SELinux upgrade issue
Moray Henderson (ICT)
Moray.Henderson at ict.om.org
Fri Aug 28 16:22:53 UTC 2009
Just encountered an interesting issue, and wondered if anyone had seen anything like it before. One of the packages I add to my CentOS-based build is a custom SELinux policy (FX: screaming, running away). During a fresh install, it works perfectly:
# grep selinux install.log
Installing libselinux-1.33.4-5.1.el5.i386
Installing libselinux-python-1.33.4-5.1.el5.i386
Installing libselinux-utils-1.33.4-5.1.el5.i386
Installing selinux-policy-2.4.6-203.el5.noarch
Installing selinux-policy-targeted-2.4.6-203.el5.noarch
Installing sls-selinux-policy-1.0-3.sls17.noarch
Installing selinux-policy-devel-2.4.6-203.el5.noarch
But during an upgrade from CentOS 4, this happens:
# grep selinux /root/upgrade.log
Upgrading libselinux-1.33.4-5.1.el5.i386
Upgrading libselinux-python-1.33.4-5.1.el5.i386
Upgrading libselinux-utils-1.33.4-5.1.el5.i386
Upgrading selinux-policy-2.4.6-203.el5.noarch
Upgrading selinux-policy-targeted-2.4.6-203.el5.noarch
Upgrading sls-selinux-policy-1.0-3.sls17.noarch
libsemanage.semanage_make_sandbox: Could not copy files to sandbox /etc/selinux/targeted/modules/tmp.
/usr/sbin/semodule: Failed on /usr/share/selinux/targeted/sls.pp!
Upgrading selinux-policy-devel-2.4.6-203.el5.noarch
warning: /etc/selinux/targeted/policy/policy.18 saved as /etc/selinux/targeted/policy/policy.18.rpmsave
Once anaconda has finished and is on the "installation complete" screen, I can switch to Alt-F2 and say
chroot /mnt/sysimage
/usr/sbin/semodule -i /usr/share/selinux/targeted/sls.pp -s targeted
and now the module installs and loads at the next boot. Any ideas how to get it to install properly the first time?
Moray.
"To err is human. To purr, feline"
More information about the Kickstart-list
mailing list