Mailing List Archive: Interesting error

Interesting error

Dec 11, 2012, 8:28 AM

Post #1 of 5 (1411 views)

I was having some permissions issues with my stable x86 box following
some updates late last week. For starters I pulled in r8 from the ~x86
tree but that didn't resolve the issues, so I just left SELinux running
permissive and finally had a couple hours today to look more closely at
what was going on. Tried running a sesearch command and this is what I
got back.

ERROR: policydb version 27 does not match my version range 15-26
ERROR: Unable to open policy /etc/selinux/strict/policy/policy.27.

So does r8 need a newer kernel or a newer setools package or what might
be happening here?

I have kernel 3.5.4-hardened-r1 and setools-3.3.7-r3 from the stable tree.

--
Stan & HD Tashi Grad 10/08 Edgewood, NM SWR
PR - Cindy and Jenny - Sammamish, WA NWR
http://www.cci.org

Re: Interesting error [ In reply to ]

prometheanfire at gentoo

Dec 11, 2012, 8:42 AM

Post #2 of 5 (1364 views)

Permalink

On 12/11/2012 10:28 AM, Stan Sander wrote:
> I was having some permissions issues with my stable x86 box following
> some updates late last week. For starters I pulled in r8 from the ~x86
> tree but that didn't resolve the issues, so I just left SELinux running
> permissive and finally had a couple hours today to look more closely at
> what was going on. Tried running a sesearch command and this is what I
> got back.
>
> ERROR: policydb version 27 does not match my version range 15-26
> ERROR: Unable to open policy /etc/selinux/strict/policy/policy.27.
>
> So does r8 need a newer kernel or a newer setools package or what might
> be happening here?
>
> I have kernel 3.5.4-hardened-r1 and setools-3.3.7-r3 from the stable tree.
>
do you have CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX set in the
kernel to anything?

--
-- Matthew Thode (prometheanfire)

Re: Interesting error [ In reply to ]

stsander at sblan

Dec 11, 2012, 8:45 AM

Post #3 of 5 (1370 views)

Permalink

On 12/11/2012 09:42 AM, Matthew Thode wrote:
>
> do you have CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX set in the
> kernel to anything?
>
Nope.

grep CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX /usr/src/linux/.config
# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set

--
Stan & HD Tashi Grad 10/08 Edgewood, NM SWR
PR - Cindy and Jenny - Sammamish, WA NWR
http://www.cci.org

Re: Interesting error [ In reply to ]

sven.vermeulen at siphos

Dec 11, 2012, 9:26 AM

Post #4 of 5 (1373 views)

Permalink

On Dec 11, 2012 5:43 PM, "Matthew Thode" <prometheanfire@gentoo.org> wrote:
> do you have CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX set in the
> kernel to anything?

You might need to "fix" (as in fixate) the version in
/etc/srlinux/strict/semanage.conf.

Wkr,
SwifT

Re: Interesting error [ In reply to ]

stsander at sblan

Dec 11, 2012, 9:50 AM

Post #5 of 5 (1373 views)

Permalink

On 12/11/2012 10:26 AM, Sven Vermeulen wrote:
>
>
> On Dec 11, 2012 5:43 PM, "Matthew Thode" <prometheanfire@gentoo.org
> <mailto:prometheanfire@gentoo.org>> wrote:
> > do you have CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX set in the
> > kernel to anything?
>
> You might need to "fix" (as in fixate) the version in
> /etc/srlinux/strict/semanage.conf.
>
> Wkr,
> SwifT
>
Do I need to recompile or reload anything after changing? Just making
the change in semanage.conf didn't help.

--
Stan & HD Tashi Grad 10/08 Edgewood, NM SWR
PR - Cindy and Jenny - Sammamish, WA NWR
http://www.cci.org

Mailing List Archive

Attached Files:

Attached Files:

Attached Files:

Attached Files: