postfix, procmail and SELinux - No Go

Marc Schwartz MSchwartz at mn.rr.com
Tue Jun 20 12:54:58 UTC 2006 

On Tue, 2006-06-20 at 13:26 +0100, Paul Howarth wrote:
> Stephen Smalley wrote:
> > On Tue, 2006-06-20 at 08:08 +0100, Paul Howarth wrote:
> >> On Mon, 2006-06-19 at 15:34 -0500, Marc Schwartz (via MN) wrote:
> >>> Thanks Paul!
> >>>
> >>> OK, so the building goes OK, but now when I try to install the modules,
> >>> I get the following error:
> >>>
> >>> # /usr/sbin/semodule -i procmail.pp
> >>> libsepol.class_copy_callback: procmail: Modules may not yet declare new classes.
> >>> libsemanage.semanage_link_sandbox: Link packages failed
> >>> /usr/sbin/semodule:  Failed!
> >>>
> >>>
> >>> This occurs with each of the 5 modules.
> >>>
> >>> Due to the recent change as well or is there something else that I need
> >>> to do before installing the new module(s)?
> >> Not sure what that is. Can you try rebuilding all of the modules?
> >>
> >> # rm *.pp
> >> # make
> >>
> >> Paul.
> > 
> > Also make sure that your selinux-policy package is fully up-to-date.
> > The error message suggests that your modules are bringing in newer class
> > definitions (via policy_module) that aren't defined in your base.pp,
> > which means your base.pp is out of date.
> 
> How could this happen if the modules are being built on the same system 
> as they are being used on?
> 
> Paul.

Good morning guys,

Thanks for the assistance.

Before building, I had done a 'make clean', so the *.pp files were
deleted.

This continues to be a problem this morning.  The current versions of
the RPMS that I have are:

# rpm -qa | grep selinux
libselinux-1.30-1.fc5
libselinux-devel-1.30-1.fc5
libselinux-python-1.30-1.fc5
selinux-policy-targeted-2.2.43-4.fc5
selinux-policy-2.2.43-4.fc5


I ran a yum update this morning and no new updates were identified.

What is interesting, is if I try to remove any of the existing modules,
I get this:

# semodule -r myclam.pp
libsemanage.semanage_direct_remove: Module myclam.pp was not found.
semodule:  Failed on myclam.pp!


Yet, the modules are listed:

# semodule -l
clamav  1.0.0
myclam  0.1.2
mydcc   0.1.3
mypostfix       0.1.0
mypyzor 0.1.3
procmail        0.5.0


And, if I try to upgrade the module:

# semodule -u myclam.pp
libsemanage.semanage_direct_upgrade: Previous module myclam is same or
newer.
semodule:  Failed on myclam.pp!


It would suggest that the myclam.pp module is found, despite the error
in the remove attempt above.


Seems like something is hosed, but I don't have any intuition here.

If you would like me to attach the *.pp files in an offlist e-mail so
that you can review them, let me know.

Thanks,

Marc

More information about the fedora-selinux-list mailing list