Poor error when loading policy module

Daniel J Walsh dwalsh at redhat.com
Wed Jun 6 12:53:50 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/06/2012 07:05 AM, Moray Henderson wrote:
>> From: Daniel J Walsh [mailto:dwalsh at redhat.com] Sent: 04 June 2012 15:23
>> 
>> On 06/04/2012 02:55 AM, Miroslav Grepl wrote:
>>> On 05/31/2012 11:46 AM, Moray Henderson wrote:
>>>> I'm updating a custom policy from CentOS 5 to CentOS 6.  The module 
>>>> builds successfully, but fails to load:
>>>> 
>>>> # semodule -i mypolicy.pp 
>>>> /etc/selinux/targeted/contexts/files/file_contexts: Invalid argument 
>>>> libsemanage.semanage_install_active: setfiles returned error code 1. 
>>>> semodule:  Failed!
>>>> 
>>>> It took me some time to work out that the error should have read:
>>>> 
>>>> File context already exists for /var/run/passenger: mypolicy.fc line 
>>>> 5
>>>> 
>>>> Now that I know there is already policy for Passenger, I can adjust 
>>>> mine accordingly.  Any chance of getting a more helpful version of 
>>>> the error included in semodule?
>>> There is a bug
>>> 
>>> https://bugzilla.redhat.com/show_bug.cgi?id=822320
>>>> 
>>>> 
>>>> Moray. "To err is human; to purr, feline."
>>>> 
>>>> 
>>>> 
>>>> -- selinux mailing list selinux at lists.fedoraproject.org 
>>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>> 
>>> -- selinux mailing list selinux at lists.fedoraproject.org 
>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>> 
>>> 
>> Not sure this is the right bugzilla.
>> 
>> In Fedora 17 I get
>> 
>> semodule -i mypol.pp /etc/selinux/targeted/contexts/files/file_contexts:
>> Multiple different specifications for /var/run/passenger(/.*)? 
>> (system_u:object_r:passenger_var_run_t:s0 and 
>> system_u:object_r:var_run_t:s0). 
>> /etc/selinux/targeted/contexts/files/file_contexts: Invalid argument 
>> libsemanage.semanage_install_active: setfiles returned error code 1. 
>> semodule:  Failed!
> 
> Thanks Daniel, that looks like the one.  Would be nice if it could display
> which line of the .fc file caused the problem, but if not there is enough
> information now to track it down.  I couldn't find "file_contexts multiple
> different specifications" in Red Hat's bugzilla, though.  There were a few
> for "file_contexts invalid argument", but none of them describe this issue.
> Do you know if that fix from Fedora 17 will get through to RHEL 6?
> 
> 
> Moray. “To err is human; to purr, feline.”
> 
> 
> -- selinux mailing list selinux at lists.fedoraproject.org 
> https://admin.fedoraproject.org/mailman/listinfo/selinux

The fix is in libsemanage, actually.  Open a bugzilla on libsemanage for this
and we will see if libsemanage gets on the approved package list.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/PUt4ACgkQrlYvE4MpobNJngCeMox2q5sr/UVFahD0WcZKTOa8
ACkAnjK/DYjbRYl4AuhIxrwpB6TiY4IF
=1n+O
-----END PGP SIGNATURE-----

More information about the selinux mailing list