On 11/25/2013 03:12 PM, Sven Vermeulen wrote: > Hi all > > I have a report that mentions that the new userspace release does not like > non-MLS policies: > > # semanage fcontext -a -t swapfile_t "/swapfile" > libsepol.context_from_record: MLS is disabled, but MLS context "s0" found (No such file or directory). > libsepol.context_from_record: could not create context structure (Invalid argument). > libsemanage.validate_handler: invalid context system_u:object_r:swapfile_t:s0 specified for /swapfile [all files] (Invalid argument). > libsemanage.dbase_llist_iterate: could not iterate over records (Invalid argument). > OSError: Invalid argument > > # semanage login -a -s staff_u amade > libsemanage.validate_handler: MLS is disabled, but MLS range s0 was found for Unix user amade (No such file or directory). > libsemanage.validate_handler: seuser mapping [amade -> (staff_u, s0)] is invalid (No such file or directory). > libsemanage.dbase_llist_iterate: could not iterate over records (No such file or directory). > OSError: No such file or directory > > Any idea what could be the cause of this? Probably this one.
>From 5102ed4cb81f7eae6300c99b16541582eb7e1f8e Mon Sep 17 00:00:00 2001 From: Dan Walsh <dwalsh@xxxxxxxxxx> Date: Fri, 11 Oct 2013 09:10:31 -0400 Subject: [PATCH] If users of seobject set serange or seuser to "", we need to override. Do not want bad data getting into the system --- policycoreutils/semanage/seobject.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py index e7ece41..e198090 100644 --- a/policycoreutils/semanage/seobject.py +++ b/policycoreutils/semanage/seobject.py @@ -1788,9 +1788,15 @@ class fcontextRecords(semanageRecords): raise ValueError(_("File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead") % (target, i, fdict[i], t)) - def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"): + def __add(self, target, type, ftype = "", serange = "s0", seuser = "system_u"): self.validate(target) + if seuser == "": + seuser = "system_u" + + if serange == "": + serange = "s0" + if is_mls_enabled == 1: serange = untranslate(serange) -- 1.8.3.1