Debian Bug report logs - #677730
policycoreutils: sepolgen-ifgen doesn't work if policy utils are newer than the kernel

version graph

Package: policycoreutils; Maintainer for policycoreutils is Debian SELinux maintainers <selinux-devel@lists.alioth.debian.org>; Source for policycoreutils is src:policycoreutils.

Reported by: Russell Coker <russell@coker.com.au>

Date: Sat, 16 Jun 2012 15:06:02 UTC

Severity: normal

Tags: moreinfo

Found in version policycoreutils/2.1.10-8

Done: Russell Coker <russell@coker.com.au>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian SELinux maintainers <selinux-devel@lists.alioth.debian.org>:
Bug#677730; Package policycoreutils. (Sat, 16 Jun 2012 15:06:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Russell Coker <russell@coker.com.au>:
New Bug report received and forwarded. Copy sent to Debian SELinux maintainers <selinux-devel@lists.alioth.debian.org>. (Sat, 16 Jun 2012 15:06:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: policycoreutils: sepolgen-ifgen doesn't work if policy utils are newer than the kernel
Date: Sun, 17 Jun 2012 00:08:42 +1000
Package: policycoreutils
Version: 2.1.10-8
Severity: normal

When sepolgen-ifgen is run it first looks at the policyvers file in the
selinuxfs and then looks at the running policy.  If policyvers says version
24 (IE the kernel from Squeeze) and all the utilities are from Wheezy (which
generate a policy.26 file) then load_policy works fine (it downgrades the
policy to version 24) but sepolgen-ifgen doesn't work as it starts looking
at version 24 and then looks for lower numbers.

If sepolgen-ifgen can't find a policy that matches the kernel version then it
should start with the highest number it supports and then work it's way down.

-- System Information:
Debian Release: wheezy/sid
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages policycoreutils depends on:
ii  dpkg              1.16.4.2
ii  libaudit0         1:1.7.18-1.1
ii  libc6             2.13-33
ii  libcap-ng0        0.6.6-1
ii  libcap2           1:2.22-1.1
ii  libcgroup1        0.37.1-2
ii  libdbus-1-3       1.6.0-1
ii  libdbus-glib-1-2  0.98-1
ii  libglib2.0-0      2.32.3-1
ii  libpam0g          1.1.3-7.1
ii  libpcre3          1:8.30-5
ii  libselinux1       2.1.9-5
ii  libsemanage1      2.1.6-6
ii  libsepol1         2.1.4-3
ii  lsb-base          4.1+Debian7
ii  psmisc            22.17-2
ii  python            2.7.3~rc2-1
ii  python-ipy        1:0.75-1
ii  python-selinux    2.1.9-5
ii  python-semanage   2.1.6-6
ii  python-sepolgen   1.1.5-3
ii  python-setools    3.3.7-2
ii  python2.6         2.6.7-4
ii  python2.7         2.7.3~rc2-2.1

Versions of packages policycoreutils recommends:
ii  selinux-policy-default  2:2.20110726-5

Versions of packages policycoreutils suggests:
ii  selinux-policy-dev  2:2.20110726-5

-- no debconf information




Information forwarded to debian-bugs-dist@lists.debian.org, Debian SELinux maintainers <selinux-devel@lists.alioth.debian.org>:
Bug#677730; Package policycoreutils. (Sun, 29 Dec 2013 13:36:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Laurent Bigonville <bigon@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian SELinux maintainers <selinux-devel@lists.alioth.debian.org>. (Sun, 29 Dec 2013 13:36:05 GMT) Full text and rfc822 format available.

Message #10 received at 677730@bugs.debian.org (full text, mbox):

From: Laurent Bigonville <bigon@debian.org>
To: 677730-submitter@bugs.debian.org
Cc: 677730@bugs.debian.org
Subject: Re: policycoreutils: sepolgen-ifgen doesn't work if policy utils are newer than the kernel
Date: Sun, 29 Dec 2013 14:33:16 +0100
Hi,

I maybe doesn't understand the problem properly or the problem has been
fixed.

On my machine here (up-to-date sid):

cat /sys/fs/selinux/policyvers => 28

and the loaded policy is:

/etc/selinux/default/policy/policy.29


sepolgen-ifgen is running fine (except a warning) with the current
refpolicy package in unstable.

Are you still able to reproduce this?

Cheers

Laurent Bigonville



Message sent on to Russell Coker <russell@coker.com.au>:
Bug#677730. (Sun, 29 Dec 2013 13:36:08 GMT) Full text and rfc822 format available.

Added tag(s) moreinfo. Request was from Laurent Bigonville <bigon@debian.org> to control@bugs.debian.org. (Sun, 29 Dec 2013 14:03:08 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian SELinux maintainers <selinux-devel@lists.alioth.debian.org>:
Bug#677730; Package policycoreutils. (Sun, 29 Dec 2013 22:57:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to russell@coker.com.au:
Extra info received and forwarded to list. Copy sent to Debian SELinux maintainers <selinux-devel@lists.alioth.debian.org>. (Sun, 29 Dec 2013 22:57:08 GMT) Full text and rfc822 format available.

Message #20 received at 677730@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: Laurent Bigonville <bigon@debian.org>, 677730@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Bug#677730: policycoreutils: sepolgen-ifgen doesn't work if policy utils are newer than the kernel
Date: Mon, 30 Dec 2013 09:46:23 +1100
close 677730
thanks

On Mon, 30 Dec 2013, Laurent Bigonville <bigon@debian.org> wrote:
> I maybe doesn't understand the problem properly or the problem has been
> fixed.
> 
> On my machine here (up-to-date sid):
> 
> cat /sys/fs/selinux/policyvers => 28
> 
> and the loaded policy is:
> 
> /etc/selinux/default/policy/policy.29
> 
> 
> sepolgen-ifgen is running fine (except a warning) with the current
> refpolicy package in unstable.

No.  Let's just close it.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/



Marked Bug as done Request was from Russell Coker <russell@coker.com.au> to control@bugs.debian.org. (Sun, 29 Dec 2013 22:57:19 GMT) Full text and rfc822 format available.

Notification sent to Russell Coker <russell@coker.com.au>:
Bug acknowledged by developer. (Sun, 29 Dec 2013 22:57:20 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 27 Jan 2014 07:29:38 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 03:20:37 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.