Re: SELinux upgrade issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 08/28/2009 12:22 PM, Moray Henderson (ICT) wrote:
> Just encountered an interesting issue, and wondered if anyone had seen anything like it before.  One of the packages I add to my CentOS-based build is a custom SELinux policy (FX: screaming, running away).  During a fresh install, it works perfectly:
> 
> # grep selinux install.log
> Installing libselinux-1.33.4-5.1.el5.i386
> Installing libselinux-python-1.33.4-5.1.el5.i386
> Installing libselinux-utils-1.33.4-5.1.el5.i386
> Installing selinux-policy-2.4.6-203.el5.noarch
> Installing selinux-policy-targeted-2.4.6-203.el5.noarch
> Installing sls-selinux-policy-1.0-3.sls17.noarch
> Installing selinux-policy-devel-2.4.6-203.el5.noarch
> 
> But during an upgrade from CentOS 4, this happens:
> 
> # grep selinux /root/upgrade.log
> Upgrading libselinux-1.33.4-5.1.el5.i386
> Upgrading libselinux-python-1.33.4-5.1.el5.i386
> Upgrading libselinux-utils-1.33.4-5.1.el5.i386
> Upgrading selinux-policy-2.4.6-203.el5.noarch
> Upgrading selinux-policy-targeted-2.4.6-203.el5.noarch
> Upgrading sls-selinux-policy-1.0-3.sls17.noarch
> libsemanage.semanage_make_sandbox: Could not copy files to sandbox /etc/selinux/targeted/modules/tmp.
> /usr/sbin/semodule:  Failed on /usr/share/selinux/targeted/sls.pp!
> Upgrading selinux-policy-devel-2.4.6-203.el5.noarch
> warning: /etc/selinux/targeted/policy/policy.18 saved as /etc/selinux/targeted/policy/policy.18.rpmsave
> 
> Once anaconda has finished and is on the "installation complete" screen, I can switch to Alt-F2 and say
> 
> chroot /mnt/sysimage
> /usr/sbin/semodule -i /usr/share/selinux/targeted/sls.pp -s targeted
> 
> and now the module installs and loads at the next boot.  Any ideas how to get it to install properly the first time?
> 
> 
> Moray.
> "To err is human.  To purr, feline"
> 
> 
> 
> _______________________________________________
> Kickstart-list mailing list
> Kickstart-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/kickstart-list
I think you want to make sure selinux-policy-targeted post install is finished before you run your post.

Something like

Requires(post): selinux-policy-targeted

_______________________________________________
Kickstart-list mailing list
Kickstart-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/kickstart-list
[Index of Archives]     [Red Hat General]     [CentOS Users]     [Fedora Users]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux