Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1180
Views
1
Helpful
6
Replies

Duo 2.0 yum install issue with RHEL9 and SELinux

jmelissari
Level 1
Level 1

‎11-01-2022 08:56 AM

When trying to yum install duo_unix we are getting the following SELinux errors. Has anyone encountered this problem? 1.12 works fine when installing and updates SELinux as expected.

Running transaction
Preparing : 1/1
Installing : duo_unix-2.0.0-0.el9.x86_64 1/1
Running scriptlet: duo_unix-2.0.0-0.el9.x86_64 1/1
libsemanage.semanage_pipe_data: Child process /usr/libexec/selinux/hll/pp failed with code: 255. (No such file or directory).
authlogin_duo: libsepol.policydb_read: policydb module version 21 does not match my version range 4-20
authlogin_duo: libsepol.sepol_module_package_read: invalid module in module package (at section 0)
authlogin_duo: Failed to read policy package
libsemanage.semanage_direct_commit: Failed to compile hll files into cil files.
(No such file or directory).
semodule: Failed!

Labels:
0 Helpful
6 Replies 6

rgmorris
Level 1
Level 1

‎11-08-2022 04:48 PM

I’m having the same issue on RHEL 9.

According to the Red Hat article on this topic:

The error indicates that the module being installed was compiled on a system that is more recent than the one the module is trying to be installed on
If you have access to the corresponding .te file, you may try to rebuild the module […]
Otherwise, you need to contact the module vendor

So it seems to me that Duo need to fix their rpm (specifically, /usr/share/selinux/packages/authlogin_duo.pp.bz2 as included in duo_unix-2.0.0-0.el9.x86_64).

0 Helpful

yasinnc
Level 1
Level 1
In response to rgmorris

‎11-09-2022 05:46 AM

We are having the same issue too on EL9 in general.

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee
In response to yasinnc

‎11-16-2022 10:44 AM

Hey everyone. We’ve updated the Duo Unix 2.0.0 RHEL 9 package to hopefully fix this.

Duo, not DUO.

rgmorris
Level 1
Level 1

‎11-17-2022 12:30 PM

Thanks. I don’t see the updated rpm in the yum repository yet, but FTR the recent RHEL 9.1 release bumps the max policydb module version from 20 to 21, so the issue should be gone in RHEL 9.1 anyway.

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee
In response to rgmorris

‎11-18-2022 06:07 AM

You don’t? Are you using our packages repo at pkg.duosecurity.com or something not maintained by us?

Duo, not DUO.
0 Helpful

rgmorris
Level 1
Level 1

‎11-18-2022 09:33 AM

Using

baseurl=http://pkg.duosecurity.com/RedHat/$releasever/$basearch

I still only see duo_unix-2.0.0-0.el9.x86_64.rpm, with a build date of 17 Aug.

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents