This appears to be an upstream issue. The post install trigger for the particular policy rpms (targeted, mls, etc) is running the following [ "${SELINUXTYPE}" == "%1" ] && [ selinuxenabled ] && load_policy; However, it should be [ "${SELINUXTYPE}" == "%1" ] && selinuxenabled && load_policy; The extra [ ] are causing the test to always return true, and therefore attempt to load a policy when selinux is not enabled. If 'getenforce' reports 'Disabled' the error is safe to ignore as it is merely load_policy being unable to actually load the policy. If selinux is enabled and you see this error, there is something else very wrong with the system. Upstream bug #769859 Pat I've still no idea why my random test VMs didn't show the error, but they've since been re-purposed for 6.2 stuff so I'm going to assume there was something funny in them. On 12/19/2011 03:37 PM, Nelson Marques wrote: > Have you already any solid evidence that it is an upstream bug or you > were just tossing around a lucky guess ? > > 2011/12/19 Morten Stevens<[log in to unmask]>: >> On 19.12.2011 21:07, Pat Riehecky wrote: >>> On 12/19/2011 09:07 AM, Stephan Wiesand wrote: >>>> On Dec 17, 2011, at 14:40 , Morten Stevens wrote: >>>> >>>>> On 17.12.2011 03:30, Steven Haigh wrote: >>>>>> I noticed that all my SL6x systems have updated to the following >>>>>> selinux packages overnight: >>>>>> selinux-policy noarch 3.7.19-126.el6 sl6x-security 771 k >>>>>> selinux-policy-targeted noarch 3.7.19-126.el6 sl6x-security 2.5 M >>>>>> >>>>>> In the email logs on every system I notice: >>>>>> SELinux: Could not downgrade policy file >>>>>> /etc/selinux/targeted/policy/policy.24, searching for an older >>>>>> version. >>>>>> SELinux: Could not open policy file<= >>>>>> /etc/selinux/targeted/policy/policy.24: No such file or directory >>>>>> load_policy: Can't load policy: No such file or directory >>>>>> >>>>>> As I usually disable SELinux on all my systems, I'm not sure if this >>>>>> will have any effect for those who still run with SELinux enabled - >>>>>> but it seems strange so I thought I'd report it... >>>>> This is an upstream bug... I see this error message on all my systems. >>>> Hmm... I don't observe this on my systems, whether or not SELinux is >>>> disabled. >>>> >>>> Stephan >>>> >>> I will echo Stephan's observations on this. I checked 4 systems (2 - >>> i386, 2 - x86_64; one enforcing one disabled for each arch) and I was >>> unable to generate the error listed. >>> >>> Pat >> >> Hi, >> >> That's strange ... I see this error message on every el6 based system. >> >> For example: >> >> [root@x86-014 ~]# cat /etc/redhat-release >> Red Hat Enterprise Linux Server release 6.1 (Santiago) >> >> [root@x86-014 ~]# sestatus >> SELinux status: disabled >> >> [root@x86-014 ~]# yum update >> >> ... >> >> Updating : selinux-policy-targeted-3.7.19-126.el6_2.3.noarch 99/247 >> >> SELinux: Could not downgrade policy file >> /etc/selinux/targeted/policy/policy.24, searching for an older version. >> SELinux: Could not open policy file<= >> /etc/selinux/targeted/policy/policy.24: No such file or directory >> >> Best regards, >> >> Morten > > -- Pat Riehecky Scientific Linux Developer