policy updated, then selinux error?
Hongwei Li
hongwei at wustl.edu
Fri Jul 8 21:15:20 UTC 2005
> On Fri, 2005-07-08 at 14:49 -0500, Hongwei Li wrote:
>> Hi,
>>
>> I just updated selinux target policy (including the source) from
>> 1.17.30-2.96
>> to 1.17.30-3.16 on my fc3 linux system (kernel 2.6.11-1.35_FC3), and also
>> updated checkpolicy-1.17.5-1.2. The updating process did not show any error.
>>
>> Then, I reboot the system that showed a lot of error message like:
>> invalid ... in /etc/selinux/targeted/src/policy/file_contexts/... (it went
>> though so fast that I could not catch all the words). The system is
>> running,
>> then I go to /etc/selinux/targeted/src/policy and run make load and got:
>>
>> # make load
>> mkdir -p /etc/selinux/targeted/policy
>> /usr/bin/checkpolicy -o /etc/selinux/targeted/policy/policy.18 policy.conf
>> /usr/bin/checkpolicy: loading policy configuration from policy.conf
>> domains/unconfined.te:19:ERROR 'syntax error' at token '{' on line 3897:
>> typealias unconfined_t alias { kernel_t init_t initrc_t logrotate_t
>> sendmail_t
>> sshd_t secadm_t sysadm_t rpm_t rpm_script_t xdm_t };
>> typeattribute tty_device_t { tty_device_t devpts_t };
>> /usr/bin/checkpolicy: error(s) encountered while parsing configuration
>> make: *** [/etc/selinux/targeted/policy/policy.18] Error 1
>>
>> I tried touch /.autorelable and reboot, the same error.
>>
>> Can somebody tell what's wrong? how to fix it?
>
> # cd /etc/selinux/targeted/src/policy
> # rm -f policy.conf
> # make reload
>
> Paul.
> --
> Paul Howarth <paul at city-fan.org>
>
I got:
# make reload
mkdir -p tmp
m4 -Imacros -s flask/security_classes ......
......
mv policy.conf.tmp policy.conf
mkdir -p /etc/selinux/targeted/policy
/usr/bin/checkpolicy -o /etc/selinux/targeted/policy/policy.18 policy.conf
/usr/bin/checkpolicy: loading policy configuration from policy.conf
security: 3 users, 4 roles, 343 types, 30 bools
security: 55 classes, 14894 rules
/usr/bin/checkpolicy: policy configuration loaded
/usr/bin/checkpolicy: writing binary representation (version 18) to
/etc/selinux/targeted/policy/policy.18
/usr/sbin/load_policy /etc/selinux/targeted/policy/policy.18
unknown boolean use_syslogng
/usr/sbin/load_policy: Warning! Error while setting booleans: Invalid argument
touch tmp/load
#
What else should I do? or just leave it as is?
Thanks!
Hongwei
More information about the fedora-selinux-list
mailing list