码迷,mamicode.com
首页 > 系统相关 > 详细

SELinux: Could not downgrade policy file

时间:2018-04-16 12:06:28      阅读:384      评论:0      收藏:0      [点我收藏+]

标签:ica   red   selinux   director   error   policy   file   ade   ORC   

在配置nfs服务器,设定selinux时,碰到了SELinux: Could not downgrade policy file的错误提示,下文是其解决方案。

一、故障现象

[root@system1 ~]# semanage fcontext -a -t ‘public_content_t‘ ‘/protected(/.*)?‘
SELinux: Could not downgrade policy file /etc/selinux/targeted/policy/policy.29, searching for an older version.
SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.29: No such file or directory
/sbin/load_policy: Can‘t load policy: No such file or directory
libsemanage.semanage_reload_policy: load_policy returned error code 2.
SELinux: Could not downgrade policy file /etc/selinux/targeted/policy/policy.29, searching for an older version.
SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.29: No such file or directory
/sbin/load_policy: Can‘t load policy: No such file or directory
libsemanage.semanage_reload_policy: load_policy returned error code 2.
ValueError: Could not commit semanage transaction

 二、解决方案

从故障的提示来看,说不能够降级策略文件,以及找不到policy.29这个文件

[root@system1 ~]# more /etc/redhat-release
Red Hat Enterprise Linux Server release 7.0 (Maipo)
[root@system1 ~]# uname -r
3.10.0-123.el7.x86_64

###下面查看selinux配置,如下,为disabled状态

[root@system1 ~]# sestatus
SELinux status: disabled

[root@system1 ~]# getenforce
Disabled

[root@system1 ~]# rpm -q libsepol libsemanage libselinux
libsepol-2.1.9-3.el7.x86_64
libsemanage-2.1.10-16.el7.x86_64
libselinux-2.2.2-6.el7.x86_64

### 临时修改selinux 配置
[root@system1 ~]# setenforce 1 ###尝试设置为1,依旧提示关闭
setenforce: SELinux is disabled

[root@system1 ~]# getenforce
Disabled

### 查看enforce配置文件
[root@system1 ~]# more /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=permissive
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

### 手工修改配置文件

[root@system1 ~]# vi /etc/sysconfig/selinux

SELINUX=enforce

[root@system1 ~]# getenforce ###依旧为关闭
Disabled

###不知道什么原因导致配置修改无法生效,于是尝试重启Linux

[root@system1 ~]# reboot

### 再次修改和执行都OK
[root@system1 ~]# getenforce
Permissive
[root@system1 ~]#
[root@system1 ~]#
[root@system1 ~]# setenforce 1
[root@system1 ~]#
[root@system1 ~]# getenforce
Enforcing

### 再次执行semanage成功
[root@system1 ~]# semanage fcontext -a -t ‘public_content_t‘ ‘/protected(/.*)?‘
[root@system1 ~]#

 

SELinux: Could not downgrade policy file

标签:ica   red   selinux   director   error   policy   file   ade   ORC   

原文地址:https://www.cnblogs.com/lxwphp/p/8854949.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!