postfix, procmail and SELinux - No Go
Paul Howarth
paul at city-fan.org
Tue Jun 20 13:05:39 UTC 2006
Marc Schwartz wrote:
> On Tue, 2006-06-20 at 13:26 +0100, Paul Howarth wrote:
>> Stephen Smalley wrote:
>>> On Tue, 2006-06-20 at 08:08 +0100, Paul Howarth wrote:
>>>> On Mon, 2006-06-19 at 15:34 -0500, Marc Schwartz (via MN) wrote:
>>>>> Thanks Paul!
>>>>>
>>>>> OK, so the building goes OK, but now when I try to install the modules,
>>>>> I get the following error:
>>>>>
>>>>> # /usr/sbin/semodule -i procmail.pp
>>>>> libsepol.class_copy_callback: procmail: Modules may not yet declare new classes.
>>>>> libsemanage.semanage_link_sandbox: Link packages failed
>>>>> /usr/sbin/semodule: Failed!
>>>>>
>>>>>
>>>>> This occurs with each of the 5 modules.
>>>>>
>>>>> Due to the recent change as well or is there something else that I need
>>>>> to do before installing the new module(s)?
>>>> Not sure what that is. Can you try rebuilding all of the modules?
>>>>
>>>> # rm *.pp
>>>> # make
>>>>
>>>> Paul.
>>> Also make sure that your selinux-policy package is fully up-to-date.
>>> The error message suggests that your modules are bringing in newer class
>>> definitions (via policy_module) that aren't defined in your base.pp,
>>> which means your base.pp is out of date.
>> How could this happen if the modules are being built on the same system
>> as they are being used on?
>>
>> Paul.
>
> Good morning guys,
>
> Thanks for the assistance.
>
> Before building, I had done a 'make clean', so the *.pp files were
> deleted.
>
> This continues to be a problem this morning. The current versions of
> the RPMS that I have are:
>
> # rpm -qa | grep selinux
> libselinux-1.30-1.fc5
> libselinux-devel-1.30-1.fc5
> libselinux-python-1.30-1.fc5
> selinux-policy-targeted-2.2.43-4.fc5
> selinux-policy-2.2.43-4.fc5
>
>
> I ran a yum update this morning and no new updates were identified.
>
> What is interesting, is if I try to remove any of the existing modules,
> I get this:
>
> # semodule -r myclam.pp
> libsemanage.semanage_direct_remove: Module myclam.pp was not found.
> semodule: Failed on myclam.pp!
>
>
> Yet, the modules are listed:
>
> # semodule -l
> clamav 1.0.0
> myclam 0.1.2
> mydcc 0.1.3
> mypostfix 0.1.0
> mypyzor 0.1.3
> procmail 0.5.0
>
>
> And, if I try to upgrade the module:
>
> # semodule -u myclam.pp
> libsemanage.semanage_direct_upgrade: Previous module myclam is same or
> newer.
> semodule: Failed on myclam.pp!
>
>
> It would suggest that the myclam.pp module is found, despite the error
> in the remove attempt above.
>
>
> Seems like something is hosed, but I don't have any intuition here.
>
> If you would like me to attach the *.pp files in an offlist e-mail so
> that you can review them, let me know.
There's something very curious going on here. With
selinux-policy-2.2.43-4.fc5 you should have clamav module version 1.0.1.
Try this:
# yum install yum-utils
# yumdownloader selinux-policy selinux-policy-targeted
# rpm -Uvh --replacefiles --replacepkgs \
selinux-policy-2.2.43-4.fc5.noarch.rpm \
selinux-policy-targeted-2.2.43-4.fc5.noarch.rpm
# semodule -l
Paul.
More information about the fedora-selinux-list
mailing list