On Wed, 2008-01-23 at 18:00 -0800, John Reiser wrote: > Bill Nottingham wrote: > > The snippet you quoted *does* print strerror(errno)... there are > > various other errors that the SELinux routines catch, but they > > aren't propagated up in any way that that patch could catch. > > So it looks like the message for a missing file might be: > Unable to load SELinux policy (No such file or directory). Halting now. > > This is exactly what happened to me in F8, and it was horrible: > https://bugzilla.redhat.com/show_bug.cgi?id=343861 > The ultimate cause was a bug in pungi: > https://bugzilla.redhat.com/show_bug.cgi?id=343851 > but the error was not discovered until install time (anaconda), > and the error message did not give the name of [any] missing file. > > It is unacceptable to say "No such file or directory" unless > it also gives the full literal name of some such file that was > sought, and could have been used (if present and correctly formatted, etc.) > > The missing filename turned out to be: > /etc/selinux/targeted/policy/policy.21 > > *IF* that filename had appeared with the original message: > Can't load policy: no such file or directory > then it would have been *very* much easier to debug and fix. To do that, we'd need to modify the libselinux selinux_mkload_policy function rather than the caller, as the libselinux function encapsulates the policy file location these days. Certainly doable, just needs a patch to report that info on a failure. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
