.27.1-2.6 selinux-policy-strict-sources-1.27.1-2.6 selinux-policy-targeted-1.27.1-2.6 selinux-policy-targeted-sources-1.27.1-2.6 setools-2.1.2-1.1
Vladimir G. Ivanovic wrote:
I posted this message to the fedora-list mailing list, but I haven't as of yet gotten any answer. Could someone here shed some light on the errors I'm seeing?
Thanks.
--- Vladimir
To: fedora-list@redhat.com Date: Wed, 26 Oct 2005 00:30:15 -0700 Subject: SELinux errors
I'm getting lots of errors like:
/etc/selinux/targeted/contexts/files/file_contexts: line 1851 has invalid context system_u:object_r:texrel_shlib_t /etc/selinux/targeted/contexts/files/file_contexts.homedirs: line 14 has invalid context user_u:object_r:user_home_dir_t
when I run "rpm -V selinux-policy-targeted". (As far as I can tell, every non-null, non-comment line in /etc/..../files/* generates an error.)
In my syslog I have thousands of errors like:
Oct 26 00:21:16 bach kernel: inode_doinit_with_dentry: context_to_sid(system_u:object_r:policy_src_t:s0) returned 22 for dev=sda4 ino=1145588 Oct 26 00:21:16 bach kernel: inode_doinit_with_dentry: context_to_sid(system_u:object_r:policy_src_t:s0) returned 22 for dev=sda4 ino=266929
which I assume are related.
I've tried reinstalling the RPMs selinux-policy-targeted and selinux-policy-targeted-sources, and then booting with selinux=0, running "fixfiles relabel" and then rebooting normally. No change.
I've tried googling, but I didn't find anything. Any advice (other than turning SELinux off)?
Thanks.
--- Vladimir
kernel-smp-2.6.13-1.1532_FC4
checkpolicy-1.23.1-1 libselinux-1.26-1 libselinux-devel-1.26-1 policycoreutils-1.27.2-1.2 selinux-doc-1.19.5-1 selinux-policy-strict-1.27.1-2.6 selinux-policy-strict-sources-1.27.1-2.6 selinux-policy-targeted-1.27.1-2.6 selinux-policy-targeted-sources-1.27.1-2.6 setools-2.1.2-1.1
You have a mismatch of FC4 policy with an FC5 libselinux. Basically you are running in a mode that thinks it should have MCS turned on. You need to revert back to an older libselinux.
Bingo! (Thanks.)
Note to self: When replacing *important* libraries like libselinux.so, don't just blast the unwanted RPM package away, figuring on then installing the new one. Instead, use --oldpackage or --force to replace the unwanted package with the desired one in atomic operation. Failure to do so will make both rpm and yum (and many other programs) unusable.
--- Vladimir
Vladimir G. Ivanovic wrote:
Note to self: When replacing *important* libraries like libselinux.so, don't just blast the unwanted RPM package away, figuring on then installing the new one. Instead, use --oldpackage or --force to replace the unwanted package with the desired one in atomic operation. Failure to do so will make both rpm and yum (and many other programs) unusable.
Is the above advisable ? Does this mean that "rpm -U" or even "yum update" would be inappropriate ?
Davide Bolcioni
Davide Bolcioni asks:
Vladimir G. Ivanovic wrote: vgi> Note to self: When replacing *important* libraries like vgi> libselinux.so, don't just blast the unwanted RPM vgi> package away, figuring on then installing the new one. vgi> Instead, use --oldpackage or --force to vgi> replace the unwanted package with the desired one in vgi> atomic operation. Failure to do so will make both rpm vgi> and yum (and many other programs) unusable.
db> Is the above advisable ? Does this mean that "rpm -U" or db> even "yum update" would be inappropriate ?
"rpm -U" and "yum update" do not (AFAIK) install older versions. My advice applies only when one is going backwards in versions.
--- Vladimir
selinux@lists.fedoraproject.org