SCIENTIFIC-LINUX-USERS Archives

May 2018

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Problem with selinux since Kernel Update
From:
Gilles Detillieux <[log in to unmask]>
Reply To:
Gilles Detillieux <[log in to unmask]>
Date:
Wed, 23 May 2018 21:08:04 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (74 lines) 
On 2018-05-23 17:26, Orion Poplawski wrote:
> On 05/15/2018 05:45 PM, Orion Poplawski wrote:
>> On 05/15/2018 05:41 PM, Orion Poplawski wrote:
>>> On 05/15/2018 12:23 PM, Maarten wrote:
>>>> I have the same problem on all of my systems, running the same package
>>>> versions and kernel, also under 7.5:
>>>>
>>>> libsepol.policydb_read: policydb version 31 does not match my version
>>>> range 15-30
>>>> invalid binary policy
>>>>
>>>> 3.10.0-862.2.3.el7.x86_64
>>>>
>>>> policycoreutils-2.5-22.el7.x86_64
>>>> checkpolicy-2.5-6.el7.x86_64
>>>> selinux-policy-targeted-3.13.1-192.el7_5.3.noarch
>>>> policycoreutils-python-2.5-22.el7.x86_64
>>>> selinux-policy-3.13.1-192.el7_5.3.noarch
>>>>
>>>> sl-release-7.5-2.sl7.x86_64
>>>>
>>>>
>>>>
>>>> On 05/11/2018 07:29 AM, Klaus Steinberger wrote:
>>>>> Am 04.05.2018 um 13:06 schrieb Steven C Timm:
>>>>>> Did you just update the kernel or also all the other security updates
>>>>>> that came out.
>>>>> The problem is also after upgrading to SL 7.5:
>>>>>
>>>>> [root@dmz-sv-mirror01 ~]# audit2allow -a -m local
>>>>> libsepol.policydb_read: policydb version 31 does not match my version
>>>>> range 15-30
>>>>> invalid binary policy ���\T
>>>>>
>>>>> [root@dmz-sv-mirror01 ~]# uname -a
>>>>> Linux dmz-sv-mirror01.physik.uni-muenchen.de 3.10.0-862.2.3.el7.x86_64 #1 SMP
>>>>> Tue May 8 14:55:36 CDT 2018 x86_64 x86_64 x86_64 GNU/Linux
>>>>> [root@dmz-sv-mirror01 ~]# rpm -q -a | grep policy
>>>>> policycoreutils-2.5-22.el7.x86_64
>>>>> policycoreutils-python-2.5-22.el7.x86_64
>>>>> checkpolicy-2.5-6.el7.x86_64
>>>>> selinux-policy-targeted-3.13.1-192.el7_5.3.noarch
>>>>> selinux-policy-3.13.1-192.el7_5.3.noarch
>>>>> [root@dmz-sv-mirror01 ~]#
>>>>>
>>>>> Sincerly,
>>>>> Klaus
>>>>>
>>>
>>> I see this as well.  Very strange since the message and constants appear to
>>> be defined in libsepol, and since that is updated I don't see how the
>>> policydb version can be wrong.
>>>
>>> # strings /usr/lib64/libsepol.so.1 | grep 'version range'
>>> policydb version %d does not match my version range %d-%d
>>> policydb module version %d does not match my version range %d-%d
>>> # rpm -q libsepol
>>> libsepol-2.5-8.1.el7.x86_64
>>>
>> Ah, but there is a libsepol-static package - so if packages were incorrectly
>> built against the older version of that, that would explain the problem.
> Ping?  I think this is a pretty serious issue with the SL7.5 packages.  I
> don't see this with CentOS or RHEL.

I have been seeing this error on my systems as well since upgrading to 
SL 7.5. It's causing setroubleshootd to crash too. I fix for this would 
be much appreciated.

-- 
Gilles R. Detillieux              E-mail: <[log in to unmask]>
Spinal Cord Research Centre       WWW:    http://www.scrc.umanitoba.ca/
Dept. of Physiology and Pathophysiology, Faculty of Health Sciences,
Univ. of Manitoba  Winnipeg, MB  R3E 0J9  (Canada)

ATOM RSS1 RSS2