rawhide selinux-policy-strict whoopsage...

[Valdis.Kletnieks at vt.edu]

On Fri, 03 Feb 2006 13:19:52 EST, Valdis.Kletnieks at vt.edu said:

> Committing changes:
> libsepol.check_assertion_helper: assertion on line 0 violated by allow user_sudo_t user_sudo_t:process { setcurrent };
> libsepol.check_assertion_helper: assertion on line 0 violated by allow staff_sudo_t staff_sudo_t:process { setcurrent };
> libsepol.check_assertion_helper: assertion on line 0 violated by allow sysadm_sudo_t sysadm_sudo_t:process { setcurrent };
> libsepol.check_assertions: 3 assertion violations occured
> libsemanage.semanage_expand_sandbox: Expand module failed
> semodule:  Failed!

Follow-up - moving sudo.pp out of the way gets me this:

Committing changes:
/etc/selinux/strict/contexts/files/file_contexts: Multiple same specifications for /usr/sbin/sendmail.postfix.
/etc/selinux/strict/contexts/files/file_contexts: Multiple different specifications for /var/spool/postfix(/.*)?  (system_u:object_r:postfix_spool_t:s0 and system_u:object_r:mail_spool_t:s0).
genhomedircon:  Warning!  No support yet for expanding ROLE macros in the /etc/selinux/strict/contexts/files/homedir_template file when using libsemanage.
genhomedircon:  You must manually update file_contexts.homedirs for any non-user_r users (including root).
Ok: transaction number 101.

Not perfect, but at least I'm back to running a functional 'strict' and only chasing
quirks rather than total failures. ;)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20060203/b70fbfdd/attachment.sig>