Subject: | |
From: | |
Reply To: | |
Date: | Tue, 15 May 2018 17:45:23 -0600 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
On 05/15/2018 05:41 PM, Orion Poplawski wrote:
> On 05/15/2018 12:23 PM, Maarten wrote:
>> I have the same problem on all of my systems, running the same package
>> versions and kernel, also under 7.5:
>>
>> libsepol.policydb_read: policydb version 31 does not match my version
>> range 15-30
>> invalid binary policy
>>
>> 3.10.0-862.2.3.el7.x86_64
>>
>> policycoreutils-2.5-22.el7.x86_64
>> checkpolicy-2.5-6.el7.x86_64
>> selinux-policy-targeted-3.13.1-192.el7_5.3.noarch
>> policycoreutils-python-2.5-22.el7.x86_64
>> selinux-policy-3.13.1-192.el7_5.3.noarch
>>
>> sl-release-7.5-2.sl7.x86_64
>>
>>
>>
>> On 05/11/2018 07:29 AM, Klaus Steinberger wrote:
>>> Am 04.05.2018 um 13:06 schrieb Steven C Timm:
>>>> Did you just update the kernel or also all the other security
>>>> updates that came out.
>>> The problem is also after upgrading to SL 7.5:
>>>
>>> [root@dmz-sv-mirror01 ~]# audit2allow -a -m local
>>> libsepol.policydb_read: policydb version 31 does not match my version
>>> range 15-30
>>> invalid binary policy ���\T
>>>
>>> [root@dmz-sv-mirror01 ~]# uname -a
>>> Linux dmz-sv-mirror01.physik.uni-muenchen.de
>>> 3.10.0-862.2.3.el7.x86_64 #1 SMP
>>> Tue May 8 14:55:36 CDT 2018 x86_64 x86_64 x86_64 GNU/Linux
>>> [root@dmz-sv-mirror01 ~]# rpm -q -a | grep policy
>>> policycoreutils-2.5-22.el7.x86_64
>>> policycoreutils-python-2.5-22.el7.x86_64
>>> checkpolicy-2.5-6.el7.x86_64
>>> selinux-policy-targeted-3.13.1-192.el7_5.3.noarch
>>> selinux-policy-3.13.1-192.el7_5.3.noarch
>>> [root@dmz-sv-mirror01 ~]#
>>>
>>> Sincerly,
>>> Klaus
>>>
>
>
> I see this as well. Very strange since the message and constants appear
> to be defined in libsepol, and since that is updated I don't see how the
> policydb version can be wrong.
>
> # strings /usr/lib64/libsepol.so.1 | grep 'version range'
> policydb version %d does not match my version range %d-%d
> policydb module version %d does not match my version range %d-%d
> # rpm -q libsepol
> libsepol-2.5-8.1.el7.x86_64
>
Ah, but there is a libsepol-static package - so if packages were
incorrectly built against the older version of that, that would explain
the problem.
--
Orion Poplawski
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane [log in to unmask]
Boulder, CO 80301 https://www.nwra.com/
|
|
|