Today's rawhide update

Daniel J Walsh dwalsh at redhat.com
Mon Jul 23 13:23:16 UTC 2007 

Steve G wrote:
>>> libsemanage.semanage_commit_sandbox: Error while renaming
>>> /etc/selinux/targeted/modules/active to
>>>       
> /etc/selinux/targeted/modules/previous.
>   
>>> /usr/sbin/semanage: Could not add SELinux user guest_u
>>> libsemanage.semanage_commit_sandbox: Error while renaming
>>> /etc/selinux/targeted/modules/active to
>>>       
> /etc/selinux/targeted/modules/previous.
>   
>>> /usr/sbin/semanage: Could not add SELinux user xguest_u
>>>   Cleanup   : policycoreutils              ####################### [16/22]
>>>       
>> Steve, why is this alarming? 
>>     
>
> Cause it sounds like a user type was not successfully added to the on-disk
> policy. Running "semanage user -l" shows that neither guest_u or xguest_u exist.
>
>   
>> I'm almost certain that I've seen this before on my own system. Should I be
>> concerned as well?
>>     
>
> I think this indicates a problem with libsemanage or selinux policy. And by the
> terseness of the error messages, I wonder if there's enough information to
> diagnose *why* this failed. An errno might be useful here.
>
> -Steve
>
>
>        
> ____________________________________________________________________________________
> Be a better Globetrotter. Get better travel answers from someone who knows. Yahoo! Answers - Check it out.
> http://answers.yahoo.com/dir/?link=list&sid=396545469
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>   
The problem here is that a transition has failed and 
/etc/selinux/targeted has a mislabeled problem.
restorecon -R -v /etc/selinux/targeted should clean it up.

Not sure what caused it, although I have a theory that a transition on 
setsebool did not happen properly so the files
got mislabeled, during an rpm install.

restorecon -R -v /etc/selinux/targeted
should clean up the mislabeled directory

# semanage user -a -P guest -R guest_r guest_u
# semanage user -a -P xguest -R xguest_r xguest_u

Execute these commands to create the two new user types.

More information about the fedora-selinux-list mailing list