Trying to add SELinux support to my bitcoin package.
Keep getting this on install:
SELinux: Could not downgrade policy file /etc/selinux/targeted/policy/policy.29, searching for an older version. SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.29: No such file or directory /sbin/load_policy: Can't load policy: No such file or directory libsemanage.semanage_reload_policy: load_policy returned error code 2.
I Tried
yum reinstall selinux-policy selinux-policy-targeted restorecon -R -v /etc/selinux
as suggested on some mailing lists. Didn't work, same issue.
How can I troubleshoot what is causing this?
The policy.29 file exists. The RPM responsible for it verifies (and was reinstalled)
I don't ordinarily run SELinux and do not have it enabled.
Things like that are why, it always ALWAYS got in the way of productivity and when I did run it and I was never hacked without it, so... but I need to figure out what the problem is here.
On Wed, 24 Feb 2016 23:28:33 -0800 Alice Wonder wrote:
I don't ordinarily run SELinux and do not have it enabled.
https://lists.fedoraproject.org/pipermail/selinux/2012-May/014626.html
QUOTE: Turns out you get the "Could not downgrade policy file /etc/selinux/targeted/policy/policy.24" error if you're running with SELinux disabled and something tries to install or reload policy: semodule -vR does it. END OF QUOTE
On 02/24/2016 11:34 PM, Frank Cox wrote:
On Wed, 24 Feb 2016 23:28:33 -0800 Alice Wonder wrote:
I don't ordinarily run SELinux and do not have it enabled.
https://lists.fedoraproject.org/pipermail/selinux/2012-May/014626.html
QUOTE: Turns out you get the "Could not downgrade policy file /etc/selinux/targeted/policy/policy.24" error if you're running with SELinux disabled and something tries to install or reload policy: semodule -vR does it. END OF QUOTE
Ah thanks.
On Thu, Feb 25, 2016 at 12:34 AM, Frank Cox theatre@melvilletheatre.com wrote:
Turns out you get the "Could not downgrade policy file /etc/selinux/targeted/policy/policy.24" error if you're running with SELinux disabled and something tries to install or reload policy: semodule -vR does it.
This is why if anyone is opposed to running SELinux it should be left in permissive mode.
Brandon Vincent
On 02/25/2016 07:23 AM, Brandon Vincent wrote:
On Thu, Feb 25, 2016 at 12:34 AM, Frank Cox theatre@melvilletheatre.com wrote:
Turns out you get the "Could not downgrade policy file /etc/selinux/targeted/policy/policy.24" error if you're running with SELinux disabled and something tries to install or reload policy: semodule -vR does it.
This is why if anyone is opposed to running SELinux it should be left in permissive mode.
Even in permissive mode you still incur the system overhead cost (7% performance hit, last I read) and the excessive logging.
And don't even get me started about having /tmp mounted on a tmpfs filesystem! :-)
There are good reasons to prefer disabled over permissive if you've sure you won't need to re-enable SELinux later.
-
Alice Wonder -
Brandon Vincent -
Frank Cox -
Steve Snyder