Hi Orion, Thank you for the report. A new version of libsepol has been pushed out which should address your problem. Thanks! On 5/23/18, 5:26 PM, "[log in to unmask] on behalf of Orion Poplawski" <[log in to unmask] on behalf of [log in to unmask]> wrote: On 05/15/2018 05:45 PM, Orion Poplawski wrote: > On 05/15/2018 05:41 PM, Orion Poplawski wrote: >> On 05/15/2018 12:23 PM, Maarten wrote: >>> I have the same problem on all of my systems, running the same package >>> versions and kernel, also under 7.5: >>> >>> libsepol.policydb_read: policydb version 31 does not match my version >>> range 15-30 >>> invalid binary policy >>> >>> 3.10.0-862.2.3.el7.x86_64 >>> >>> policycoreutils-2.5-22.el7.x86_64 >>> checkpolicy-2.5-6.el7.x86_64 >>> selinux-policy-targeted-3.13.1-192.el7_5.3.noarch >>> policycoreutils-python-2.5-22.el7.x86_64 >>> selinux-policy-3.13.1-192.el7_5.3.noarch >>> >>> sl-release-7.5-2.sl7.x86_64 >>> >>> >>> >>> On 05/11/2018 07:29 AM, Klaus Steinberger wrote: >>>> Am 04.05.2018 um 13:06 schrieb Steven C Timm: >>>>> Did you just update the kernel or also all the other security updates >>>>> that came out. >>>> The problem is also after upgrading to SL 7.5: >>>> >>>> [root@dmz-sv-mirror01 ~]# audit2allow -a -m local >>>> libsepol.policydb_read: policydb version 31 does not match my version >>>> range 15-30 >>>> invalid binary policy ���\T >>>> >>>> [root@dmz-sv-mirror01 ~]# uname -a >>>> Linux dmz-sv-mirror01.physik.uni-muenchen.de 3.10.0-862.2.3.el7.x86_64 #1 SMP >>>> Tue May 8 14:55:36 CDT 2018 x86_64 x86_64 x86_64 GNU/Linux >>>> [root@dmz-sv-mirror01 ~]# rpm -q -a | grep policy >>>> policycoreutils-2.5-22.el7.x86_64 >>>> policycoreutils-python-2.5-22.el7.x86_64 >>>> checkpolicy-2.5-6.el7.x86_64 >>>> selinux-policy-targeted-3.13.1-192.el7_5.3.noarch >>>> selinux-policy-3.13.1-192.el7_5.3.noarch >>>> [root@dmz-sv-mirror01 ~]# >>>> >>>> Sincerly, >>>> Klaus >>>> >> >> >> I see this as well. Very strange since the message and constants appear to >> be defined in libsepol, and since that is updated I don't see how the >> policydb version can be wrong. >> >> # strings /usr/lib64/libsepol.so.1 | grep 'version range' >> policydb version %d does not match my version range %d-%d >> policydb module version %d does not match my version range %d-%d >> # rpm -q libsepol >> libsepol-2.5-8.1.el7.x86_64 >> > > Ah, but there is a libsepol-static package - so if packages were incorrectly > built against the older version of that, that would explain the problem. Ping? I think this is a pretty serious issue with the SL7.5 packages. I don't see this with CentOS or RHEL. -- Orion Poplawski Manager of NWRA Technical Systems 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane [log in to unmask] Boulder, CO 80301 https://urldefense.proofpoint.com/v2/url?u=https-3A__www.nwra.com_&d=DwIFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=K5IsmKIlfeGD3zuXIueSwQ&m=HOrUKrdX0_RlnX8W2Rv3LAamiLNAjjE-5-bEaEhgGV0&s=jhQsxCFCn_mwuHV1RYyI1eTN2PZLmTZz9BKjcZPSQWg&e=