[CentOS] sandbox complaint

Thu May 27 20:12:38 UTC 2010
m.roth at 5-cent.us <m.roth at 5-cent.us>

Daniel wrote:
> On 05/27/2010 02:38 PM, m.roth at 5-cent.us wrote:
>> Daniel wrote:
>>> On 05/27/2010 12:19 PM, m.roth at 5-cent.us wrote:
>>>> Daniel wrote:
>>>>> On 05/27/2010 12:00 PM, m.roth at 5-cent.us wrote:
>>>>>> Daniel wrote:
>>>>>>> On 05/27/2010 11:49 AM, m.roth at 5-cent.us wrote:
>>>>>>>> Updating a system from CentOS 5.4 (current) to 5.5, and I see:
>>>>>>>>
>>>>>>>> libsepol.scope_copy_callback: zosremote: Duplicate declaration in
>>>>>>>> module:
>>>>>>>> type/attribute zos_remote_t
>>>>>>>> libsemanage.semanage_link_sandbox: Link packages failed
>>>>>>>> semodule:  Failed!
>>>> <snip>
>>>>>>> Do you have multiple pp files definitin zosremote?
>>>> <snip>
>>>>> locate -r zos.*remote
>>>>>
>>>>> Might find the bad pp file.
>> <snip>
>>>> I don't believe they want me to remove it. Doing the locate, I find:
>>>>> locate -r zos.*remote | grep .pp
>>>> /etc/selinux/mls/modules/active/modules/zosremote.pp
>>>> /etc/selinux/mls/modules/previous/modules/zosremote.pp
>>>> /etc/selinux/targeted/modules/active/modules/zos_remote.pp
>>>> /etc/selinux/targeted/modules/previous/modules/zos_remote.pp
>>>> /old/etc/selinux/targeted/modules/active/modules/zos_remote.pp
>>>> /old/etc/selinux/targeted/modules/previous/modules/zos_remote.pp
>>>> /old/usr/share/selinux/mls/audispd-zos-remote.pp
>>>> /old/usr/share/selinux/strict/audispd-zos-remote.pp
>>>> /old/usr/share/selinux/targeted/audispd-zos-remote.pp
>>>> /usr/share/selinux/mls/zosremote.pp
>>>> /usr/share/selinux/targeted/zosremote.pp
>>>>
>>>> So, which should I get rid of, that was not cleaned up during the
>>>> update?
>>>
>>> Remove all audispd-zos-remote.pp and zos_remote.pp
>>>
>>> We ship zosremote.pp
>>
>> Ok... I can do that, but are you saying to just rm it, and not whatever
>> package it came in?
>>
>> And if it's not correct, why is it here, anyway? Anyone on the CentOS
>> list? I don't want to screw around with this as "oh, it's only his weird
>> problem", I figure that it's happening to a lot of other folks, and I'd
>> like to make the problem go away for everyone. That, of course, means it
>> the incorrect stuff needs to be removed from whatever package it's
>> in....
>>
> I think you will find that it does not happen for everyone else and that
> these files do not belong to other packages.  I have a feeling that
> something went wrong on an update that left these files around.
>
Hmmm...but I don't know if rm'ing them will work, if they're in the d/b.
So I suppose I'll have to find the package that put them there...
<time passes>
Ok, anyone on the CentOS list: does *anyone* know where this came from?
It' sin the directory provided by
selinux-policy-targeted-2.4.6-279.el5.noarch, but there's no zos_remote in
the package.

           mark