SELinux setting httpd_can_network_relay to on throws error, "could not convert system_u:object_r:systemd_sleep_exec_t:s0 to sid". How is this fixed?

myNewAccount asked:

Environment: Digital Ocean Droplet, CentOS 8

The State of httpd_can_network_relay is set to on. However the Default is set to off.

$ sudo semanage boolean -l | grep httpd_can_network_relay

httpd_can_network_relay        (on   ,  off)  Allow httpd to can network relay

However when I attempt to set the default to on I get an error. I’m not sure how to approach this.

$ sudo setsebool httpd_can_network_relay 1 -P

libsepol.context_from_record: type systemd_sleep_exec_t is not defined

libsepol.context_from_record: could not create context structure

libsepol.context_from_string: could not create context structure

libsepol.sepol_context_to_sid: could not convert system_u:object_r:systemd_sleep_exec_t:s0 to sid

invalid context system_u:object_r:systemd_sleep_exec_t:s0

All repos are up to date with dnf.

$ dnf repolist
appstream                                               CentOS Linux 8 - AppStream
baseos                                                  CentOS Linux 8 - BaseOS
epel                                                    Extra Packages for Enterprise Linux 8 - x86_64
epel-modular                                            Extra Packages for Enterprise Linux Modular 8 - x86_64
extras                                                  CentOS Linux 8 - Extras
nginx-stable                                            nginx stable repo
nodesource                                              Node.js Packages for Enterprise Linux 8 - x86_64

My answer:

Hmm. The only thing I can think of that might cause this is the on-disk SELinux policy being corrupted. Try reinstalling it.

dnf reinstall "selinux-policy*"

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.