selinux-policy-targeted update is dangerous

D. D. Brierton darren at dzr-web.com
Tue Jun 28 04:12:11 UTC 2005 

On Mon, 2005-06-27 at 23:17 -0400, Erik Hemdal wrote:

> I _did_ however encounter the "syntax errors" in a few processes before 
> taking the .13 update; in fact I was looking for this update to be the 
> one that fixed the prior errors (no joy there).  So if something went 
> awry, it might have been coming for a little while before the latest update.

The syntax errors were these?

invalid context system_u:object_r:crypt_device_t on line number 287
invalid context system_u:object_r:system_dbusd_var_run_t on line number 888

This bug report seems to cover that:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160804

In my case removing selinux-policy-targeted and selinux-policy-targeted-
sources and rm -fR /etc/selinux/targeted and then re-installing the
1.17.30-3.9 versions of those packages got rid of the problem. It seems
that some files in the newer package weren't replacing the ones in the
older package because of some date problems.

> The reinstallation and /.autorelabel fix posted earlier fixed everything 
> for me.  Now I can also see that the 1.17.30.3-9 version is available 
> via the RHN Alert Notification tool.  Someone worked fast!

No, the problems are with the 1.17.30-3.13 versions which are newer than
1.17.30-3.9. You (or yum or up2date) are just checking a mirror which
hasn't synced yet. The 1.17.30-3.13 versions will no doubt show up soon
and that will cause you problems. Updating from an older version to
1.17.30-3.9 will bring back the "invalid context" errors. Your best bet
right now is to do a clean install of the 1.17.30-3.9 versions of the
packages in question.

> Appreciate the quick response, albeit perhaps not quick enough for 
> everyone.  Erik

Actually there has been no official response on bugzilla regarding the
problem at hand.

Best, Darren

-- 
=====================================================================
D. D. Brierton            darren at dzr-web.com          www.dzr-web.com
       Trying is the first step towards failure (Homer Simpson)
=====================================================================

More information about the fedora-list mailing list