[redhat-lspp] BUG: semanage not working (bad path for "setfiles")

[Stephen Smalley]

On Thu, 2006-06-01 at 10:56 -0500, Klaus Weidner wrote:
> "semanage login -a" doesn't work using policycoreutils-1.30.10-4 :
> 
> 	# semanage login -a operator 
> 	libsemanage.semanage_install_active: setfiles returned error code 1.
> 	libsemanage.semanage_install_active: setfiles returned error code 1.
> 	/usr/sbin/semanage: Could not add login mapping for operator
> 
> The problem seems to be that it's trying to run /usr/sbin/setfiles which
> doesn't exist:
> 
> 	pid  1916] execve("/usr/sbin/setfiles", ["/usr/sbin/setfiles", "-q", "-c", "/etc/selinux/mls/policy/policy.2"..., "/etc/selinux/mls/contexts/files/"...], [/* 0 vars */]) = -1 ENOENT (No such file or directory)
> 
> As a workaround, a symlink (ln -s /sbin/setfiles /usr/sbin/setfiles)
> makes semanage work again as expected.
> 
> The system was a fresh install of FC5 plus the following packages:
> 
> 	audit-1.2.3-1.i386.rpm
> 	audit-libs-1.2.3-1.i386.rpm
> 	audit-libs-devel-1.2.3-1.i386.rpm
> 	audit-libs-python-1.2.3-1.i386.rpm
> 	glibc-kernheaders-3.0-36.i386.rpm
> 	kernel-2.6.16-1.2212.2.4_FC6.lspp.31.i686.rpm
> 	kernel-devel-2.6.16-1.2212.2.4_FC6.lspp.31.i686.rpm
> 	libsemanage-1.6.7-3.i386.rpm
> 	libsemanage-devel-1.6.7-3.i386.rpm
> 	libsepol-1.12.14-1.i386.rpm
> 	libsepol-devel-1.12.14-1.i386.rpm
> 	policycoreutils-1.30.10-4.i386.rpm
> 	selinux-policy-2.2.43-3.noarch.rpm
> 	selinux-policy-mls-2.2.43-3.noarch.rpm
> 	selinux-policy-targeted-2.2.43-3.noarch.rpm

Ok, Dan moved setfiles from /usr/sbin to /sbin so that it could be run
for autorelabel from very early boot (in the event that /usr is a
separat partition and isn't mounted yet), but libsemanage wasn't updated
for the new location.  /etc/selinux/semanage.conf can be configured for
the new location as a workaround until libsemanage is updated, by
appending the following text to it:
[setfiles]
path = /sbin/setfiles
args = -q -c $@ $<
[end]

-- 
Stephen Smalley
National Security Agency