Package: selinux-policy-default Version: 2:2.20240202-1 Tags: patch The invocation of semodule in the postinst maintanier script might fail, e.g. due to conflicts with local modifications. Since by default the CIL log level is error and those error messages are rather generic the actual cause is most of the time not shown. A solution is to run semodule in verbose mode, which increases the verbosity of CIL from error to warning, see https://github.com/SELinuxProject/selinux/blob/82195e77e317d322dd9b5fc31d402462d6845357/policycoreutils/semodule/semodule.c#L419:
--- debian/postinst.policy.bak 2024-02-21 21:56:04.383102610 +0100 +++ debian/postinst.policy 2024-02-21 21:56:09.307157364 +0100 @@ -117,7 +117,7 @@ fi ret=0 - semodule -X $priority $noreload -s $flavour $to_remove $to_install $to_disable || ret=$? + semodule -v -X $priority $noreload -s $flavour $to_remove $to_install $to_disable || ret=$? if [ $ret -eq 0 ]; then echo " done." else _______________________________________________ SELinux-devel mailing list SELinux-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/selinux-devel