Running targeted/enforcing, latest rawhide.
Today's updates broke lots. Booting hangs with many messages about 'invalid type' from file-contexts, etc.
Anyone seeing this or did I break something?
tom
On Tue, 2005-09-13 at 10:44 -0700, Tom London wrote:
Running targeted/enforcing, latest rawhide.
Today's updates broke lots. Booting hangs with many messages about 'invalid type' from file-contexts, etc.
Anyone seeing this or did I break something?
Looks like libselinux is broken. And in such a manner that it is looking in /etc/selinux/targeted regardless of what /etc/selinux/config says; I am getting similar errors on the _targeted_ file_contexts file on a machine that is supposed to be using strict policy after updating just now. Dan?
On 9/13/05, Stephen Smalley sds@tycho.nsa.gov wrote:
On Tue, 2005-09-13 at 10:44 -0700, Tom London wrote:
Running targeted/enforcing, latest rawhide.
Today's updates broke lots. Booting hangs with many messages about 'invalid type' from file-contexts, etc.
Anyone seeing this or did I break something?
Looks like libselinux is broken. And in such a manner that it is looking in /etc/selinux/targeted regardless of what /etc/selinux/config says; I am getting similar errors on the _targeted_ file_contexts file on a machine that is supposed to be using strict policy after updating just now. Dan?
Will backing out the latest libselinux fix? (the only way I could get 'up and running' was to boot with 'selinux=0').
tom
On Tue, 2005-09-13 at 11:19 -0700, Tom London wrote:
Will backing out the latest libselinux fix? (the only way I could get 'up and running' was to boot with 'selinux=0').
It should. I booted single-user with enforcing=0 and then installed the upstream libselinux 1.26 from our cvs, and it worked fine. Fedora CVS tree has a patch that affects getting the policy type (which seems to be broken, as it always returning targeted even when /etc/selinux/config says strict) and that calls the new libsetrans (which is likely breaking the context validation).
On 9/13/05, Stephen Smalley sds@tycho.nsa.gov wrote:
On Tue, 2005-09-13 at 11:19 -0700, Tom London wrote:
Will backing out the latest libselinux fix? (the only way I could get 'up and running' was to boot with 'selinux=0').
It should. I booted single-user with enforcing=0 and then installed the upstream libselinux 1.26 from our cvs, and it worked fine. Fedora CVS tree has a patch that affects getting the policy type (which seems to be broken, as it always returning targeted even when /etc/selinux/config says strict) and that calls the new libsetrans (which is likely breaking the context validation).
I did 'rpm -Uvh --oldpackage libselinux*-1.25.7-1*' and rebooted.
This appears to 'repair': all appears healthy.
Two comments: 1. During reboot, system detected need to relabel 'automagically'. Relabel completed smoothly and system booted normally. 2. This is the first relabel I have had to do in many, many, many months. Allow me to present well deserved kudos to the Selinux/FC team.
Notably impressed, tom
On Tue, 2005-09-13 at 14:11 -0400, Stephen Smalley wrote:
On Tue, 2005-09-13 at 10:44 -0700, Tom London wrote:
Running targeted/enforcing, latest rawhide.
Today's updates broke lots. Booting hangs with many messages about 'invalid type' from file-contexts, etc.
Anyone seeing this or did I break something?
Looks like libselinux is broken. And in such a manner that it is looking in /etc/selinux/targeted regardless of what /etc/selinux/config says; I am getting similar errors on the _targeted_ file_contexts file on a machine that is supposed to be using strict policy after updating just now. Dan?
Just to confirm, reverting to the upstream libselinux 1.26 (not the patched one in Fedora) makes the system work again for me. Looks like there are two problems, one with respect to getting the policy type and one with respect to context validation (the latter likely related to libsetrans).
Stephen Smalley wrote:
On Tue, 2005-09-13 at 14:11 -0400, Stephen Smalley wrote:
On Tue, 2005-09-13 at 10:44 -0700, Tom London wrote:
Running targeted/enforcing, latest rawhide.
Today's updates broke lots. Booting hangs with many messages about 'invalid type' from file-contexts, etc.
Anyone seeing this or did I break something?
Looks like libselinux is broken. And in such a manner that it is looking in /etc/selinux/targeted regardless of what /etc/selinux/config says; I am getting similar errors on the _targeted_ file_contexts file on a machine that is supposed to be using strict policy after updating just now. Dan?
Just to confirm, reverting to the upstream libselinux 1.26 (not the patched one in Fedora) makes the system work again for me. Looks like there are two problems, one with respect to getting the policy type and one with respect to context validation (the latter likely related to libsetrans).
Yes this is a known problem and will be in tomorrows rawhide. Waiting for the build machine to complete to update my people page.
selinux@lists.fedoraproject.org