Duo 2.0 yum install issue with RHEL9 and SELinux

When trying to yum install duo_unix we are getting the following SELinux errors. Has anyone encountered this problem? 1.12 works fine when installing and updates SELinux as expected.

Running transaction
Preparing : 1/1
Installing : duo_unix-2.0.0-0.el9.x86_64 1/1
Running scriptlet: duo_unix-2.0.0-0.el9.x86_64 1/1
libsemanage.semanage_pipe_data: Child process /usr/libexec/selinux/hll/pp failed with code: 255. (No such file or directory).
authlogin_duo: libsepol.policydb_read: policydb module version 21 does not match my version range 4-20
authlogin_duo: libsepol.sepol_module_package_read: invalid module in module package (at section 0)
authlogin_duo: Failed to read policy package
libsemanage.semanage_direct_commit: Failed to compile hll files into cil files.
(No such file or directory).
semodule: Failed!

I’m having the same issue on RHEL 9.

According to the Red Hat article on this topic:

The error indicates that the module being installed was compiled on a system that is more recent than the one the module is trying to be installed on
If you have access to the corresponding .te file, you may try to rebuild the module […]
Otherwise, you need to contact the module vendor

So it seems to me that Duo need to fix their rpm (specifically, /usr/share/selinux/packages/authlogin_duo.pp.bz2 as included in duo_unix-2.0.0-0.el9.x86_64).

We are having the same issue too on EL9 in general.

Hey everyone. We’ve updated the Duo Unix 2.0.0 RHEL 9 package to hopefully fix this.

1 Like

Thanks. I don’t see the updated rpm in the yum repository yet, but FTR the recent RHEL 9.1 release bumps the max policydb module version from 20 to 21, so the issue should be gone in RHEL 9.1 anyway.

You don’t? Are you using our packages repo at pkg.duosecurity.com or something not maintained by us?

Using

baseurl=http://pkg.duosecurity.com/RedHat/$releasever/$basearch

I still only see duo_unix-2.0.0-0.el9.x86_64.rpm, with a build date of 17 Aug.