Hello Scot, I installed the most recent version of the policy but still have the same problem on all systems: libsepol-2.5-8.1.sl7.x86_64 libsepol.policydb_read: policydb version 31 does not match my version range 15-30 invalid binary policy On Thu, May 24, 2018 at 17:11, Scott Reid wrote: Hi Orion,
Thank you for the report. A new version of libsepol has been pushed out which should address your problem. Thanks! On 5/23/18, 5:26 PM, "owner-scientific-linux-us...@listserv.fnal.gov (mailto:owner-scientific-linux-us...@listserv.fnal.gov) on behalf of Orion Poplawski" wrote: On 05/15/2018 05:45 PM, Orion Poplawski wrote: On 05/15/2018 05:41 PM, Orion Poplawski wrote: On 05/15/2018 12:23 PM, Maarten wrote: I have the same problem on all of my systems, running the same package versions and kernel, also under 7.5: libsepol.policydb_read: policydb version 31 does not match my version range 15-30 invalid binary policy 3.10.0-862.2.3.el7.x86_64 policycoreutils-2.5-22.el7.x86_64 checkpolicy-2.5-6.el7.x86_64 selinux-policy-targeted-3.13.1-192.el7_5.3.noarch policycoreutils-python-2.5-22.el7.x86_64 selinux-policy-3.13.1-192.el7_5.3.noarch sl-release-7.5-2.sl7.x86_64 On 05/11/2018 07:29 AM, Klaus Steinberger wrote: Am 04.05.2018 um 13:06 schrieb Steven C Timm: Did you just update the kernel or also all the other security updates that came out. The problem is also after upgrading to SL 7.5: [root@dmz-sv-mirror01 ~]# audit2allow -a -m local libsepol.policydb_read: policydb version 31 does not match my version range 15-30 invalid binary policy ???T [root@dmz-sv-mirror01 ~]# uname -a Linux dmz-sv-mirror01.physik.uni-muenchen.de 3.10.0-862.2.3.el7.x86_64 #1 SMP Tue May 8 14:55:36 CDT 2018 x86_64 x86_64 x86_64 GNU/Linux [root@dmz-sv-mirror01 ~]# rpm -q -a | grep policy policycoreutils-2.5-22.el7.x86_64 policycoreutils-python-2.5-22.el7.x86_64 checkpolicy-2.5-6.el7.x86_64 selinux-policy-targeted-3.13.1-192.el7_5.3.noarch selinux-policy-3.13.1-192.el7_5.3.noarch [root@dmz-sv-mirror01 ~]# Sincerly, Klaus I see this as well. Very strange since the message and constants appear to be defined in libsepol, and since that is updated I don't see how the policydb version can be wrong. # strings /usr/lib64/libsepol.so.1 | grep 'version range' policydb version %d does not match my version range %d-%d policydb module version %d does not match my version range %d-%d # rpm -q libsepol libsepol-2.5-8.1.el7.x86_64 Ah, but there is a libsepol-static package - so if packages were incorrectly built against the older version of that, that would explain the problem. Ping? I think this is a pretty serious issue with the SL7.5 packages. I don't see this with CentOS or RHEL. -- Orion Poplawski Manager of NWRA Technical Systems 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane or...@nwra.com (mailto:or...@nwra.com) Boulder, CO 80301 https://urldefense.proofpoint.com/v2/url?u=https-3A__www.nwra.com_&d=DwIFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=K5IsmKIlfeGD3zuXIueSwQ&m=HOrUKrdX0_RlnX8W2Rv3LAamiLNAjjE-5-bEaEhgGV0&s=jhQsxCFCn_mwuHV1RYyI1eTN2PZLmTZz9BKjcZPSQWg&e= (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.nwra.com_&d=DwIFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=K5IsmKIlfeGD3zuXIueSwQ&m=HOrUKrdX0_RlnX8W2Rv3LAamiLNAjjE-5-bEaEhgGV0&s=jhQsxCFCn_mwuHV1RYyI1eTN2PZLmTZz9BKjcZPSQWg&e=)