Messages from update to selinux-policy-3.0.3-2.fc8

Fri Jul 20 14:18:48 UTC 2007

Tom London wrote:
> [root at localhost Downloads]# rpm -Uvh selinux*
> Preparing...                
> ########################################### [100%]
>   1:selinux-policy         ########################################### 
> [ 33%]
>   2:selinux-policy-devel   ########################################### 
> [ 67%]
>   3:selinux-policy-targeted########################################### 
> [100%]
> libsemanage.semanage_commit_sandbox: Error while renaming
> /etc/selinux/targeted/modules/active to
> /etc/selinux/targeted/modules/previous.
> /usr/sbin/semanage: Could not add SELinux user guest_u
> libsemanage.semanage_commit_sandbox: Error while renaming
> /etc/selinux/targeted/modules/active to
> /etc/selinux/targeted/modules/previous.
> /usr/sbin/semanage: Could not add SELinux user xguest_u
> [root at localhost Downloads]#
>
> Got this AVC:
>
> type=AVC msg=audit(1184939434.913:47): avc:  denied  { rename } for
> pid=5453 comm="semanage" name="active" dev=dm-0 ino=11076264
> scontext=system_u:system_r:semanage_t:s0
> tcontext=system_u:object_r:selinux_config_t:s0 tclass=dir
> type=SYSCALL msg=audit(1184939434.913:47): arch=40000003 syscall=38
> success=no exit=-13 a0=85a0d40 a1=85a0d70 a2=1975c4 a3=bf9eec98
> items=0 ppid=5443 pid=5453 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=pts0 comm="semanage" exe="/usr/bin/python"
> subj=system_u:system_r:semanage_t:s0 key=(null)
> type=USER_ROLE_CHANGE msg=audit(1184939434.913:48): user pid=5453
> uid=0 auid=500 subj=system_u:system_r:semanage_t:s0 msg='op=add
> SELinux user record acct="xguest_u" old-seuser=? old-role=?
> old-range=? new-seuser=xguest_u new-role=xguest_r new-range=s0
> exe=/usr/sbin/semanage (hostname=?, addr=?, terminal=pts/0
> res=failed)'
>
> [similar one for 'guest_u']
>
> tom
>
This looks like the labeling on /etc/selinux/targeted got screwed up.

restorecon -R -v /etc/selinux