Somehow my SElinux config has gotten messed up. When I try to install a module I get the following error:
libsepol.context_from_record: type httpd_prewikka_rw_content_t is not defined (No such file or directory). libsepol.context_from_record: could not create context structure (Invalid argument). libsemanage.validate_handler: invalid context system_u:object_r:httpd_prewikka_rw_content_t:s0 specified for /usr/share/prewikka/htdocs/generated_images [all files] (Invalid argument). libsemanage.dbase_llist_iterate: could not iterate over records (Invalid argument). semodule: Failed!
The httpd_prewikka_rw_content_t does not exist. The directory does exist, but it doesn't matter whether the directory exists or not I still get the error. The problem entry is in
/etc/selinux/targeted/contexts/files/file_contexts.local:/usr/share/prewikka/htdocs/generated_images system_u:object_r:httpd_prewikka_rw_content_t:s0
I have tried using the various selinux tools to correct the problem without success.
My questions are:
1) Can I manually edit the file_contexts.local file and remove the problem entry? 2) Is this sufficient? 3) Do I need to run anything after I remove the entry to get SElinux to work correctly?
Here is al ls -l of /etc/selinux/targeted/contexts/files/
-rw-r--r--. 1 root root 369806 Nov 20 04:44 file_contexts -rw-r--r--. 1 root root 1379785 Aug 22 18:55 file_contexts.bin -rw-r--r--. 1 root root 13169 Nov 20 04:44 file_contexts.homedirs -rw-r--r--. 1 root root 45743 Aug 22 18:55 file_contexts.homedirs.bin -rw-r--r--. 1 root root 1092 Oct 22 18:14 file_contexts.local -rw-r--r--. 1 root root 3936 Aug 22 18:55 file_contexts.local.bin -rw-r--r--. 1 root root 0 Nov 20 04:43 file_contexts.subs -rw-r--r--. 1 root root 474 Nov 20 04:43 file_contexts.subs_dist -rw-r--r--. 1 root root 139 Nov 20 04:43 media
How are the .bin files generated?
Any assistance is greatly appreciated.
Paolo
On 12/07/2015 01:39 PM, Paolo Galtieri wrote:
Somehow my SElinux config has gotten messed up. When I try to install a module I get the following error:
libsepol.context_from_record: type httpd_prewikka_rw_content_t is not defined (No such file or directory). libsepol.context_from_record: could not create context structure (Invalid argument). libsemanage.validate_handler: invalid context system_u:object_r:httpd_prewikka_rw_content_t:s0 specified for /usr/share/prewikka/htdocs/generated_images [all files] (Invalid argument). libsemanage.dbase_llist_iterate: could not iterate over records (Invalid argument). semodule: Failed!
The httpd_prewikka_rw_content_t does not exist. The directory does exist, but it doesn't matter whether the directory exists or not I still get the error. The problem entry is in
/etc/selinux/targeted/contexts/files/file_contexts.local:/usr/share/prewikka/htdocs/generated_images system_u:object_r:httpd_prewikka_rw_content_t:s0
I have tried using the various selinux tools to correct the problem without success.
My questions are:
- Can I manually edit the file_contexts.local file and remove the
problem entry? 2) Is this sufficient? 3) Do I need to run anything after I remove the entry to get SElinux to work correctly?
Here is al ls -l of /etc/selinux/targeted/contexts/files/
-rw-r--r--. 1 root root 369806 Nov 20 04:44 file_contexts -rw-r--r--. 1 root root 1379785 Aug 22 18:55 file_contexts.bin -rw-r--r--. 1 root root 13169 Nov 20 04:44 file_contexts.homedirs -rw-r--r--. 1 root root 45743 Aug 22 18:55 file_contexts.homedirs.bin -rw-r--r--. 1 root root 1092 Oct 22 18:14 file_contexts.local -rw-r--r--. 1 root root 3936 Aug 22 18:55 file_contexts.local.bin -rw-r--r--. 1 root root 0 Nov 20 04:43 file_contexts.subs -rw-r--r--. 1 root root 474 Nov 20 04:43 file_contexts.subs_dist -rw-r--r--. 1 root root 139 Nov 20 04:43 media
How are the .bin files generated?
Any assistance is greatly appreciated.
I would try to reinstall your selinux-policy and selinux-policy-targeted RPMs first:
sudo dnf reinstall selinux-policy selinux-policy-targeted
Then relabel your filesystem by doing:
sudo touch /.autorelabel sudo reboot
You might need to "sudo setenforce 0" to put selinux in permissive mode before the first command. Depends on how screwed up selinux is at this point. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@alldigital.com - - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - - - - "And on the seventh day, He exited from append mode." - ----------------------------------------------------------------------
On 12/07/2015 01:39 PM, Paolo Galtieri wrote:
I have tried using the various selinux tools to correct the problem without success.
I created an entry matching yours and verified that I get the same error when I do something like "semodule -B".
I was able to delete the entry using semanage, though. I'm not sure which tools didn't work for you...
# semanage fcontext -d /usr/share/prewikka/htdocs/generated_images
I tried both system-config-selinux and semanage, and both failed. However, I did not try the -d option to fcontext. I tried this and it worked :-)
I was hoping not to have to reinstall selinux policies and relabel the system.
Thanks, Paolo
On 12/07/2015 02:11 PM, Gordon Messmer wrote:
On 12/07/2015 01:39 PM, Paolo Galtieri wrote:
I have tried using the various selinux tools to correct the problem without success.
I created an entry matching yours and verified that I get the same error when I do something like "semodule -B".
I was able to delete the entry using semanage, though. I'm not sure which tools didn't work for you...
# semanage fcontext -d /usr/share/prewikka/htdocs/generated_images
-
Gordon Messmer -
Paolo Galtieri -
Rick Stevens