Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora SELinux Support (http://www.linux-archive.org/fedora-selinux-support/)
-   -   sandbox complaint (http://www.linux-archive.org/fedora-selinux-support/377398-sandbox-complaint.html)

05-27-2010 06:38 PM

sandbox complaint
 
Daniel wrote:
> On 05/27/2010 12:19 PM, m.roth@5-cent.us wrote:
>> Daniel wrote:
>>> On 05/27/2010 12:00 PM, m.roth@5-cent.us wrote:
>>>> Daniel wrote:
>>>>> On 05/27/2010 11:49 AM, m.roth@5-cent.us wrote:
>>>>>> Updating a system from CentOS 5.4 (current) to 5.5, and I see:
>>>>>>
>>>>>> libsepol.scope_copy_callback: zosremote: Duplicate declaration in
>>>>>> module:
>>>>>> type/attribute zos_remote_t
>>>>>> libsemanage.semanage_link_sandbox: Link packages failed
>>>>>> semodule: Failed!
>> <snip>
>>>>> Do you have multiple pp files definitin zosremote?
>> <snip>
>>> locate -r zos.*remote
>>>
>>> Might find the bad pp file.
<snip>
>> I don't believe they want me to remove it. Doing the locate, I find:
>>> locate -r zos.*remote | grep .pp
>> /etc/selinux/mls/modules/active/modules/zosremote.pp
>> /etc/selinux/mls/modules/previous/modules/zosremote.pp
>> /etc/selinux/targeted/modules/active/modules/zos_remote.pp
>> /etc/selinux/targeted/modules/previous/modules/zos_remote.pp
>> /old/etc/selinux/targeted/modules/active/modules/zos_remote.pp
>> /old/etc/selinux/targeted/modules/previous/modules/zos_remote.pp
>> /old/usr/share/selinux/mls/audispd-zos-remote.pp
>> /old/usr/share/selinux/strict/audispd-zos-remote.pp
>> /old/usr/share/selinux/targeted/audispd-zos-remote.pp
>> /usr/share/selinux/mls/zosremote.pp
>> /usr/share/selinux/targeted/zosremote.pp
>>
>> So, which should I get rid of, that was not cleaned up during the
>> update?
>
> Remove all audispd-zos-remote.pp and zos_remote.pp
>
> We ship zosremote.pp

Ok... I can do that, but are you saying to just rm it, and not whatever
package it came in?

And if it's not correct, why is it here, anyway? Anyone on the CentOS
list? I don't want to screw around with this as "oh, it's only his weird
problem", I figure that it's happening to a lot of other folks, and I'd
like to make the problem go away for everyone. That, of course, means it
the incorrect stuff needs to be removed from whatever package it's in....

mark

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Daniel J Walsh 05-27-2010 07:21 PM

sandbox complaint
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/27/2010 02:38 PM, m.roth@5-cent.us wrote:
> Daniel wrote:
>> On 05/27/2010 12:19 PM, m.roth@5-cent.us wrote:
>>> Daniel wrote:
>>>> On 05/27/2010 12:00 PM, m.roth@5-cent.us wrote:
>>>>> Daniel wrote:
>>>>>> On 05/27/2010 11:49 AM, m.roth@5-cent.us wrote:
>>>>>>> Updating a system from CentOS 5.4 (current) to 5.5, and I see:
>>>>>>>
>>>>>>> libsepol.scope_copy_callback: zosremote: Duplicate declaration in
>>>>>>> module:
>>>>>>> type/attribute zos_remote_t
>>>>>>> libsemanage.semanage_link_sandbox: Link packages failed
>>>>>>> semodule: Failed!
>>> <snip>
>>>>>> Do you have multiple pp files definitin zosremote?
>>> <snip>
>>>> locate -r zos.*remote
>>>>
>>>> Might find the bad pp file.
> <snip>
>>> I don't believe they want me to remove it. Doing the locate, I find:
>>>> locate -r zos.*remote | grep .pp
>>> /etc/selinux/mls/modules/active/modules/zosremote.pp
>>> /etc/selinux/mls/modules/previous/modules/zosremote.pp
>>> /etc/selinux/targeted/modules/active/modules/zos_remote.pp
>>> /etc/selinux/targeted/modules/previous/modules/zos_remote.pp
>>> /old/etc/selinux/targeted/modules/active/modules/zos_remote.pp
>>> /old/etc/selinux/targeted/modules/previous/modules/zos_remote.pp
>>> /old/usr/share/selinux/mls/audispd-zos-remote.pp
>>> /old/usr/share/selinux/strict/audispd-zos-remote.pp
>>> /old/usr/share/selinux/targeted/audispd-zos-remote.pp
>>> /usr/share/selinux/mls/zosremote.pp
>>> /usr/share/selinux/targeted/zosremote.pp
>>>
>>> So, which should I get rid of, that was not cleaned up during the
>>> update?
>>
>> Remove all audispd-zos-remote.pp and zos_remote.pp
>>
>> We ship zosremote.pp
>
> Ok... I can do that, but are you saying to just rm it, and not whatever
> package it came in?
>
> And if it's not correct, why is it here, anyway? Anyone on the CentOS
> list? I don't want to screw around with this as "oh, it's only his weird
> problem", I figure that it's happening to a lot of other folks, and I'd
> like to make the problem go away for everyone. That, of course, means it
> the incorrect stuff needs to be removed from whatever package it's in....
>
> mark
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
I think you will find that it does not happen for everyone else and that
these files do not belong to other packages. I have a feeling that
something went wrong on an update that left these files around.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkv+xjsACgkQrlYvE4MpobN2TQCfTzVW/cJTiLnIXE6o6qZcYkHm
ApAAoNvzVidxxudbFMDhQfrrfLdZV0QU
=+pxM
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

05-27-2010 08:12 PM

sandbox complaint
 
Daniel wrote:
> On 05/27/2010 02:38 PM, m.roth@5-cent.us wrote:
>> Daniel wrote:
>>> On 05/27/2010 12:19 PM, m.roth@5-cent.us wrote:
>>>> Daniel wrote:
>>>>> On 05/27/2010 12:00 PM, m.roth@5-cent.us wrote:
>>>>>> Daniel wrote:
>>>>>>> On 05/27/2010 11:49 AM, m.roth@5-cent.us wrote:
>>>>>>>> Updating a system from CentOS 5.4 (current) to 5.5, and I see:
>>>>>>>>
>>>>>>>> libsepol.scope_copy_callback: zosremote: Duplicate declaration in
>>>>>>>> module:
>>>>>>>> type/attribute zos_remote_t
>>>>>>>> libsemanage.semanage_link_sandbox: Link packages failed
>>>>>>>> semodule: Failed!
>>>> <snip>
>>>>>>> Do you have multiple pp files definitin zosremote?
>>>> <snip>
>>>>> locate -r zos.*remote
>>>>>
>>>>> Might find the bad pp file.
>> <snip>
>>>> I don't believe they want me to remove it. Doing the locate, I find:
>>>>> locate -r zos.*remote | grep .pp
>>>> /etc/selinux/mls/modules/active/modules/zosremote.pp
>>>> /etc/selinux/mls/modules/previous/modules/zosremote.pp
>>>> /etc/selinux/targeted/modules/active/modules/zos_remote.pp
>>>> /etc/selinux/targeted/modules/previous/modules/zos_remote.pp
>>>> /old/etc/selinux/targeted/modules/active/modules/zos_remote.pp
>>>> /old/etc/selinux/targeted/modules/previous/modules/zos_remote.pp
>>>> /old/usr/share/selinux/mls/audispd-zos-remote.pp
>>>> /old/usr/share/selinux/strict/audispd-zos-remote.pp
>>>> /old/usr/share/selinux/targeted/audispd-zos-remote.pp
>>>> /usr/share/selinux/mls/zosremote.pp
>>>> /usr/share/selinux/targeted/zosremote.pp
>>>>
>>>> So, which should I get rid of, that was not cleaned up during the
>>>> update?
>>>
>>> Remove all audispd-zos-remote.pp and zos_remote.pp
>>>
>>> We ship zosremote.pp
>>
>> Ok... I can do that, but are you saying to just rm it, and not whatever
>> package it came in?
>>
>> And if it's not correct, why is it here, anyway? Anyone on the CentOS
>> list? I don't want to screw around with this as "oh, it's only his weird
>> problem", I figure that it's happening to a lot of other folks, and I'd
>> like to make the problem go away for everyone. That, of course, means it
>> the incorrect stuff needs to be removed from whatever package it's
>> in....
>>
> I think you will find that it does not happen for everyone else and that
> these files do not belong to other packages. I have a feeling that
> something went wrong on an update that left these files around.
>
Hmmm...but I don't know if rm'ing them will work, if they're in the d/b.
So I suppose I'll have to find the package that put them there...
<time passes>
Ok, anyone on the CentOS list: does *anyone* know where this came from?
It' sin the directory provided by
selinux-policy-targeted-2.4.6-279.el5.noarch, but there's no zos_remote in
the package.

mark

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

05-27-2010 08:12 PM

sandbox complaint
 
Daniel wrote:
> On 05/27/2010 02:38 PM, m.roth@5-cent.us wrote:
>> Daniel wrote:
>>> On 05/27/2010 12:19 PM, m.roth@5-cent.us wrote:
>>>> Daniel wrote:
>>>>> On 05/27/2010 12:00 PM, m.roth@5-cent.us wrote:
>>>>>> Daniel wrote:
>>>>>>> On 05/27/2010 11:49 AM, m.roth@5-cent.us wrote:
>>>>>>>> Updating a system from CentOS 5.4 (current) to 5.5, and I see:
>>>>>>>>
>>>>>>>> libsepol.scope_copy_callback: zosremote: Duplicate declaration in
>>>>>>>> module:
>>>>>>>> type/attribute zos_remote_t
>>>>>>>> libsemanage.semanage_link_sandbox: Link packages failed
>>>>>>>> semodule: Failed!
>>>> <snip>
>>>>>>> Do you have multiple pp files definitin zosremote?
>>>> <snip>
>>>>> locate -r zos.*remote
>>>>>
>>>>> Might find the bad pp file.
>> <snip>
>>>> I don't believe they want me to remove it. Doing the locate, I find:
>>>>> locate -r zos.*remote | grep .pp
>>>> /etc/selinux/mls/modules/active/modules/zosremote.pp
>>>> /etc/selinux/mls/modules/previous/modules/zosremote.pp
>>>> /etc/selinux/targeted/modules/active/modules/zos_remote.pp
>>>> /etc/selinux/targeted/modules/previous/modules/zos_remote.pp
>>>> /old/etc/selinux/targeted/modules/active/modules/zos_remote.pp
>>>> /old/etc/selinux/targeted/modules/previous/modules/zos_remote.pp
>>>> /old/usr/share/selinux/mls/audispd-zos-remote.pp
>>>> /old/usr/share/selinux/strict/audispd-zos-remote.pp
>>>> /old/usr/share/selinux/targeted/audispd-zos-remote.pp
>>>> /usr/share/selinux/mls/zosremote.pp
>>>> /usr/share/selinux/targeted/zosremote.pp
>>>>
>>>> So, which should I get rid of, that was not cleaned up during the
>>>> update?
>>>
>>> Remove all audispd-zos-remote.pp and zos_remote.pp
>>>
>>> We ship zosremote.pp
>>
>> Ok... I can do that, but are you saying to just rm it, and not whatever
>> package it came in?
>>
>> And if it's not correct, why is it here, anyway? Anyone on the CentOS
>> list? I don't want to screw around with this as "oh, it's only his weird
>> problem", I figure that it's happening to a lot of other folks, and I'd
>> like to make the problem go away for everyone. That, of course, means it
>> the incorrect stuff needs to be removed from whatever package it's
>> in....
>>
> I think you will find that it does not happen for everyone else and that
> these files do not belong to other packages. I have a feeling that
> something went wrong on an update that left these files around.
>
Hmmm...but I don't know if rm'ing them will work, if they're in the d/b.
So I suppose I'll have to find the package that put them there...
<time passes>
Ok, anyone on the CentOS list: does *anyone* know where this came from?
It' sin the directory provided by
selinux-policy-targeted-2.4.6-279.el5.noarch, but there's no zos_remote in
the package.

mark

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Daniel J Walsh 05-27-2010 08:17 PM

sandbox complaint
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/27/2010 04:12 PM, m.roth@5-cent.us wrote:
> Daniel wrote:
>> On 05/27/2010 02:38 PM, m.roth@5-cent.us wrote:
>>> Daniel wrote:
>>>> On 05/27/2010 12:19 PM, m.roth@5-cent.us wrote:
>>>>> Daniel wrote:
>>>>>> On 05/27/2010 12:00 PM, m.roth@5-cent.us wrote:
>>>>>>> Daniel wrote:
>>>>>>>> On 05/27/2010 11:49 AM, m.roth@5-cent.us wrote:
>>>>>>>>> Updating a system from CentOS 5.4 (current) to 5.5, and I see:
>>>>>>>>>
>>>>>>>>> libsepol.scope_copy_callback: zosremote: Duplicate declaration in
>>>>>>>>> module:
>>>>>>>>> type/attribute zos_remote_t
>>>>>>>>> libsemanage.semanage_link_sandbox: Link packages failed
>>>>>>>>> semodule: Failed!
>>>>> <snip>
>>>>>>>> Do you have multiple pp files definitin zosremote?
>>>>> <snip>
>>>>>> locate -r zos.*remote
>>>>>>
>>>>>> Might find the bad pp file.
>>> <snip>
>>>>> I don't believe they want me to remove it. Doing the locate, I find:
>>>>>> locate -r zos.*remote | grep .pp
>>>>> /etc/selinux/mls/modules/active/modules/zosremote.pp
>>>>> /etc/selinux/mls/modules/previous/modules/zosremote.pp
>>>>> /etc/selinux/targeted/modules/active/modules/zos_remote.pp
>>>>> /etc/selinux/targeted/modules/previous/modules/zos_remote.pp
>>>>> /old/etc/selinux/targeted/modules/active/modules/zos_remote.pp
>>>>> /old/etc/selinux/targeted/modules/previous/modules/zos_remote.pp
>>>>> /old/usr/share/selinux/mls/audispd-zos-remote.pp
>>>>> /old/usr/share/selinux/strict/audispd-zos-remote.pp
>>>>> /old/usr/share/selinux/targeted/audispd-zos-remote.pp
>>>>> /usr/share/selinux/mls/zosremote.pp
>>>>> /usr/share/selinux/targeted/zosremote.pp
>>>>>
>>>>> So, which should I get rid of, that was not cleaned up during the
>>>>> update?
>>>>
>>>> Remove all audispd-zos-remote.pp and zos_remote.pp
>>>>
>>>> We ship zosremote.pp
>>>
>>> Ok... I can do that, but are you saying to just rm it, and not whatever
>>> package it came in?
>>>
>>> And if it's not correct, why is it here, anyway? Anyone on the CentOS
>>> list? I don't want to screw around with this as "oh, it's only his weird
>>> problem", I figure that it's happening to a lot of other folks, and I'd
>>> like to make the problem go away for everyone. That, of course, means it
>>> the incorrect stuff needs to be removed from whatever package it's
>>> in....
>>>
>> I think you will find that it does not happen for everyone else and that
>> these files do not belong to other packages. I have a feeling that
>> something went wrong on an update that left these files around.
>>
> Hmmm...but I don't know if rm'ing them will work, if they're in the d/b.
> So I suppose I'll have to find the package that put them there...
> <time passes>
> Ok, anyone on the CentOS list: does *anyone* know where this came from?
> It' sin the directory provided by
> selinux-policy-targeted-2.4.6-279.el5.noarch, but there's no zos_remote in
> the package.
>
> mark
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
Trust me on this, I know what I am talking about.

Just remove them. They were put there by previous versions of audit and
maybe selinux-policy. If you are concerned you can squirrel them away.

selinux-policy takes all pp files in the active directory and compiles
them into a policy module.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkv+01wACgkQrlYvE4MpobPNBwCfSO90PDBbZT N5o3qvByauHVII
lVIAoK8xpawANQ+6vMnyI/Ee3J05FMke
=7CO6
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

05-27-2010 08:32 PM

sandbox complaint
 
Daniel wrote:
> On 05/27/2010 04:12 PM, m.roth@5-cent.us wrote:
>> Daniel wrote:
>>> On 05/27/2010 02:38 PM, m.roth@5-cent.us wrote:
>>>> Daniel wrote:
>>>>> On 05/27/2010 12:19 PM, m.roth@5-cent.us wrote:
>>>>>> Daniel wrote:
>>>>>>> On 05/27/2010 12:00 PM, m.roth@5-cent.us wrote:
>>>>>>>> Daniel wrote:
>>>>>>>>> On 05/27/2010 11:49 AM, m.roth@5-cent.us wrote:
>>>>>>>>>> Updating a system from CentOS 5.4 (current) to 5.5, and I see:
>>>>>>>>>>
>>>>>>>>>> libsepol.scope_copy_callback: zosremote: Duplicate declaration
>>>>>>>>>> in
>>>>>>>>>> module:
>>>>>>>>>> type/attribute zos_remote_t
>>>>>>>>>> libsemanage.semanage_link_sandbox: Link packages failed
>>>>>>>>>> semodule: Failed!
>>>>>> <snip>
>>>>> Remove all audispd-zos-remote.pp and zos_remote.pp
>>>>>
>>>>> We ship zosremote.pp
>>>>
>>>> Ok... I can do that, but are you saying to just rm it, and not
>>>> whatever package it came in?
<snip>
>>> I think you will find that it does not happen for everyone else and
>>> that these files do not belong to other packages. I have a feeling that
>>> something went wrong on an update that left these files around.
>>>
>> Hmmm...but I don't know if rm'ing them will work, if they're in the d/b.
>> So I suppose I'll have to find the package that put them there...
>> <time passes>
>> Ok, anyone on the CentOS list: does *anyone* know where this came from?
>> It' sin the directory provided by
>> selinux-policy-targeted-2.4.6-279.el5.noarch, but there's no zos_remote
>> in the package.
>>
> Trust me on this, I know what I am talking about.
>
> Just remove them. They were put there by previous versions of audit and
> maybe selinux-policy. If you are concerned you can squirrel them away.
>
> selinux-policy takes all pp files in the active directory and compiles
> them into a policy module.

Ok, I believe you. I also found the same .pp in .../previous/, and diff
said no difference, so no problem rm'ing them.

mark

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

05-27-2010 08:32 PM

sandbox complaint
 
Daniel wrote:
> On 05/27/2010 04:12 PM, m.roth@5-cent.us wrote:
>> Daniel wrote:
>>> On 05/27/2010 02:38 PM, m.roth@5-cent.us wrote:
>>>> Daniel wrote:
>>>>> On 05/27/2010 12:19 PM, m.roth@5-cent.us wrote:
>>>>>> Daniel wrote:
>>>>>>> On 05/27/2010 12:00 PM, m.roth@5-cent.us wrote:
>>>>>>>> Daniel wrote:
>>>>>>>>> On 05/27/2010 11:49 AM, m.roth@5-cent.us wrote:
>>>>>>>>>> Updating a system from CentOS 5.4 (current) to 5.5, and I see:
>>>>>>>>>>
>>>>>>>>>> libsepol.scope_copy_callback: zosremote: Duplicate declaration
>>>>>>>>>> in
>>>>>>>>>> module:
>>>>>>>>>> type/attribute zos_remote_t
>>>>>>>>>> libsemanage.semanage_link_sandbox: Link packages failed
>>>>>>>>>> semodule: Failed!
>>>>>> <snip>
>>>>> Remove all audispd-zos-remote.pp and zos_remote.pp
>>>>>
>>>>> We ship zosremote.pp
>>>>
>>>> Ok... I can do that, but are you saying to just rm it, and not
>>>> whatever package it came in?
<snip>
>>> I think you will find that it does not happen for everyone else and
>>> that these files do not belong to other packages. I have a feeling that
>>> something went wrong on an update that left these files around.
>>>
>> Hmmm...but I don't know if rm'ing them will work, if they're in the d/b.
>> So I suppose I'll have to find the package that put them there...
>> <time passes>
>> Ok, anyone on the CentOS list: does *anyone* know where this came from?
>> It' sin the directory provided by
>> selinux-policy-targeted-2.4.6-279.el5.noarch, but there's no zos_remote
>> in the package.
>>
> Trust me on this, I know what I am talking about.
>
> Just remove them. They were put there by previous versions of audit and
> maybe selinux-policy. If you are concerned you can squirrel them away.
>
> selinux-policy takes all pp files in the active directory and compiles
> them into a policy module.

Ok, I believe you. I also found the same .pp in .../previous/, and diff
said no difference, so no problem rm'ing them.

mark

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


All times are GMT. The time now is 06:46 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.