LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

May 2018

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS May 2018

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Problem with selinux since Kernel Update
From:	Orion Poplawski <[log in to unmask]>
Reply To:	Orion Poplawski <[log in to unmask]>
Date:	Tue, 15 May 2018 17:45:23 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (73 lines)

On 05/15/2018 05:41 PM, Orion Poplawski wrote:
> On 05/15/2018 12:23 PM, Maarten wrote:
>> I have the same problem on all of my systems, running the same package
>> versions and kernel, also under 7.5:
>>
>> libsepol.policydb_read: policydb version 31 does not match my version
>> range 15-30
>> invalid binary policy
>>
>> 3.10.0-862.2.3.el7.x86_64
>>
>> policycoreutils-2.5-22.el7.x86_64
>> checkpolicy-2.5-6.el7.x86_64
>> selinux-policy-targeted-3.13.1-192.el7_5.3.noarch
>> policycoreutils-python-2.5-22.el7.x86_64
>> selinux-policy-3.13.1-192.el7_5.3.noarch
>>
>> sl-release-7.5-2.sl7.x86_64
>>
>>
>>
>> On 05/11/2018 07:29 AM, Klaus Steinberger wrote:
>>> Am 04.05.2018 um 13:06 schrieb Steven C Timm:
>>>> Did you just update the kernel or also all the other security 
>>>> updates that came out.
>>> The problem is also after upgrading to SL 7.5:
>>>
>>> [root@dmz-sv-mirror01 ~]# audit2allow -a -m local
>>> libsepol.policydb_read: policydb version 31 does not match my version 
>>> range 15-30
>>> invalid binary policy ���\T
>>>
>>> [root@dmz-sv-mirror01 ~]# uname -a
>>> Linux dmz-sv-mirror01.physik.uni-muenchen.de 
>>> 3.10.0-862.2.3.el7.x86_64 #1 SMP
>>> Tue May 8 14:55:36 CDT 2018 x86_64 x86_64 x86_64 GNU/Linux
>>> [root@dmz-sv-mirror01 ~]# rpm -q -a | grep policy
>>> policycoreutils-2.5-22.el7.x86_64
>>> policycoreutils-python-2.5-22.el7.x86_64
>>> checkpolicy-2.5-6.el7.x86_64
>>> selinux-policy-targeted-3.13.1-192.el7_5.3.noarch
>>> selinux-policy-3.13.1-192.el7_5.3.noarch
>>> [root@dmz-sv-mirror01 ~]#
>>>
>>> Sincerly,
>>> Klaus
>>>
> 
> 
> I see this as well.  Very strange since the message and constants appear 
> to be defined in libsepol, and since that is updated I don't see how the 
> policydb version can be wrong.
> 
> # strings /usr/lib64/libsepol.so.1 | grep 'version range'
> policydb version %d does not match my version range %d-%d
> policydb module version %d does not match my version range %d-%d
> # rpm -q libsepol
> libsepol-2.5-8.1.el7.x86_64
> 

Ah, but there is a libsepol-static package - so if packages were 
incorrectly built against the older version of that, that would explain 
the problem.



-- 
Orion Poplawski
Manager of NWRA Technical Systems          720-772-5637
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       [log in to unmask]
Boulder, CO 80301                 https://www.nwra.com/

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV