I’ve recently upgraded to F42 but made some errors when I did so (e.g. I asked a live image to “install” rather than upgrade!) I believe I’ve recovered almost completely from my errors, but when I’m doing admin duty and want to do sudo su - for a few commands, I get these errors:
/etc/selinux/targeted/contexts/files/file_contexts.bin: Old compiled fcontext format, skipping
/etc/selinux/targeted/contexts/files/file_contexts.homedirs.bin: Old compiled fcontext format, skipping
/etc/selinux/targeted/contexts/files/file_contexts.local.bin: Old compiled fcontext format, skipping
I’m not sure how to resolve this. I tried this to see if it would update those files:
But while that process worked and did reinstall those packages, it did not regenerate the files. Then I tried temporarily moving one of the files to see if it would regenerated with that same command and it did not.
I looked into the man page of restorecon but did not find references to these files. I’m running in “enforcing” mode if that helps.
Can someone tell me how to regenerate those files, or if I should simply delete them?
Thanks! I tried running semodule -B as root and have not altered /etc/selinux/semanage.conf. Although the timestamp on these files is updated, I still get the same error afterwards.
And just to check if one of those was incorrectly installed or corrupt somehow, I enhanced it and did rpm -qa |grep -E '(libselinux|policycoreutils)' |xargs sudo dnf -y reinstall but while it did reinstall those modules, the issue remains.
I did a bit of searching through the source code and it appears that the error message emanates from here, but I’ll have to study that much more to understand the context of it.
I can’t reproduce it. When I install F41 and update libselinux libsemanage and policycoreutils to f42 version I see
# matchpathcon /usr/lib
/etc/selinux/targeted/contexts/files/file_contexts.bin: Old compiled fcontext format, skipping
/etc/selinux/targeted/contexts/files/file_contexts.homedirs.bin: Old compiled fcontext format, skipping
At this moment my only advice would be to remove .bin files from /etc/selinux/targeted/contexts/files/ and either re-run semodule -B or use the system without .bin files.
I just ran into this after upgrading to F42, and in my case the cause was semodule -B failing due to an outdated third-party policy module I haven’t used for many years:
# semodule -B
…snipped a whole lot of "Old compiled fcontext format, skipping"
Failed to resolve typeattributeset statement at /var/lib/selinux/targeted/tmp/modules/400/bumblebee-nvidia/cil:9
Failed to resolve AST
semodule: Failed!
# echo $?
1
# semodule -r bumblebee-nvidia
…again snipped a whole bunch of noise
libsemanage.semanage_direct_remove_key: Removing last bumblebee-nvidia module (no other bumblebee-nvidia module exists at another priority).
# semodule -B
# matchpathcon /usr/lib
/usr/lib system_u:object_r:lib_t:s0
I very much appreciate your help with this. I find that when I remove the .bin files from /etc/selinux/targeted/contexts/files/ and execute matchpathcon /usr/lib it works as expected and I get no error messages. When I rebuild the .bin files and then execute matchpathcon /usr/lib again, it again gives me the errors you were able to reproduce.
And thanks also to @tootea for the interesting suggestion, but on my machine, the only errors I get when running semodule -B are these, repeated 1818 times:
/etc/selinux/targeted/contexts/files/file_contexts.bin: Old compiled fcontext format, skipping
/etc/selinux/targeted/contexts/files/file_contexts.homedirs.bin: Old compiled fcontext format, skipping
/etc/selinux/targeted/contexts/files/file_contexts.local.bin: Old compiled fcontext format, skipping
Mine got error with minimal files. Went to the directory and used sefcontext_compile on the files that matched the bin files without the .bin, and it rebuilt them. Then when I did su, it didnt’ get errors.
Superb! Yes, that was the problem. I had an actual semodule in both places. Apparently when policycoreutils is installed it puts the actual file in /usr/bin and then creates a symlink in /usr/sbin. When reinstalling policycoreutils, however, it silently failed to create the symlink, presumably because a file was already there.
After deleting /usr/sbin/semodule and reinstalling policycoreutils it created a symlink and now it seems to work. So problem solved.
However, it made me wonder if there were other files that had that same problem so I wrote and ran this bash script:
#!/usr/bin/bash
for fn in /usr/sbin/* ; do
other="$(echo ${fn} | sed 's#/usr/sbin#/usr/bin#')"
if [ -e "${other}" ] ; then
diff -q "${fn}" "${other}" > /dev/null || echo "${other}"
fi
done
It turned up 487 files which exist in both directories but are different! Looks like I have some work to do.
Thank you, this is very helpful. I now see that I have some files in /usr/sbin that belong to packages that the system doesn’t think are installed. So one by one, I am installing those packages and erasing duplicate files.