Policy version mismatch
Moray Henderson
Moray.Henderson at ict-software.org
Tue May 29 16:23:00 UTC 2012
> -----Original Message-----
> From: selinux-bounces at lists.fedoraproject.org [mailto:selinux-
> bounces at lists.fedoraproject.org] On Behalf Of Daniel J Walsh
> Sent: 24 May 2012 20:01
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 05/24/2012 12:24 PM, David Quigley wrote:
> > On 05/24/2012 12:14, Daniel J Walsh wrote: On 05/24/2012 11:05 AM,
> > Moray Henderson wrote:
> >>>> I've got a policy module which works fine when I build and load it
> >>>> on CentOS 5. When I build and try to load it on CentOS 6 it
> >>>> complains:
> >>>>
> >>>> SELinux: Could not downgrade policy file
> >>>> /etc/selinux/targeted/policy/policy.24, searching for an older
> >>>> version. SELinux: Could not open policy file <=
> >>>> /etc/selinux/targeted/policy/policy.24: No such file or directory
> >>>>
> >>>> There's nothing in the policy source specifying version so I would
> >>>> have expected the module automatically to build for the correct
> >>>> policy version when built on CentOS 6. Any pointers where to look
> >>>> or what to do next?
> >>>>
> >>>>
> >>>> Moray. "To err is human; to purr, feline."
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> -- selinux mailing list selinux at lists.fedoraproject.org
> >>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
> >
> >
> > Read
> >
> > http://danwalsh.livejournal.com/49762.html
> >> -- selinux mailing list selinux at lists.fedoraproject.org
> >> https://admin.fedoraproject.org/mailman/listinfo/selinux
> >
> > I don't think your post applies to his question. His email seems to
> > indicate to me that he is building the policy binary on RHEL 6 for
> > RHEL 6 and then on install time its trying to downgrade the policy.
> He
> > is wondering why it didn't just build for the policy version being
> > used by the system.
> >
> > Dave -- selinux mailing list selinux at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/selinux
>
> What policy file did it build?
Have you ever had one of those times when you try to debug a problem, but find your debug tool is broken, so you investigate that, but your investigation tool is broken, so you look into that, but... and so on?
Turns out you get the "Could not downgrade policy file /etc/selinux/targeted/policy/policy.24" error if you're running with SELinux disabled and something tries to install or reload policy: semodule -vR does it. This is on CentOS 6.2. Not sure if it's quite a bug, but a better message would be nice.
Moray.
“To err is human; to purr, feline.”
More information about the selinux
mailing list