Bug 1017272

Summary: SELinux policy files missing in distribution
Product: [openSUSE] openSUSE Distribution Reporter: Olaf Martens <olafmartens>
Component: SecurityAssignee: Johannes Segitz <jsegitz>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Major    
Priority: P5 - None CC: astieger, jsegitz, mcepl, meissner
Version: Leap 42.3   
Target Milestone: ---   
Hardware: All   
OS: openSUSE 42.1   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Olaf Martens 2016-12-26 23:46:52 UTC 
User-Agent:       Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36
Build Identifier: 

None of the policy files that have been shipped with the distributions up until 13.2 are present any more in 42.1 onward.
This prevents SELinux from starting successfully, even more so, the missing policy files cause the boot process to hang even if SELinux is set to permissive.

Reproducible: Always

Steps to Reproduce:
1. Install Leap 42.1 or later.
2. Enable SELinux at boot-time (permissive mode is sufficient).
3. Boot the system.
Actual Results:  
The boot process hangs somewhere halfway done. A login is impossible.

Expected Results:  
A policy file should be available for installation so SELinux becomes operable.

As a workaround the SELinux repo for openSuSE 13.2 can be used to obtain policy files.
Comment 1 Marcus Meissner 2016-12-27 20:10:14 UTC 
selinux-policy is at least built. what selinux packages are installed?
Comment 2 Andreas Stieger 2018-02-27 16:57:00 UTC 
https://build.opensuse.org/request/show/580667
Comment 3 Swamp Workflow Management 2018-03-03 17:09:10 UTC 
openSUSE-OU-2018:0598-1: An update that has one optional fix can now be installed.

Category: optional (low)
Bug References: 1017272
CVE References: 
Sources used:
openSUSE Leap 42.3 (src):    selinux-policy-20140730-2.1