On Fri, Dec 14, 2012 at 09:34:49AM +0200, Cor Legemaat wrote:
> On my system with the last update I receive a warning message of:
>
> * SELinux module load failed. Trying full reload...
> * Failed to reload SELinux policies.
> *
> * If this is *not* the last SELinux module package being installed,
> * then you can safely ignore this as the reloads will be retried
> * with other, recent modules.
> *
> * If it is the last SELinux module package being installed however,
> * then it is advised to look at the error above and take appropriate
> * action since the new SELinux policies are not loaded until the
> * command finished succesfully.
> *
> * To reload, run the following command from within
> /usr/share/selinux/targeted:
> * semodule -b base.pp -i $(ls *.pp | grep -v base.pp)
> * or
> * semodule -b base.pp -i $(ls *.pp | grep -v base.pp | grep -v
> unconfined.pp)
> * depending on if you need the unconfined domain loaded as well or not.
>
> When I tried to execute the cmd manual:
>
> k53s cor # cd /usr/share/selinux/targeted/
> k53s targeted # semodule -b base.pp -i $(ls *.pp | grep -v base.pp)
> libsepol.permission_copy_callback: Module mysql depends on permission
> epollwakeup in class capability2, not satisfied (No such file or directory).
> libsemanage.semanage_link_sandbox: Link packages failed (No such file or
> directory).
> semodule: Failed!
What kernel version are you running?
What does "ls /sys/fs/selinux/class/capability2/perms/" give back?
There was a small window where the block_suspend capability was called
epollwakeup, but that was resolved in July this year...
Also check if selinux-mysql is (still) installed on your system (or needed),
perhaps the mysql.pp file is outdated. The command "ls -ltr
/usr/share/selinux/strict/" should show that most/all modules are built
fairly close to each other.
Wkr,
Sven Vermeulen
