On 03. 02. 22 14:35, Geert Janssens wrote:
Hi,
I have a minimal Fedora 35 box that's configured as a mail server. It started life as a Fedora 33 system and got upgraded to 35 yesterday in an attempt to fix the following error I was getting.
I am trying to set an selinux boolean using the following command:
setsebool -P rsync_client 1
This returns the following output: libsepol.context_from_record: type avahi_conf_t is not defined libsepol.context_from_record: could not create context structure libsepol.context_from_string: could not create context structure libsepol.sepol_context_to_sid: could not convert system_u:object_r:avahi_conf_t:s0 to sid invalid context system_u:object_r:avahi_conf_t:s0 Failed to commit changes to booleans: Success
Aside from the last line being very confusing the boolean seems to be set but the setting won't persist across reboots. I suspect the error lines hint at the problem but a search on the net didn't reveal what's going on.
As mentioned this was already happening while the system was still Fedora 33 (though the undefined type then was something with dns). I hoped it would get fixed with an upgrade to Fedora 35, but it only changed the type that's undefined.
What's going on here and how can I solve this ?
Hi, could you please share which version of selinux-policy you are on and if you have any custom policy modules ("sudo semodule -lfull | grep -v 100")?
avahi_conf_t was only added recently (F34 I believe), which explains why you didn't see it before. Does policy rebuild work properly ("sudo semodule -B")? If not, does selinux-policy and selinux-policy-targeted reinstall do any difference?
Vit
selinux mailing list -- selinux@lists.fedoraproject.org To unsubscribe send an email to selinux-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.or... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure