| 1 |
On 12/15/12 12:30, Sven Vermeulen wrote: |
| 2 |
> On Fri, Dec 14, 2012 at 09:34:49AM +0200, Cor Legemaat wrote: |
| 3 |
>> On my system with the last update I receive a warning message of: |
| 4 |
>> |
| 5 |
>> * SELinux module load failed. Trying full reload... |
| 6 |
>> * Failed to reload SELinux policies. |
| 7 |
>> * |
| 8 |
>> * If this is *not* the last SELinux module package being installed, |
| 9 |
>> * then you can safely ignore this as the reloads will be retried |
| 10 |
>> * with other, recent modules. |
| 11 |
>> * |
| 12 |
>> * If it is the last SELinux module package being installed however, |
| 13 |
>> * then it is advised to look at the error above and take appropriate |
| 14 |
>> * action since the new SELinux policies are not loaded until the |
| 15 |
>> * command finished succesfully. |
| 16 |
>> * |
| 17 |
>> * To reload, run the following command from within |
| 18 |
>> /usr/share/selinux/targeted: |
| 19 |
>> * semodule -b base.pp -i $(ls *.pp | grep -v base.pp) |
| 20 |
>> * or |
| 21 |
>> * semodule -b base.pp -i $(ls *.pp | grep -v base.pp | grep -v |
| 22 |
>> unconfined.pp) |
| 23 |
>> * depending on if you need the unconfined domain loaded as well or not. |
| 24 |
>> |
| 25 |
>> When I tried to execute the cmd manual: |
| 26 |
>> |
| 27 |
>> k53s cor # cd /usr/share/selinux/targeted/ |
| 28 |
>> k53s targeted # semodule -b base.pp -i $(ls *.pp | grep -v base.pp) |
| 29 |
>> libsepol.permission_copy_callback: Module mysql depends on permission |
| 30 |
>> epollwakeup in class capability2, not satisfied (No such file or directory). |
| 31 |
>> libsemanage.semanage_link_sandbox: Link packages failed (No such file or |
| 32 |
>> directory). |
| 33 |
>> semodule: Failed! |
| 34 |
> What kernel version are you running? |
| 35 |
> |
| 36 |
> What does "ls /sys/fs/selinux/class/capability2/perms/" give back? |
| 37 |
> |
| 38 |
> There was a small window where the block_suspend capability was called |
| 39 |
> epollwakeup, but that was resolved in July this year... |
| 40 |
> |
| 41 |
> Also check if selinux-mysql is (still) installed on your system (or needed), |
| 42 |
> perhaps the mysql.pp file is outdated. The command "ls -ltr |
| 43 |
> /usr/share/selinux/strict/" should show that most/all modules are built |
| 44 |
> fairly close to each other. |
| 45 |
> |
| 46 |
> Wkr, |
| 47 |
> Sven Vermeulen |
| 48 |
> |
| 49 |
> |
| 50 |
Hi: |
| 51 |
|
| 52 |
kernel = linux-3.5.4-hardened-r1 |
| 53 |
|
| 54 |
k53s cor # ls /sys/fs/selinux/class/capability2/perms/ |
| 55 |
epollwakeup mac_admin mac_override syslog wake_alarm |
| 56 |
|
| 57 |
k53s cor # ls -ltr /usr/share/selinux/targeted/ |
| 58 |
show the time difference within 21 seconds but mysql.pp is not there. |
| 59 |
|
| 60 |
mysql.pp is in "/etc/selinux/targeted/modules/active/modules/", don't |
| 61 |
know why an uninstall didn't remove it, can I just delete the file? |
| 62 |
|
| 63 |
mysql nor selinux-mysql is installed. |
| 64 |
|
| 65 |
Regards: |
| 66 |
Cor |
Archives