From: Petr Lautrbach <plautrba@redhat.com>
To: Stephen Smalley <sds@tycho.nsa.gov>, selinux@tycho.nsa.gov
Subject: Re: [PATCH] libselinux: is_selinux_enabled(): drop no-policy-loaded test.
Date: Tue, 12 May 2015 15:51:37 +0200 [thread overview]
Message-ID: <55520569.8030306@redhat.com> (raw)
In-Reply-To: <5551F886.40100@tycho.nsa.gov>
[-- Attachment #1: Type: text/plain, Size: 1069 bytes --]
On 05/12/2015 02:56 PM, Stephen Smalley wrote:
> BTW, in trying to test these scenarios, I did a yum remove
> selinux-policy-targeted at one point and was surprised to find that I
> couldn't subsequently do a yum install selinux-policy-targeted. It
> would always fail. Ultimately I found that if I created an empty
> /etc/selinux/targeted/contexts/files/file_contexts file and then tried
> installing it, it would work. So I guess rpm -i fails if there is no
> file_contexts file? That doesn't seem right.
>
That's correct. rpm does a verification of a transaction and one of the
steps is to check files labels. It uses selinux_file_context_path() to
get a file path and if it can't open this file, it fails as it can't
confirm whether contexts are ok or not. Empty file_contexts file means
that there's no conflict.
If you want to skip this check, you can use:
rpm -i --nocontexts ...
or
yum install --setopt=tsflags=nocontexts
or just reboot and install selinux-policy-targeted with disabled SELinux.
Petr
--
Petr Lautrbach
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2015-05-12 13:51 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-17 13:42 [PATCH] libselinux: is_selinux_enabled(): drop no-policy-loaded test Stephen Smalley
2015-05-11 13:40 ` Petr Lautrbach
2015-05-11 13:43 ` Stephen Smalley
2015-05-11 13:49 ` Petr Lautrbach
2015-05-11 14:02 ` Stephen Smalley
2015-05-11 14:04 ` Stephen Smalley
2015-05-11 14:11 ` Petr Lautrbach
2015-05-11 14:52 ` Stephen Smalley
2015-05-11 15:27 ` Dominick Grift
2015-05-12 12:54 ` Petr Lautrbach
2015-05-12 12:56 ` Stephen Smalley
2015-05-12 13:51 ` Petr Lautrbach [this message]
2015-05-12 13:59 ` Stephen Smalley
2015-05-12 14:27 ` Petr Lautrbach
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55520569.8030306@redhat.com \
--to=plautrba@redhat.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.