-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you are a newbie and you have selinux disabled, why are you using strict policy? I would change to targeted policy and force a relabel. Strict policy is only for experienced users. I think at some point you got a update with an apt policy module, that has screwed up your policy pool. yum upgrade selinux-policy-targeted Change to targeted policy rpm -e selinux-policy-strict touch /.autorelabel reboot Of course the best solution would be to upgrade to F7 or F8. :^) Dave Burns wrote: >>> /etc/selinux/strict/contexts/files/file_contexts: Multiple different >>> specifications for /usr/bin/apt-get [...] >>> >>> >> This means you have both the apt policy and the rpm policy installed at >> the same time. Both label the files differently. Can you remove the >> apt policy >> >> semodule -r apt > > semodule -r apt > libsepol.context_from_record: invalid security context: > system_u:object_r:amanda_usr_lib_t:s0 > libsepol.context_from_record: could not create context structure > libsepol.context_from_string: could not create context structure > libsepol.sepol_context_to_sid: could not convert > system_u:object_r:amanda_usr_lib_t:s0 to sid > /etc/selinux/strict/contexts/files/file_contexts: line 3124 has > invalid context system_u:object_r:amanda_usr_lib_t:s0 > libsemanage.semanage_install_active: setfiles returned error code 1. > /etc/selinux/strict/contexts/files/file_contexts: Multiple different > specifications for /usr/bin/apt-get (system_u:object_r:rpm_exec_t:s0 > and system_u:object_r:apt_exec_t:s0). > /etc/selinux/strict/contexts/files/file_contexts: Multiple different > specifications for /usr/bin/apt-shell > (system_u:object_r:rpm_exec_t:s0 and system_u:object_r:apt_exec_t:s0). > semodule: Failed! > > > More context - I am a selinux newbie and have done nothing (that I > know of) to alter the default policy that was installed with fc5. > > I thought I had done an autorelabel, but it turns out I was thinking > of another machine. SELinux is *disabled* on this machine! How > could/why would apt start nipping my ankles? > > So far as I know, I have no use for amanda. Of course, it may be an > obscure dependency of something else I love, hard for me to know. > > S0 I re-enabled selinux but set it to permissive after rebooting to do > an autorelabel. Unfortunately, same errors with some additional info: > > [root@hostname ~]# semodule -r apt > libsepol.context_from_record: invalid security context: > system_u:object_r:amanda_usr_lib_t:s0 > libsepol.context_from_record: could not create context structure > libsepol.context_from_string: could not create context structure > libsepol.sepol_context_to_sid: could not convert > system_u:object_r:amanda_usr_lib_t:s0 to sid > /etc/selinux/strict/contexts/files/file_contexts: line 3124 has > invalid context system_u:object_r:amanda_usr_lib_t:s0 > libsemanage.semanage_install_active: setfiles returned error code 1. > libsemanage.semanage_exec_prog: Child process /usr/sbin/load_policy > did not exit cleanly. > libsemanage.semanage_reload_policy: load_policy returned error code -1. > semodule: Failed! > [root@hostname ~]# > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: Oops: 0000 [#1] > > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: SMP > > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: CPU: 1 > > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: EIP: 0060:[<c04c9adc>] Not tainted VLI > > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: EFLAGS: 00010246 (2.6.20-1.2320.fc5smp #1) > > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: EIP is at symhash+0xc/0x33 > > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: eax: 00000000 ebx: f6f8afe0 ecx: ffffffff edx: 00000000 > > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: esi: f6f8afe0 edi: 00000000 ebp: ed613cf4 esp: ed613cbc > > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: ds: 007b es: 007b ss: 0068 > > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: Process load_policy (pid: 3158, ti=ed613000 > task=f6af3320 task.ti=ed613000) > > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: Stack: f6f8afe0 ed613f14 00000000 c04c989a 00000000 > ed613f14 f668c7c4 c04cf78b > > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: 00000040 00000000 00000001 00000002 00000000 > 00000001 00000000 00000000 > > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: 00000001 00000000 00000000 dcc8fcc4 ed613ecc > c04c9de2 000000ff f668c7c0 > > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: Call Trace: > > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: [<c0 > > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: [<c04cf78b>] convert_context+0xc9/0x1f4 > > Message from syslogd@hostname at Tue Oct 23 10:00:52 20 > ca > > Message from sysl > hostname kernel: [< > > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: [<c04cf6c2>] convert_context+0x0/0x1f4 > > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: [<c04ced79>] security_load_policy+0x1a0/0x26e > > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: [<c042677b>] __call_console_drivers+0x4f/0x5b > > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: [<c04c215b>] avc_audit+0xcc3/0xcce > > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: [<c045727c>] __alloc_pages+0x68/0x2aa > > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: [<c04200fd>] task_running_tick+0x2d/0x237 > > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: [<c04236be>] scheduler_tick+0x7c/0xdc > > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: [<c04c7f6f>] sel_write_load+0x > > > hostname kernel: [<c04c7edb>] sel_write_load+0x0/0x2cb > > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: [<c04706e4>] > > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: [<c0470cff>] sys_write+0x41/0x67 > > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: [< > > Message from syslogd@hostname at Tue Oct 23 10:00:52 2007 ... > hostname kernel: ======================= > > Message from syslogd@hostname at Tue Oct 23 > hostname kernel: Code: db e8 20 27 fa ff eb 0e 8b 03 c7 04 90 00 00 00 > 00 42 39 f2 75 f2 89 d8 5b 5e 5f 5d c3 90 90 57 83 c9 ff 56 89 d7 89 > c6 31 > > Message from syslogd@hostname at T > hostname kernel: EIP: [<c04c9adc>] symhash+0xc/0x33 SS:ESP 0068:ed613cbc > > Whoa dude! > > Dave > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD4DBQFHHlxhrlYvE4MpobMRAmvKAKDfDS7Md7Bhrfs8MseLuT4y6ejoCQCXX3Ax XCAHdUl4zc58iinXm+SMAA== =VXtf -----END PGP SIGNATURE-----