Updating a system from CentOS 5.4 (current) to 5.5, and I see:
libsepol.scope_copy_callback: zosremote: Duplicate declaration in module:
type/attribute zos_remote_t
libsemanage.semanage_link_sandbox: Link packages failed
semodule: Failed!
Any ideas as to what's going on, or why?
mark "glad selinux is disabled on that box"
On 27.5.2010 18.49, m.roth at 5-cent.us wrote:> Duplicate declaration in module: > type/attribute zos_remote_tHave you seen this (though it is a couple of years old): https://bugzilla.redhat.com/show_bug.cgi?id=467026 - Jussi -- Jussi Hirvi * Green Spot Topeliuksenkatu 15 C * 00250 Helsinki * Finland Tel. +358 9 493 981 * Mobile +358 40 771 2098 (only sms) jussi.hirvi at greenspot.fi * http://www.greenspot.fi
Daniel wrote:> > On 05/27/2010 11:49 AM, m.roth at 5-cent.us wrote: >> Updating a system from CentOS 5.4 (current) to 5.5, and I see: >> >> libsepol.scope_copy_callback: zosremote: Duplicate declaration in >> module: >> type/attribute zos_remote_t >> libsemanage.semanage_link_sandbox: Link packages failed >> semodule: Failed! >> >> Any ideas as to what's going on, or why? >> >> mark "glad selinux is disabled on that box" >>> Do you have multiple pp files definitin zosremote?Well, after I googled zosremote, and found it's zos-remote, and where its config file was, in /etc/audisp I see: -rw-r----- 1 root root 210 Mar 31 02:26 audispd.conf -rw-r----- 1 root root 620 Mar 31 02:26 audisp-remote.conf drwxr-x--- 2 root root 4096 May 27 11:42 plugins.d -rw-r----- 1 root root 246 Mar 31 02:26 zos-remote.conf And I *guarantee* I have *never* done anything other than just upgrade this system, and that this system has had selinux disabled all along, so if there are, they were installed with a yum update from whatever the upstream has packaged. mark
Daniel wrote:> On 05/27/2010 12:19 PM, m.roth at 5-cent.us wrote: >> Daniel wrote: >>> On 05/27/2010 12:00 PM, m.roth at 5-cent.us wrote: >>>> Daniel wrote: >>>>> On 05/27/2010 11:49 AM, m.roth at 5-cent.us wrote: >>>>>> Updating a system from CentOS 5.4 (current) to 5.5, and I see: >>>>>> >>>>>> libsepol.scope_copy_callback: zosremote: Duplicate declaration in >>>>>> module: >>>>>> type/attribute zos_remote_t >>>>>> libsemanage.semanage_link_sandbox: Link packages failed >>>>>> semodule: Failed! >> <snip> >>>>> Do you have multiple pp files definitin zosremote? >> <snip> >>> locate -r zos.*remote >>> >>> Might find the bad pp file.<snip>>> I don't believe they want me to remove it. Doing the locate, I find: >>> locate -r zos.*remote | grep .pp >> /etc/selinux/mls/modules/active/modules/zosremote.pp >> /etc/selinux/mls/modules/previous/modules/zosremote.pp >> /etc/selinux/targeted/modules/active/modules/zos_remote.pp >> /etc/selinux/targeted/modules/previous/modules/zos_remote.pp >> /old/etc/selinux/targeted/modules/active/modules/zos_remote.pp >> /old/etc/selinux/targeted/modules/previous/modules/zos_remote.pp >> /old/usr/share/selinux/mls/audispd-zos-remote.pp >> /old/usr/share/selinux/strict/audispd-zos-remote.pp >> /old/usr/share/selinux/targeted/audispd-zos-remote.pp >> /usr/share/selinux/mls/zosremote.pp >> /usr/share/selinux/targeted/zosremote.pp >> >> So, which should I get rid of, that was not cleaned up during the >> update? > > Remove all audispd-zos-remote.pp and zos_remote.pp > > We ship zosremote.ppOk... I can do that, but are you saying to just rm it, and not whatever package it came in? And if it's not correct, why is it here, anyway? Anyone on the CentOS list? I don't want to screw around with this as "oh, it's only his weird problem", I figure that it's happening to a lot of other folks, and I'd like to make the problem go away for everyone. That, of course, means it the incorrect stuff needs to be removed from whatever package it's in.... mark
Daniel wrote:> On 05/27/2010 02:38 PM, m.roth at 5-cent.us wrote: >> Daniel wrote: >>> On 05/27/2010 12:19 PM, m.roth at 5-cent.us wrote: >>>> Daniel wrote: >>>>> On 05/27/2010 12:00 PM, m.roth at 5-cent.us wrote: >>>>>> Daniel wrote: >>>>>>> On 05/27/2010 11:49 AM, m.roth at 5-cent.us wrote: >>>>>>>> Updating a system from CentOS 5.4 (current) to 5.5, and I see: >>>>>>>> >>>>>>>> libsepol.scope_copy_callback: zosremote: Duplicate declaration in >>>>>>>> module: >>>>>>>> type/attribute zos_remote_t >>>>>>>> libsemanage.semanage_link_sandbox: Link packages failed >>>>>>>> semodule: Failed! >>>> <snip> >>>>>>> Do you have multiple pp files definitin zosremote? >>>> <snip> >>>>> locate -r zos.*remote >>>>> >>>>> Might find the bad pp file. >> <snip> >>>> I don't believe they want me to remove it. Doing the locate, I find: >>>>> locate -r zos.*remote | grep .pp >>>> /etc/selinux/mls/modules/active/modules/zosremote.pp >>>> /etc/selinux/mls/modules/previous/modules/zosremote.pp >>>> /etc/selinux/targeted/modules/active/modules/zos_remote.pp >>>> /etc/selinux/targeted/modules/previous/modules/zos_remote.pp >>>> /old/etc/selinux/targeted/modules/active/modules/zos_remote.pp >>>> /old/etc/selinux/targeted/modules/previous/modules/zos_remote.pp >>>> /old/usr/share/selinux/mls/audispd-zos-remote.pp >>>> /old/usr/share/selinux/strict/audispd-zos-remote.pp >>>> /old/usr/share/selinux/targeted/audispd-zos-remote.pp >>>> /usr/share/selinux/mls/zosremote.pp >>>> /usr/share/selinux/targeted/zosremote.pp >>>> >>>> So, which should I get rid of, that was not cleaned up during the >>>> update? >>> >>> Remove all audispd-zos-remote.pp and zos_remote.pp >>> >>> We ship zosremote.pp >> >> Ok... I can do that, but are you saying to just rm it, and not whatever >> package it came in? >> >> And if it's not correct, why is it here, anyway? Anyone on the CentOS >> list? I don't want to screw around with this as "oh, it's only his weird >> problem", I figure that it's happening to a lot of other folks, and I'd >> like to make the problem go away for everyone. That, of course, means it >> the incorrect stuff needs to be removed from whatever package it's >> in.... >> > I think you will find that it does not happen for everyone else and that > these files do not belong to other packages. I have a feeling that > something went wrong on an update that left these files around. >Hmmm...but I don't know if rm'ing them will work, if they're in the d/b. So I suppose I'll have to find the package that put them there... <time passes> Ok, anyone on the CentOS list: does *anyone* know where this came from? It' sin the directory provided by selinux-policy-targeted-2.4.6-279.el5.noarch, but there's no zos_remote in the package. mark
Daniel wrote:> On 05/27/2010 04:12 PM, m.roth at 5-cent.us wrote: >> Daniel wrote: >>> On 05/27/2010 02:38 PM, m.roth at 5-cent.us wrote: >>>> Daniel wrote: >>>>> On 05/27/2010 12:19 PM, m.roth at 5-cent.us wrote: >>>>>> Daniel wrote: >>>>>>> On 05/27/2010 12:00 PM, m.roth at 5-cent.us wrote: >>>>>>>> Daniel wrote: >>>>>>>>> On 05/27/2010 11:49 AM, m.roth at 5-cent.us wrote: >>>>>>>>>> Updating a system from CentOS 5.4 (current) to 5.5, and I see: >>>>>>>>>> >>>>>>>>>> libsepol.scope_copy_callback: zosremote: Duplicate declaration >>>>>>>>>> in >>>>>>>>>> module: >>>>>>>>>> type/attribute zos_remote_t >>>>>>>>>> libsemanage.semanage_link_sandbox: Link packages failed >>>>>>>>>> semodule: Failed! >>>>>> <snip> >>>>> Remove all audispd-zos-remote.pp and zos_remote.pp >>>>> >>>>> We ship zosremote.pp >>>> >>>> Ok... I can do that, but are you saying to just rm it, and not >>>> whatever package it came in?<snip>>>> I think you will find that it does not happen for everyone else and >>> that these files do not belong to other packages. I have a feeling that >>> something went wrong on an update that left these files around. >>> >> Hmmm...but I don't know if rm'ing them will work, if they're in the d/b. >> So I suppose I'll have to find the package that put them there... >> <time passes> >> Ok, anyone on the CentOS list: does *anyone* know where this came from? >> It' sin the directory provided by >> selinux-policy-targeted-2.4.6-279.el5.noarch, but there's no zos_remote >> in the package. >> > Trust me on this, I know what I am talking about. > > Just remove them. They were put there by previous versions of audit and > maybe selinux-policy. If you are concerned you can squirrel them away. > > selinux-policy takes all pp files in the active directory and compiles > them into a policy module.Ok, I believe you. I also found the same .pp in .../previous/, and diff said no difference, so no problem rm'ing them. mark