FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 05-24-2012, 03:05 PM
Moray Henderson
 
Default Policy version mismatch

I've got a policy module which works fine when I build and load it on CentOS
5. When I build and try to load it on CentOS 6 it complains:

SELinux: Could not downgrade policy file
/etc/selinux/targeted/policy/policy.24, searching for an older version.
SELinux: Could not open policy file <=
/etc/selinux/targeted/policy/policy.24: No such file or directory

There's nothing in the policy source specifying version so I would have
expected the module automatically to build for the correct policy version
when built on CentOS 6. Any pointers where to look or what to do next?


Moray.
"To err is human; to purr, feline."





--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 05-24-2012, 04:14 PM
Daniel J Walsh
 
Default Policy version mismatch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/24/2012 11:05 AM, Moray Henderson wrote:
> I've got a policy module which works fine when I build and load it on
> CentOS 5. When I build and try to load it on CentOS 6 it complains:
>
> SELinux: Could not downgrade policy file
> /etc/selinux/targeted/policy/policy.24, searching for an older version.
> SELinux: Could not open policy file <=
> /etc/selinux/targeted/policy/policy.24: No such file or directory
>
> There's nothing in the policy source specifying version so I would have
> expected the module automatically to build for the correct policy version
> when built on CentOS 6. Any pointers where to look or what to do next?
>
>
> Moray. "To err is human; to purr, feline."
>
>
>
>
>
> -- selinux mailing list selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux


Read

http://danwalsh.livejournal.com/49762.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk++XlAACgkQrlYvE4MpobMf+wCghm6D/Gn5Yh9mLIHF1vTo5k2m
7KkAnRSdi7LWcywz1LeE6ir8nygh1wVj
=hxTJ
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 05-24-2012, 04:24 PM
David Quigley
 
Default Policy version mismatch

On 05/24/2012 12:14, Daniel J Walsh wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/24/2012 11:05 AM, Moray Henderson wrote:
I've got a policy module which works fine when I build and load it
on

CentOS 5. When I build and try to load it on CentOS 6 it complains:

SELinux: Could not downgrade policy file
/etc/selinux/targeted/policy/policy.24, searching for an older
version.

SELinux: Could not open policy file <=
/etc/selinux/targeted/policy/policy.24: No such file or directory

There's nothing in the policy source specifying version so I would
have
expected the module automatically to build for the correct policy
version
when built on CentOS 6. Any pointers where to look or what to do
next?



Moray. "To err is human; to purr, feline."





-- selinux mailing list selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux



Read

http://danwalsh.livejournal.com/49762.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk++XlAACgkQrlYvE4MpobMf+wCghm6D/Gn5Yh9mLIHF1vTo5k2m
7KkAnRSdi7LWcywz1LeE6ir8nygh1wVj
=hxTJ
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux


I don't think your post applies to his question. His email seems to
indicate to me that he is building the policy binary on RHEL 6 for RHEL
6 and then on install time its trying to downgrade the policy. He is
wondering why it didn't just build for the policy version being used by
the system.


Dave
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 05-24-2012, 07:01 PM
Daniel J Walsh
 
Default Policy version mismatch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/24/2012 12:24 PM, David Quigley wrote:
> On 05/24/2012 12:14, Daniel J Walsh wrote: On 05/24/2012 11:05 AM, Moray
> Henderson wrote:
>>>> I've got a policy module which works fine when I build and load it
>>>> on CentOS 5. When I build and try to load it on CentOS 6 it
>>>> complains:
>>>>
>>>> SELinux: Could not downgrade policy file
>>>> /etc/selinux/targeted/policy/policy.24, searching for an older
>>>> version. SELinux: Could not open policy file <=
>>>> /etc/selinux/targeted/policy/policy.24: No such file or directory
>>>>
>>>> There's nothing in the policy source specifying version so I would
>>>> have expected the module automatically to build for the correct
>>>> policy version when built on CentOS 6. Any pointers where to look or
>>>> what to do next?
>>>>
>>>>
>>>> Moray. "To err is human; to purr, feline."
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> -- selinux mailing list selinux@lists.fedoraproject.org
>>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
> Read
>
> http://danwalsh.livejournal.com/49762.html
>> -- selinux mailing list selinux@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
> I don't think your post applies to his question. His email seems to
> indicate to me that he is building the policy binary on RHEL 6 for RHEL 6
> and then on install time its trying to downgrade the policy. He is
> wondering why it didn't just build for the policy version being used by the
> system.
>
> Dave -- selinux mailing list selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux

What policy file did it build?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk++hXMACgkQrlYvE4MpobMToACgo2k5nt6bCj r1/7tv1Zr1AeuG
6XYAn1RfCfxEsIvu0RqvIYswxg6HII6q
=g2JS
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 05-29-2012, 04:23 PM
Moray Henderson
 
Default Policy version mismatch

> -----Original Message-----
> From: selinux-bounces@lists.fedoraproject.org [mailto:selinux-
> bounces@lists.fedoraproject.org] On Behalf Of Daniel J Walsh
> Sent: 24 May 2012 20:01
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 05/24/2012 12:24 PM, David Quigley wrote:
> > On 05/24/2012 12:14, Daniel J Walsh wrote: On 05/24/2012 11:05 AM,
> > Moray Henderson wrote:
> >>>> I've got a policy module which works fine when I build and load it
> >>>> on CentOS 5. When I build and try to load it on CentOS 6 it
> >>>> complains:
> >>>>
> >>>> SELinux: Could not downgrade policy file
> >>>> /etc/selinux/targeted/policy/policy.24, searching for an older
> >>>> version. SELinux: Could not open policy file <=
> >>>> /etc/selinux/targeted/policy/policy.24: No such file or directory
> >>>>
> >>>> There's nothing in the policy source specifying version so I would
> >>>> have expected the module automatically to build for the correct
> >>>> policy version when built on CentOS 6. Any pointers where to look
> >>>> or what to do next?
> >>>>
> >>>>
> >>>> Moray. "To err is human; to purr, feline."
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> -- selinux mailing list selinux@lists.fedoraproject.org
> >>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
> >
> >
> > Read
> >
> > http://danwalsh.livejournal.com/49762.html
> >> -- selinux mailing list selinux@lists.fedoraproject.org
> >> https://admin.fedoraproject.org/mailman/listinfo/selinux
> >
> > I don't think your post applies to his question. His email seems to
> > indicate to me that he is building the policy binary on RHEL 6 for
> > RHEL 6 and then on install time its trying to downgrade the policy.
> He
> > is wondering why it didn't just build for the policy version being
> > used by the system.
> >
> > Dave -- selinux mailing list selinux@lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/selinux
>
> What policy file did it build?

Have you ever had one of those times when you try to debug a problem, but find your debug tool is broken, so you investigate that, but your investigation tool is broken, so you look into that, but... and so on?

Turns out you get the "Could not downgrade policy file /etc/selinux/targeted/policy/policy.24" error if you're running with SELinux disabled and something tries to install or reload policy: semodule -vR does it. This is on CentOS 6.2. Not sure if it's quite a bug, but a better message would be nice.


Moray.
“To err is human; to purr, feline.”





--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 06:59 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org