Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1394042 - Error messages on file_contexts.bin after upgrading selinux-policy.
Summary: Error messages on file_contexts.bin after upgrading selinux-policy.
Keywords:
Status: CLOSED DUPLICATE of bug 1502009
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-mls
Version: 26
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-11-10 21:34 UTC by Valdis Kletnieks
Modified: 2017-10-19 12:28 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-10-19 12:28:34 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Valdis Kletnieks 2016-11-10 21:34:20 UTC 
Description of problem: After upgrading selinux-policy-mls, yum threw the following error messages:

  Updating   : selinux-policy-mls-3.13.1-224.fc26.noarch                 53/156 
/etc/selinux/mls/contexts/files/file_contexts.bin:  line 1 error due to: Non-ASCII characters found
/etc/selinux/mls/contexts/files/file_contexts.homedirs.bin:  line 1 error due to: Non-ASCII characters found
  Updating   : selinux-policy-targeted-3.13.1-224.fc26.noarch            54/156 

/bin/su is affected as well:
% su
Password: 
/etc/selinux/mls/contexts/files/file_contexts.bin:  line 1 error due to: Non-ASCII characters found
/etc/selinux/mls/contexts/files/file_contexts.homedirs.bin:  line 1 error due to: Non-ASCII characters found

Reverting selinux-policy and selinux-policy-mls to 3.13.1-222 clears up the error messages.

The problem appears to be in the preinstall scriptlet:

     if [ -e /etc/selinux/mls/.policy.sha512 ]; then 
        POLICY_FILE=`ls /etc/selinux/mls/policy/policy.* | sort | head -1` 
        sha512=`sha512sum $POLICY_FILE | cut -d ' ' -f 1`; 
	checksha512=`cat /etc/selinux/mls/.policy.sha512`; 
	if [ "$sha512" == "$checksha512" ] ; then 
		rm /etc/selinux/mls/.rebuild; 
	fi; 

So we look at the .policy.sha512 from the previous release - and then we compute the sha512 of the *current* policy, which is still the *previous* version because we're in preinstall, not postinstall.  So of course they match, so we nuke .rebuild and then the postinstall doesn't run semodule.

What *should* happen:

the pre-install saves the sha512 file in a .pre, and then hash the policy and compare in the postinstall....


Version-Release number of selected component (if applicable):
selinux-policy-mls-3.13.1-224.fc26

How reproducible:
selinux-policy-mls-3.13.1-224.fc26

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Fedora End Of Life 2017-02-28 10:35:59 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 26 development cycle.
Changing version to '26'.
Comment 2 Lukas Vrabec 2017-10-19 12:28:34 UTC 

*** This bug has been marked as a duplicate of bug 1502009 ***
Note You need to log in before you can comment on or make changes to this bug.