Hi All,

I have a Linux machine (Machine_A) running a collection of *strict* SELinux policies. On Machine_A, I am able to further modify policies by using semanage, and also add/delete policy modules using semodule. I can make changes at will successfully as many times as I want.

I tarred up the entire /etc/selinux/* directory from Machine_A, and I untarred the tar-ball on another Linux machine, Machine_B. On Machine_B, I also created and mounted the /selinux/ directory.

With all selinux files/dirs in place, AFTER rebooting Machine_B, SELinux policies seem to be working as expected !

At this point, I am able to execute "semanage" ONLY ONE time successfully ! Any attempts to make any further changes after the first time fails with the error below...

So for example, If I create a new user-mapping with: "semanage login -a -s staff_u Admin", this first command is successful !

But every semanage command run afterwards has this same error:

semanage login -d Admin
Libsemanage.semanage_make_sandbox: Could not copy files to sandbox
/etc/selinux/strict/modules/tmp
/usr/sbin/semanage: Could not start semanage transaction

The error message in the /var/log/messages file is: Jun 4 21:10:11 unknown python: Failed: delete SELinux user mapping name=Admin

Any ideas on why I can execute semanage only ONCE ? I have tried rebooting the machine several times, to see if it helps, but it doesn't !

Also, whats the significance of the
/etc/selinux/strict/module/semanage.read.LOCK & semanage.trans.LOCK
files ?

Thanks in advance,

• Rezaul.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.