When configuring Server for NFS, when setting SELinux, you encounter the error prompt for Selinux:could not downgrade policy file, and the following is its solution.
First, the phenomenon of fault
[Email protected] ~]# semanage fcontext-a-t ' public_content_t '/protected (/.*)? ' Selinux:could not downgrade policy file/etc/selinux/targeted/policy/policy.29, searching for a older version. Selinux:could not open policy file <=/etc/selinux/targeted/policy/policy.29:no such file or Directory/sbin/load_poli Cy:can ' t load policy:no such file or Directorylibsemanage.semanage_reload_policy:load_policy returned error code 2.SELi Nux:could not downgrade policy file/etc/selinux/targeted/policy/policy.29, searching for a older version. Selinux:could not open policy file <=/etc/selinux/targeted/policy/policy.29:no such file or Directory/sbin/load_poli Cy:can ' t load policy:no such file or Directorylibsemanage.semanage_reload_policy:load_policy returned error code 2.Valu Eerror:could not commit semanage transaction
Second, the solution
From the fault point of view, said cannot downgrade the policy file, and cannot find policy.29 this file [[email protected] ~]# more/etc/redhat-releasered Hat Enterprise Linux Server Release 7.0 (Maipo) [[email protected] ~]# uname-r3.10.0-123.el7.x86_64## #下面查看selinux配置, as below, for disabled status [[ Email protected] ~]# sestatusselinux status:disabled[[email protected] ~]# getenforceDisabled[[email protected] ~]# rpm-q Libsepol libsemanage libselinuxlibsepol-2.1.9-3.el7.x86_64libsemanage-2.1.10-16.el7.x86_ 64libselinux-2.2.2-6.el7.x86_64### temporarily modify SELinux configuration [[email protected] ~]# setenforce 1 # # #尝试设置为1, still prompt to close Setenforce : SELinux is disabled[[email protected] ~]# getenforcedisabled### View enforce configuration file [[email protected] ~]# more/ etc/sysconfig/selinux# This file controls the state of SELinux in the system.# selinux= can take one of the these three values : # Enforcing-selinux Security policy is enforced.# permissive-selinux prints warnings instead of enforcing.# disabled -No SELinux policy is loaded. #SELINUX =permissiveselinux=disabled# Selinuxtype= can take one of these, values:# targeted-targeted processes is protected,# minimum-modification of Targeted policy. Only selected processes is protected.# Mls-multi level Security protection. selinuxtype=targeted### manually modifying the configuration file [[email protected] ~]# vi/etc/sysconfig/selinuxselinux=enforce[[email Protected] ~]# Getenforce # # #依旧为关闭Disabled # # #不知道什么原因导致配置修改无法生效, so try restarting linux[[email protected] ~]# reboot### Re-modify and execute all Ok[[email protected] ~]# getenforcepermissive[[email protected] ~]#[[email protected] ~]#[[ Email protected] ~]# Setenforce 1[[email protected] ~]#[[email protected] ~]# getenforceEnforcing### Execute semanage successfully [[email protected] ~]# semanage fcontext-a-t ' public_content_t '/protected (/.*)? ' [[email protected] ~]#
Selinux:could Not downgrade policy file