SELinux: Could not downgrade policy file
阿新 • • 發佈:2018-04-16
hat reload set nfs服務 pri redhat root uri reboot
在配置nfs服務器,設定selinux時,碰到了SELinux: Could not downgrade policy file的錯誤提示,下文是其解決方案。
一、故障現象
[root@system1 ~]# semanage fcontext -a -t ‘public_content_t‘ ‘/protected(/.*)?‘ SELinux: Could not downgrade policy file /etc/selinux/targeted/policy/policy.29, searching for an older version. SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.29: No such file or directory /sbin/load_policy: Can‘t load policy: No such file or directory libsemanage.semanage_reload_policy: load_policy returned error code 2. SELinux: Could not downgrade policy file /etc/selinux/targeted/policy/policy.29, searching for an older version. SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.29: No such file or directory /sbin/load_policy: Can‘t load policy: No such file or directory libsemanage.semanage_reload_policy: load_policy returned error code 2. ValueError: Could not commit semanage transaction
二、解決方案
從故障的提示來看,說不能夠降級策略文件,以及找不到policy.29這個文件 [root@system1 ~]# more /etc/redhat-release Red Hat Enterprise Linux Server release 7.0 (Maipo) [root@system1 ~]# uname -r 3.10.0-123.el7.x86_64 ###下面查看selinux配置,如下,為disabled狀態 [root@system1 ~]# sestatus SELinux status: disabled [root@system1 ~]# getenforce Disabled [root@system1 ~]# rpm -q libsepol libsemanage libselinux libsepol-2.1.9-3.el7.x86_64 libsemanage-2.1.10-16.el7.x86_64 libselinux-2.2.2-6.el7.x86_64 ### 臨時修改selinux 配置 [root@system1 ~]# setenforce 1 ###嘗試設置為1,依舊提示關閉 setenforce: SELinux is disabled [root@system1 ~]# getenforce Disabled ### 查看enforce配置文件 [root@system1 ~]# more /etc/sysconfig/selinux # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. #SELINUX=permissive SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted ### 手工修改配置文件 [root@system1 ~]# vi /etc/sysconfig/selinux SELINUX=enforce [root@system1 ~]# getenforce ###依舊為關閉 Disabled ###不知道什麽原因導致配置修改無法生效,於是嘗試重啟Linux [root@system1 ~]# reboot ### 再次修改和執行都OK [root@system1 ~]# getenforce Permissive [root@system1 ~]# [root@system1 ~]# [root@system1 ~]# setenforce 1 [root@system1 ~]# [root@system1 ~]# getenforce Enforcing ### 再次執行semanage成功 [root@system1 ~]# semanage fcontext -a -t ‘public_content_t‘ ‘/protected(/.*)?‘ [root@system1 ~]#
SELinux: Could not downgrade policy file