Re: Invalid context with latest SELinux update.

[Daniel J Walsh <dwalsh@xxxxxxxxxx>]

Erik P. Olsen wrote:

> On Mon, 2005-06-20 at 15:08 -0400, Daniel J Walsh wrote:
>  
>
> > Daniel J Walsh wrote:
> >
> >    
> >
> > > Erik P. Olsen wrote:
> > >
> > >      
> > >
> > > > On Mon, 2005-06-20 at 11:41 -0400, Daniel J Walsh wrote:
> > > >
> > > >
> > > >        
> > > >
> > > > > Erik P. Olsen wrote:
> > > > >
> > > > >  
> > > > >
> > > > >          
> > > > >
> > > > > > After having updated FC3 with the latest SELinux I get following error
> > > > > > messages during boot:
> > > > > >
> > > > > > Starting udev: /etc/selinux/targeted/contexts/files/file_contexts line
> > > > > > 287 has invalid context system_u:object_r:crypt_device_t
> > > > > >
> > > > > > Starting xfs: /etc/selinux/targeted/contexts/files/file_contexts line
> > > > > > 888 has invalid
> > > > > > context system_u:object_r:system_dbusd_var_run_t
> > > > > >
> > > > > > I can't see any side effect from this but what does it mean and 
> > > > > > what can
> > > > > > I do to correct it?
> > > > > >
> > > > > > SELinux installation:
> > > > > >
> > > > > > libselinux-1.19.1-8.i386.rpm
> > > > > > libselinux-devel-1.19.1-8.i386.rpm
> > > > > > selinux-doc-1.14.1-1.noarch.rpm
> > > > > > selinux-policy-strict-1.19.10-2.noarch.rpm
> > > > > > selinux-policy-strict-sources-1.19.10-2.noarch.rpm
> > > > > > selinux-policy-targeted-1.17.30-3.9.noarch.rpm
> > > > > > selinux-policy-targeted-sources-1.17.30-3.9.noarch.rpm
> > > > > >
> > > > > >
> > > > > >
> > > > > >    
> > > > > >            
> > > > > Can you try to reload policy
> > > > >
> > > > > cd /etc/selinux/targeted/src/policy
> > > > > make reload
> > > > >  
> > > > >          
> > > > Yes, and here is what make told me:
> > > >
> > > > [root@epo policy]# make reload
> > > > mkdir -p /etc/selinux/targeted/policy
> > > > /usr/bin/checkpolicy -o /etc/selinux/targeted/policy/policy.18
> > > > policy.conf
> > > > /usr/bin/checkpolicy:  loading policy configuration from policy.conf
> > > > domains/unconfined.te:19:ERROR 'syntax error' at token '{' on line 3894:
> > > > typeattribute tty_device_t { tty_device_t devpts_t };
> > > > typealias unconfined_t alias { kernel_t init_t initrc_t logrotate_t
> > > > sendmail_t sshd_t secadm_t sysadm_t rpm_t rpm_script_t xdm_t };
> > > > /usr/bin/checkpolicy:  error(s) encountered while parsing configuration
> > > > make: *** [/etc/selinux/targeted/policy/policy.18] Error 1
> > > > [root@epo policy]#
> > > >
> > > > Obviously something is wrong, but I don't understand what it's all
> > > > about :-(
> > > >
> > > >
> > > >
> > > >        
> > > What version of checkpolicy do you have installed?
> > >
> > > Dan
> > >      
> > Can you cd /etc/selinux/targeted/src/policy
> > grep -R define.*admin_tty_type .
> >    
>
> [root@epo policy]# grep -R define.*admin_tty_type .
> ./macros/program/chroot_macros.te:define(`chroot_tty_device', `
> { console_device_t admin_tty_type }')
> [root@epo policy]#
>
>  
Ok how about

grep -R define.*ttyp_device_t .


--