So an individual was following https://bugzilla.redhat.com/show_bug.cgi?id=1253926 and wanted to download the latest patch from koji to upgrade his selinux policy manually. It looks like he downloaded rpm: selinux-policy-3.13.1-128.12.fc22.noarch.rpm and he said that on reboot, his system froze and stated that the selinux policy could not be loaded. I sent him an email asking him to grep the RPM db to see what selinux packages were installed (thinking that he forgot to download and install the selinux-policy-targeted package). Below is what he sent back...it does not look like the targeted packages is installed on his system. Since I am at work, I do not have access to a F22 workstation to see what is installed by default. Any suggestions? Devon
Subject: Re: SELINUX Issue From: avg1209@zoho.com To: devo8604@outlook.com Date: Tue, 25 Aug 2015 14:27:08 -0400
Hi Devon, Here you are: [ag@prhost1 ~]$ rpm -qa | grep selinux* libselinux-2.3-10.fc22.x86_64libselinux-python-2.3-10.fc22.x86_64selinux-policy-3.13.1-128.10.fc22.noarchselinux-policy-devel-3.13.1-128.10.fc22.noarchrpm-plugin-selinux-4.12.0.1-12.fc22.x86_64libselinux-utils-2.3-10.fc22.x86_64libselinux-2.3-10.fc22.i686 Here is what I did today: - I downloaded and installed following RPM from http://koji.fedoraproject.org/koji/buildinfo?buildID=679465 428500 Aug 25 10:58 selinux-policy-3.13.1-128.12.fc22.noarch.rpm - rebooted and got the error "Failed to load SELinux policy, freezing"- set "selinux=0" kernel parameter and booted- downgraded: "dnf downgrade selinux-policy-3.13.1-128.10.fc22.noarch" I am currently in this state. But it looks like at every boot it tries to relabel the whole system, it takes way too long and that is why I am still booting with "selinux=0" to be able to work. Could you recommend how can I return to what I had before all my steps described above? I will rather wait for the official update of the selinux-policy package, which I guess will eb thoroughly tested. Thank you,- Andrew -----Original Message-----From: Devon Smith devo8604@outlook.comTo: avg1209@zoho.com avg1209@zoho.comSubject: SELINUX IssueDate: Tue, 25 Aug 2015 12:09:16 -0600
Andrew, can you do me a favor and run: rpm -qa | grep selinux* There should be at least two selinux policy rpms installed, selinux-policy and selinux-targeted? Did you download/install the updated rpm for both or just selinux-policy. That could cause some issues Devon J. Smith
Please disregard, the individual found the missing package he needed to install....its working now.
From: devo8604@outlook.com To: test@lists.fedoraproject.org Subject: FW: SELINUX update Issue F22 Date: Tue, 25 Aug 2015 12:34:59 -0600
So an individual was following https://bugzilla.redhat.com/show_bug.cgi?id=1253926 and wanted to download the latest patch from koji to upgrade his selinux policy manually. It looks like he downloaded rpm: selinux-policy-3.13.1-128.12.fc22.noarch.rpm and he said that on reboot, his system froze and stated that the selinux policy could not be loaded. I sent him an email asking him to grep the RPM db to see what selinux packages were installed (thinking that he forgot to download and install the selinux-policy-targeted package). Below is what he sent back...it does not look like the targeted packages is installed on his system. Since I am at work, I do not have access to a F22 workstation to see what is installed by default. Any suggestions? Devon
Subject: Re: SELINUX Issue From: avg1209@zoho.com To: devo8604@outlook.com Date: Tue, 25 Aug 2015 14:27:08 -0400
Hi Devon, Here you are: [ag@prhost1 ~]$ rpm -qa | grep selinux* libselinux-2.3-10.fc22.x86_64libselinux-python-2.3-10.fc22.x86_64selinux-policy-3.13.1-128.10.fc22.noarchselinux-policy-devel-3.13.1-128.10.fc22.noarchrpm-plugin-selinux-4.12.0.1-12.fc22.x86_64libselinux-utils-2.3-10.fc22.x86_64libselinux-2.3-10.fc22.i686 Here is what I did today: - I downloaded and installed following RPM from http://koji.fedoraproject.org/koji/buildinfo?buildID=679465 428500 Aug 25 10:58 selinux-policy-3.13.1-128.12.fc22.noarch.rpm - rebooted and got the error "Failed to load SELinux policy, freezing"- set "selinux=0" kernel parameter and booted- downgraded: "dnf downgrade selinux-policy-3.13.1-128.10.fc22.noarch" I am currently in this state. But it looks like at every boot it tries to relabel the whole system, it takes way too long and that is why I am still booting with "selinux=0" to be able to work. Could you recommend how can I return to what I had before all my steps described above? I will rather wait for the official update of the selinux-policy package, which I guess will eb thoroughly tested. Thank you,- Andrew -----Original Message-----From: Devon Smith devo8604@outlook.comTo: avg1209@zoho.com avg1209@zoho.comSubject: SELINUX IssueDate: Tue, 25 Aug 2015 12:09:16 -0600
Andrew, can you do me a favor and run: rpm -qa | grep selinux* There should be at least two selinux policy rpms installed, selinux-policy and selinux-targeted? Did you download/install the updated rpm for both or just selinux-policy. That could cause some issues Devon J. Smith