Hi Orion,
Thank you for the report. A new version of libsepol has been pushed out which should address your problem.
Thanks!
On 5/23/18, 5:26 PM, "[log in to unmask] on behalf of Orion Poplawski" <[log in to unmask] on behalf of [log in to unmask]> wrote:
On 05/15/2018 05:45 PM, Orion Poplawski wrote:
> On 05/15/2018 05:41 PM, Orion Poplawski wrote:
>> On 05/15/2018 12:23 PM, Maarten wrote:
>>> I have the same problem on all of my systems, running the same package
>>> versions and kernel, also under 7.5:
>>>
>>> libsepol.policydb_read: policydb version 31 does not match my version
>>> range 15-30
>>> invalid binary policy
>>>
>>> 3.10.0-862.2.3.el7.x86_64
>>>
>>> policycoreutils-2.5-22.el7.x86_64
>>> checkpolicy-2.5-6.el7.x86_64
>>> selinux-policy-targeted-3.13.1-192.el7_5.3.noarch
>>> policycoreutils-python-2.5-22.el7.x86_64
>>> selinux-policy-3.13.1-192.el7_5.3.noarch
>>>
>>> sl-release-7.5-2.sl7.x86_64
>>>
>>>
>>>
>>> On 05/11/2018 07:29 AM, Klaus Steinberger wrote:
>>>> Am 04.05.2018 um 13:06 schrieb Steven C Timm:
>>>>> Did you just update the kernel or also all the other security updates
>>>>> that came out.
>>>> The problem is also after upgrading to SL 7.5:
>>>>
>>>> [root@dmz-sv-mirror01 ~]# audit2allow -a -m local
>>>> libsepol.policydb_read: policydb version 31 does not match my version
>>>> range 15-30
>>>> invalid binary policy ���\T
>>>>
>>>> [root@dmz-sv-mirror01 ~]# uname -a
>>>> Linux dmz-sv-mirror01.physik.uni-muenchen.de 3.10.0-862.2.3.el7.x86_64 #1 SMP
>>>> Tue May 8 14:55:36 CDT 2018 x86_64 x86_64 x86_64 GNU/Linux
>>>> [root@dmz-sv-mirror01 ~]# rpm -q -a | grep policy
>>>> policycoreutils-2.5-22.el7.x86_64
>>>> policycoreutils-python-2.5-22.el7.x86_64
>>>> checkpolicy-2.5-6.el7.x86_64
>>>> selinux-policy-targeted-3.13.1-192.el7_5.3.noarch
>>>> selinux-policy-3.13.1-192.el7_5.3.noarch
>>>> [root@dmz-sv-mirror01 ~]#
>>>>
>>>> Sincerly,
>>>> Klaus
>>>>
>>
>>
>> I see this as well. Very strange since the message and constants appear to
>> be defined in libsepol, and since that is updated I don't see how the
>> policydb version can be wrong.
>>
>> # strings /usr/lib64/libsepol.so.1 | grep 'version range'
>> policydb version %d does not match my version range %d-%d
>> policydb module version %d does not match my version range %d-%d
>> # rpm -q libsepol
>> libsepol-2.5-8.1.el7.x86_64
>>
>
> Ah, but there is a libsepol-static package - so if packages were incorrectly
> built against the older version of that, that would explain the problem.
Ping? I think this is a pretty serious issue with the SL7.5 packages. I
don't see this with CentOS or RHEL.
--
Orion Poplawski
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane [log in to unmask]
Boulder, CO 80301 https://urldefense.proofpoint.com/v2/url?u=https-3A__www.nwra.com_&d=DwIFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=K5IsmKIlfeGD3zuXIueSwQ&m=HOrUKrdX0_RlnX8W2Rv3LAamiLNAjjE-5-bEaEhgGV0&s=jhQsxCFCn_mwuHV1RYyI1eTN2PZLmTZz9BKjcZPSQWg&e=