Bug#384446: selinux-policy-refpolicy-targeted: file_context errors after installing 0.0.20060813-1

[Devin Carraway]

Package: selinux-policy-refpolicy-targeted
Version: 0.0.20060813-2
Severity: normal


(as usual, making a guess as to the likeliest package involved)

After upgrading selinux-policy-refpolicy-targeted to 0.0.20060813-1 tonight,
I've started seeing errors from everything which checks file_contexts before
creating files -- dpkg, install(1), etc.  A typical example would be this one
(I've uniq'd the errors):

Selecting previously deselected package libcompress-zlib-perl.
(Reading database ... 29728 files and directories currently installed.)
Unpacking libcompress-zlib-perl (from 
.../libcompress-zlib-perl_1.41-1_powerpc.deb) ...
file_contexts:  invalid context system_u:object_r:lib_t
file_contexts:  invalid context system_u:object_r:shlib_t
file_contexts:  invalid context system_u:object_r:lib_t
file_contexts:  invalid context system_u:object_r:man_t
file_contexts:  invalid context system_u:object_r:usr_t

Running dpkg under strace, it's opening and reading file_contexts, seemingly
picking a suitable entry, then trying to verify it, which fails:

open("/selinux/context", O_RDWR|O_LARGEFILE) = 9
write(9, "system_u:object_r:shlib_t\0", 26) = -1 EINVAL (Invalid argument)
close(9)                                = 0
write(2, "file_contexts:  invalid context "..., 58) = 58
open("/usr/lib/perl5/auto/Compress/Zlib/Zlib.so.dpkg-new", 
O_WRONLY|O_CREAT|O_EXCL|O_LARGEFILE, 0) = 9

... and indeed I can't apply that context to the file once installed, the way
it appears in file_contexts:

jezebel:~# chcon system_u:object_r:shlib_t 
/usr/lib/perl5/auto/Compress/Zlib/Zlib.so ; echo $?
chcon: failed to change context of /usr/lib/perl5/auto/Compress/Zlib/Zlib.so to 
system_u:object_r:shlib_t: Invalid argument
1

... but with a sensitivity level, it's fine:

jezebel:~# chcon system_u:object_r:shlib_t:s0 
/usr/lib/perl5/auto/Compress/Zlib/Zlib.so ; echo $?
0

The same invalid arg error can be obtained by echoing the context with and
without the sensitivity level into /selinux/context.  The relevant entry from
/etc/selinux/refpolicy-targeted/contexts/files/file_contexts reads thusly:

/usr/(.*/)?lib/.+\.so   --      system_u:object_r:shlib_t

As a simpler repro case, simply trying to create a file via install encounters
the same issue:

% install foo.c /usr/src/t/bar.c
file_contexts:  invalid context system_u:object_r:src_t
% ls -Z /usr/src/t/bar.c
-rwxr-xr-x  aqua     src      root:object_r:src_t:s0 /usr/src/t/bar.c
% install -Z system_u:object_r:src_t:s0 foo.c /usr/src/t/bar.c
% ls -Z /usr/src/t/bar.c
-rwxr-xr-x  aqua     src      system_u:object_r:src_t:s0 /usr/src/t/bar.c


-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: powerpc (ppc)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17.6
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages selinux-policy-refpolicy-targeted depends on:
ii  libpam-modules                0.79-3.1   Pluggable Authentication Modules f
ii  libselinux1                   1.30.26-2  SELinux shared libraries
ii  policycoreutils               1.30.26-3  SELinux core policy utilities
ii  python                        2.3.5-11   An interactive high-level object-o

Versions of packages selinux-policy-refpolicy-targeted recommends:
ii  checkpolicy                   1.30.10-2  SELinux policy compiler
ii  setools                       2.4-1      Tresys tools for managing SE Linux

-- debconf-show failed


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]