selinux and 2.6.31-33.fc12.x86_64

Daniel J Walsh dwalsh at redhat.com
Mon Sep 28 19:04:52 UTC 2009


On 09/23/2009 12:19 PM, Gene Czarcinski wrote:
> On Tuesday 22 September 2009 21:24:36 Daniel J Walsh wrote:
>> On 09/22/2009 11:33 AM, Gene Czarcinski wrote:
>>> On Tuesday 22 September 2009 13:47:12 Gene Czarcinski wrote:
>>>> I have installed:
>>>>
>>>> [gc at hawk ~]$ rpm -qa dracut*
>>>> dracut-kernel-002-2.gitc53acc30.fc12.noarch
>>>> dracut-002-2.gitc53acc30.fc12.noarch
>>>>
>>>> but an update for dracut is available.  I will update to that version
>>>> and then  remove/re-install kernel-2.6.31-33.fc12.x86_64 to see if that
>>>> will make a difference.
>>>
>>> Nope ... no change.  I still come up with selinux disabled with
>>> kernel-2.6.31-33.fc12.x86_64.  I have also update to
>>> [gc at hawk ~]$ rpm -q policycoreutils selinux-policy
>>> policycoreutils-2.0.74-4.fc12.x86_64
>>> selinux-policy-3.6.32-8.fc12.noarch
>>>
>>> I guess I will revert to running kernel-2.6.31-23.fc12.x86_64 since
>>> running with selinux enabled is more important to me that the new kernel.
>>>
>>> Gene
>>
>> I think the selinux-policy is failing to create a new policy.  Could you
>>  attempt
>>
>> yum reinstall selinux-policy-targeted
>>
>> There might be a conflict with BackupPC, which you might need to remove its
>>  policy.
>>
> Fixed!
> 
> I removed BackupPC (don't use it anyway) and reinstalled selinux-policy-
> targeted.  Then I rebooted to the "33" kernel.  I am now "Enforcing".
> 
> So, was the problem that selinux-policy-targeted not really being installed 
> even if yum thought it was?
> 
> I verified on another system ... with BackupPC installed, I get some error 
> messages when I install selinux-policy-targeted ("semanage failed" among 
> others) ... after removing BackupPC, the reinstall works.
> 
> Gene
> 
Yes Since the policy upgrade is happening in the post install, if the post install fails the package will still be installed, although the policy will not be updated.  There are patches going around to fix this in the future.  Maybe F13?




More information about the fedora-test-list mailing list