This appears to be an upstream issue.
The post install trigger for the particular policy rpms (targeted, mls,
etc) is running the following
[ "${SELINUXTYPE}" == "%1" ] && [ selinuxenabled ] && load_policy;
However, it should be
[ "${SELINUXTYPE}" == "%1" ] && selinuxenabled && load_policy;
The extra [ ] are causing the test to always return true, and therefore
attempt to load a policy when selinux is not enabled.
If 'getenforce' reports 'Disabled' the error is safe to ignore as it is
merely load_policy being unable to actually load the policy. If selinux
is enabled and you see this error, there is something else very wrong
with the system.
Upstream bug #769859
Pat
I've still no idea why my random test VMs didn't show the error, but
they've since been re-purposed for 6.2 stuff so I'm going to assume
there was something funny in them.
On 12/19/2011 03:37 PM, Nelson Marques wrote:
> Have you already any solid evidence that it is an upstream bug or you
> were just tossing around a lucky guess ?
>
> 2011/12/19 Morten Stevens<[log in to unmask]>:
>> On 19.12.2011 21:07, Pat Riehecky wrote:
>>> On 12/19/2011 09:07 AM, Stephan Wiesand wrote:
>>>> On Dec 17, 2011, at 14:40 , Morten Stevens wrote:
>>>>
>>>>> On 17.12.2011 03:30, Steven Haigh wrote:
>>>>>> I noticed that all my SL6x systems have updated to the following
>>>>>> selinux packages overnight:
>>>>>> selinux-policy noarch 3.7.19-126.el6 sl6x-security 771 k
>>>>>> selinux-policy-targeted noarch 3.7.19-126.el6 sl6x-security 2.5 M
>>>>>>
>>>>>> In the email logs on every system I notice:
>>>>>> SELinux: Could not downgrade policy file
>>>>>> /etc/selinux/targeted/policy/policy.24, searching for an older
>>>>>> version.
>>>>>> SELinux: Could not open policy file<=
>>>>>> /etc/selinux/targeted/policy/policy.24: No such file or directory
>>>>>> load_policy: Can't load policy: No such file or directory
>>>>>>
>>>>>> As I usually disable SELinux on all my systems, I'm not sure if this
>>>>>> will have any effect for those who still run with SELinux enabled -
>>>>>> but it seems strange so I thought I'd report it...
>>>>> This is an upstream bug... I see this error message on all my systems.
>>>> Hmm... I don't observe this on my systems, whether or not SELinux is
>>>> disabled.
>>>>
>>>> Stephan
>>>>
>>> I will echo Stephan's observations on this. I checked 4 systems (2 -
>>> i386, 2 - x86_64; one enforcing one disabled for each arch) and I was
>>> unable to generate the error listed.
>>>
>>> Pat
>>
>> Hi,
>>
>> That's strange ... I see this error message on every el6 based system.
>>
>> For example:
>>
>> [root@x86-014 ~]# cat /etc/redhat-release
>> Red Hat Enterprise Linux Server release 6.1 (Santiago)
>>
>> [root@x86-014 ~]# sestatus
>> SELinux status: disabled
>>
>> [root@x86-014 ~]# yum update
>>
>> ...
>>
>> Updating : selinux-policy-targeted-3.7.19-126.el6_2.3.noarch 99/247
>>
>> SELinux: Could not downgrade policy file
>> /etc/selinux/targeted/policy/policy.24, searching for an older version.
>> SELinux: Could not open policy file<=
>> /etc/selinux/targeted/policy/policy.24: No such file or directory
>>
>> Best regards,
>>
>> Morten
>
>
--
Pat Riehecky
Scientific Linux Developer
|