Invalid context with latest SELinux update.

Erik P. Olsen erik at epo.dk
Mon Jun 20 20:17:28 UTC 2005


On Mon, 2005-06-20 at 16:09 -0400, Daniel J Walsh wrote:
> Erik P. Olsen wrote:
> 
> >On Mon, 2005-06-20 at 15:08 -0400, Daniel J Walsh wrote:
> >  
> >
> >>Daniel J Walsh wrote:
> >>
> >>    
> >>
> >>>Erik P. Olsen wrote:
> >>>
> >>>      
> >>>
> >>>>On Mon, 2005-06-20 at 11:41 -0400, Daniel J Walsh wrote:
> >>>> 
> >>>>
> >>>>        
> >>>>
> >>>>>Erik P. Olsen wrote:
> >>>>>
> >>>>>  
> >>>>>
> >>>>>          
> >>>>>
> >>>>>>After having updated FC3 with the latest SELinux I get following error
> >>>>>>messages during boot:
> >>>>>>
> >>>>>>Starting udev: /etc/selinux/targeted/contexts/files/file_contexts line
> >>>>>>287 has invalid context system_u:object_r:crypt_device_t
> >>>>>>
> >>>>>>Starting xfs: /etc/selinux/targeted/contexts/files/file_contexts line
> >>>>>>888 has invalid
> >>>>>>context system_u:object_r:system_dbusd_var_run_t
> >>>>>>
> >>>>>>I can't see any side effect from this but what does it mean and 
> >>>>>>what can
> >>>>>>I do to correct it?
> >>>>>>
> >>>>>>SELinux installation:
> >>>>>>
> >>>>>>libselinux-1.19.1-8.i386.rpm
> >>>>>>libselinux-devel-1.19.1-8.i386.rpm
> >>>>>>selinux-doc-1.14.1-1.noarch.rpm
> >>>>>>selinux-policy-strict-1.19.10-2.noarch.rpm
> >>>>>>selinux-policy-strict-sources-1.19.10-2.noarch.rpm
> >>>>>>selinux-policy-targeted-1.17.30-3.9.noarch.rpm
> >>>>>>selinux-policy-targeted-sources-1.17.30-3.9.noarch.rpm
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>    
> >>>>>>            
> >>>>>>
> >>>>>Can you try to reload policy
> >>>>>
> >>>>>cd /etc/selinux/targeted/src/policy
> >>>>>make reload
> >>>>>  
> >>>>>          
> >>>>>
> >>>>Yes, and here is what make told me:
> >>>>
> >>>>[root at epo policy]# make reload
> >>>>mkdir -p /etc/selinux/targeted/policy
> >>>>/usr/bin/checkpolicy -o /etc/selinux/targeted/policy/policy.18
> >>>>policy.conf
> >>>>/usr/bin/checkpolicy:  loading policy configuration from policy.conf
> >>>>domains/unconfined.te:19:ERROR 'syntax error' at token '{' on line 3894:
> >>>>typeattribute tty_device_t { tty_device_t devpts_t };
> >>>>typealias unconfined_t alias { kernel_t init_t initrc_t logrotate_t
> >>>>sendmail_t sshd_t secadm_t sysadm_t rpm_t rpm_script_t xdm_t };
> >>>>/usr/bin/checkpolicy:  error(s) encountered while parsing configuration
> >>>>make: *** [/etc/selinux/targeted/policy/policy.18] Error 1
> >>>>[root at epo policy]#
> >>>>
> >>>>Obviously something is wrong, but I don't understand what it's all
> >>>>about :-(
> >>>>
> >>>> 
> >>>>
> >>>>        
> >>>>
> >>>What version of checkpolicy do you have installed?
> >>>
> >>>Dan
> >>>      
> >>>
> >>Can you cd /etc/selinux/targeted/src/policy
> >> grep -R define.*admin_tty_type .
> >>    
> >>
> >
> >[root at epo policy]# grep -R define.*admin_tty_type .
> >./macros/program/chroot_macros.te:define(`chroot_tty_device', `
> >{ console_device_t admin_tty_type }')
> >[root at epo policy]#
> >
> >  
> >
> Ok how about
> 
> grep -R define.*ttyp_device_t .

Yields nothing.

-- 
Regards,
Erik P. Olsen
GPG http://pgp.mit.edu 0x71375E63
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050620/866aa73b/attachment-0001.sig>


More information about the fedora-list mailing list