rawhide selinux-policy-strict whoopsage...
Daniel J Walsh
dwalsh at redhat.com
Fri Feb 3 19:32:43 UTC 2006
Valdis.Kletnieks at vt.edu wrote:
> On Fri, 03 Feb 2006 13:19:52 EST, Valdis.Kletnieks at vt.edu said:
>
>
>> Committing changes:
>> libsepol.check_assertion_helper: assertion on line 0 violated by allow user_sudo_t user_sudo_t:process { setcurrent };
>> libsepol.check_assertion_helper: assertion on line 0 violated by allow staff_sudo_t staff_sudo_t:process { setcurrent };
>> libsepol.check_assertion_helper: assertion on line 0 violated by allow sysadm_sudo_t sysadm_sudo_t:process { setcurrent };
>> libsepol.check_assertions: 3 assertion violations occured
>> libsemanage.semanage_expand_sandbox: Expand module failed
>> semodule: Failed!
>>
>
> Follow-up - moving sudo.pp out of the way gets me this:
>
> Committing changes:
> /etc/selinux/strict/contexts/files/file_contexts: Multiple same specifications for /usr/sbin/sendmail.postfix.
> /etc/selinux/strict/contexts/files/file_contexts: Multiple different specifications for /var/spool/postfix(/.*)? (system_u:object_r:postfix_spool_t:s0 and system_u:object_r:mail_spool_t:s0).
> genhomedircon: Warning! No support yet for expanding ROLE macros in the /etc/selinux/strict/contexts/files/homedir_template file when using libsemanage.
> genhomedircon: You must manually update file_contexts.homedirs for any non-user_r users (including root).
> Ok: transaction number 101.
>
> Not perfect, but at least I'm back to running a functional 'strict' and only chasing
> quirks rather than total failures. ;)
>
>
>
Those are fixed in tonights rawhide. Currently available on
ftp://people.redhat.com/dwalsh/SELinux/Fedora
I am not seeing the sudo problems???
More information about the fedora-selinux-list
mailing list