1 |
On Fri, Dec 14, 2012 at 09:34:49AM +0200, Cor Legemaat wrote: |
2 |
> On my system with the last update I receive a warning message of: |
3 |
> |
4 |
> * SELinux module load failed. Trying full reload... |
5 |
> * Failed to reload SELinux policies. |
6 |
> * |
7 |
> * If this is *not* the last SELinux module package being installed, |
8 |
> * then you can safely ignore this as the reloads will be retried |
9 |
> * with other, recent modules. |
10 |
> * |
11 |
> * If it is the last SELinux module package being installed however, |
12 |
> * then it is advised to look at the error above and take appropriate |
13 |
> * action since the new SELinux policies are not loaded until the |
14 |
> * command finished succesfully. |
15 |
> * |
16 |
> * To reload, run the following command from within |
17 |
> /usr/share/selinux/targeted: |
18 |
> * semodule -b base.pp -i $(ls *.pp | grep -v base.pp) |
19 |
> * or |
20 |
> * semodule -b base.pp -i $(ls *.pp | grep -v base.pp | grep -v |
21 |
> unconfined.pp) |
22 |
> * depending on if you need the unconfined domain loaded as well or not. |
23 |
> |
24 |
> When I tried to execute the cmd manual: |
25 |
> |
26 |
> k53s cor # cd /usr/share/selinux/targeted/ |
27 |
> k53s targeted # semodule -b base.pp -i $(ls *.pp | grep -v base.pp) |
28 |
> libsepol.permission_copy_callback: Module mysql depends on permission |
29 |
> epollwakeup in class capability2, not satisfied (No such file or directory). |
30 |
> libsemanage.semanage_link_sandbox: Link packages failed (No such file or |
31 |
> directory). |
32 |
> semodule: Failed! |
33 |
|
34 |
What kernel version are you running? |
35 |
|
36 |
What does "ls /sys/fs/selinux/class/capability2/perms/" give back? |
37 |
|
38 |
There was a small window where the block_suspend capability was called |
39 |
epollwakeup, but that was resolved in July this year... |
40 |
|
41 |
Also check if selinux-mysql is (still) installed on your system (or needed), |
42 |
perhaps the mysql.pp file is outdated. The command "ls -ltr |
43 |
/usr/share/selinux/strict/" should show that most/all modules are built |
44 |
fairly close to each other. |
45 |
|
46 |
Wkr, |
47 |
Sven Vermeulen |