Looks like libselinux was required for a rebuild.

A fixed package is on the way out now.

Pat

On 05/25/2018 05:17 AM, Maarten wrote:

Hello Scot,

I installed the most recent version of the policy but still have the same problem on all systems:

libsepol-2.5-8.1.sl7.x86_64

libsepol.policydb_read: policydb version 31 does not match my version range 15-30
invalid binary policy



On Thu, May 24, 2018 at 17:11, Scott Reid <[email protected]> wrote:

    Hi Orion,

    Thank you for the report. A new version of libsepol has been
    pushed out which should address your problem.

    Thanks!

    On 5/23/18, 5:26 PM,
    "[email protected]
    <mailto:[email protected]> on behalf
    of Orion Poplawski"
    <[email protected]
    <mailto:[email protected]> on behalf
    of [email protected] <mailto:[email protected]>> wrote:

    On 05/15/2018 05:45 PM, Orion Poplawski wrote:

        On 05/15/2018 05:41 PM, Orion Poplawski wrote:

            On 05/15/2018 12:23 PM, Maarten wrote:

                I have the same problem on all of my systems, running
                the same package
                versions and kernel, also under 7.5:

                libsepol.policydb_read: policydb version 31 does not
                match my version
                range 15-30
                invalid binary policy

                3.10.0-862.2.3.el7.x86_64

                policycoreutils-2.5-22.el7.x86_64
                checkpolicy-2.5-6.el7.x86_64
                selinux-policy-targeted-3.13.1-192.el7_5.3.noarch
                policycoreutils-python-2.5-22.el7.x86_64
                selinux-policy-3.13.1-192.el7_5.3.noarch

                sl-release-7.5-2.sl7.x86_64

                On 05/11/2018 07:29 AM, Klaus Steinberger wrote:

                    Am 04.05.2018 um 13:06 schrieb Steven C Timm:

                        Did you just update the kernel or also all the
                        other security updates
                        that came out.


                    The problem is also after upgrading to SL 7.5:

                    [root@dmz-sv-mirror01 ~]# audit2allow -a -m local
                    libsepol.policydb_read: policydb version 31 does
                    not match my version
                    range 15-30
                    invalid binary policy ???\T

                    [root@dmz-sv-mirror01 ~]# uname -a
                    Linux dmz-sv-mirror01.physik.uni-muenchen.de
                    3.10.0-862.2.3.el7.x86_64 #1 SMP
                    Tue May 8 14:55:36 CDT 2018 x86_64 x86_64 x86_64
                    GNU/Linux
                    [root@dmz-sv-mirror01 ~]# rpm -q -a | grep policy
                    policycoreutils-2.5-22.el7.x86_64
                    policycoreutils-python-2.5-22.el7.x86_64
                    checkpolicy-2.5-6.el7.x86_64
                    selinux-policy-targeted-3.13.1-192.el7_5.3.noarch
                    selinux-policy-3.13.1-192.el7_5.3.noarch
                    [root@dmz-sv-mirror01 ~]#

                    Sincerly,
                    Klaus



            I see this as well.  Very strange since the message and
            constants appear to
            be defined in libsepol, and since that is updated I don't
            see how the
            policydb version can be wrong.

            # strings /usr/lib64/libsepol.so.1 | grep 'version range'
            policydb version %d does not match my version range %d-%d
            policydb module version %d does not match my version range
            %d-%d
            # rpm -q libsepol
            libsepol-2.5-8.1.el7.x86_64



        Ah, but there is a libsepol-static package - so if packages
        were incorrectly
        built against the older version of that, that would explain
        the problem.



    Ping?  I think this is a pretty serious issue with the SL7.5
    packages.  I
    don't see this with CentOS or RHEL.

-- Orion Poplawski
    Manager of NWRA Technical Systems          720-772-5637
    NWRA, Boulder/CoRA Office             FAX: 303-415-9702
    3380 Mitchell Lane [email protected] <mailto:[email protected]>
    Boulder, CO 80301
    
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.nwra.com_&d=DwIFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=K5IsmKIlfeGD3zuXIueSwQ&m=HOrUKrdX0_RlnX8W2Rv3LAamiLNAjjE-5-bEaEhgGV0&s=jhQsxCFCn_mwuHV1RYyI1eTN2PZLmTZz9BKjcZPSQWg&e=


--
Pat Riehecky

Fermi National Accelerator Laboratory
www.fnal.gov
www.scientificlinux.org

Reply via email to