Looks like libselinux was required for a rebuild.
A fixed package is on the way out now.
Pat
On 05/25/2018 05:17 AM, Maarten wrote:
Hello Scot,
I installed the most recent version of the policy but still have the
same problem on all systems:
libsepol-2.5-8.1.sl7.x86_64
libsepol.policydb_read: policydb version 31 does not match my version
range 15-30
invalid binary policy
On Thu, May 24, 2018 at 17:11, Scott Reid <[email protected]> wrote:
Hi Orion,
Thank you for the report. A new version of libsepol has been
pushed out which should address your problem.
Thanks!
On 5/23/18, 5:26 PM,
"[email protected]
<mailto:[email protected]> on behalf
of Orion Poplawski"
<[email protected]
<mailto:[email protected]> on behalf
of [email protected] <mailto:[email protected]>> wrote:
On 05/15/2018 05:45 PM, Orion Poplawski wrote:
On 05/15/2018 05:41 PM, Orion Poplawski wrote:
On 05/15/2018 12:23 PM, Maarten wrote:
I have the same problem on all of my systems, running
the same package
versions and kernel, also under 7.5:
libsepol.policydb_read: policydb version 31 does not
match my version
range 15-30
invalid binary policy
3.10.0-862.2.3.el7.x86_64
policycoreutils-2.5-22.el7.x86_64
checkpolicy-2.5-6.el7.x86_64
selinux-policy-targeted-3.13.1-192.el7_5.3.noarch
policycoreutils-python-2.5-22.el7.x86_64
selinux-policy-3.13.1-192.el7_5.3.noarch
sl-release-7.5-2.sl7.x86_64
On 05/11/2018 07:29 AM, Klaus Steinberger wrote:
Am 04.05.2018 um 13:06 schrieb Steven C Timm:
Did you just update the kernel or also all the
other security updates
that came out.
The problem is also after upgrading to SL 7.5:
[root@dmz-sv-mirror01 ~]# audit2allow -a -m local
libsepol.policydb_read: policydb version 31 does
not match my version
range 15-30
invalid binary policy ???\T
[root@dmz-sv-mirror01 ~]# uname -a
Linux dmz-sv-mirror01.physik.uni-muenchen.de
3.10.0-862.2.3.el7.x86_64 #1 SMP
Tue May 8 14:55:36 CDT 2018 x86_64 x86_64 x86_64
GNU/Linux
[root@dmz-sv-mirror01 ~]# rpm -q -a | grep policy
policycoreutils-2.5-22.el7.x86_64
policycoreutils-python-2.5-22.el7.x86_64
checkpolicy-2.5-6.el7.x86_64
selinux-policy-targeted-3.13.1-192.el7_5.3.noarch
selinux-policy-3.13.1-192.el7_5.3.noarch
[root@dmz-sv-mirror01 ~]#
Sincerly,
Klaus
I see this as well. Very strange since the message and
constants appear to
be defined in libsepol, and since that is updated I don't
see how the
policydb version can be wrong.
# strings /usr/lib64/libsepol.so.1 | grep 'version range'
policydb version %d does not match my version range %d-%d
policydb module version %d does not match my version range
%d-%d
# rpm -q libsepol
libsepol-2.5-8.1.el7.x86_64
Ah, but there is a libsepol-static package - so if packages
were incorrectly
built against the older version of that, that would explain
the problem.
Ping? I think this is a pretty serious issue with the SL7.5
packages. I
don't see this with CentOS or RHEL.
--
Orion Poplawski
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane [email protected] <mailto:[email protected]>
Boulder, CO 80301
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.nwra.com_&d=DwIFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=K5IsmKIlfeGD3zuXIueSwQ&m=HOrUKrdX0_RlnX8W2Rv3LAamiLNAjjE-5-bEaEhgGV0&s=jhQsxCFCn_mwuHV1RYyI1eTN2PZLmTZz9BKjcZPSQWg&e=
--
Pat Riehecky
Fermi National Accelerator Laboratory
www.fnal.gov
www.scientificlinux.org
