Bug 1146580
| Summary: | Mislabelled /usr/sbin, /usr/bin after fedup | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Dr. David Alan Gilbert <rh> |
| Component: | fedup-dracut | Assignee: | Will Woods <wwoods> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 21 | CC: | awilliam, dominick.grift, dwalsh, jreznik, jzeleny, kalevlember, kparal, lvrabec, mgrepl, mruckman, novyjindrich, packaging-team-maint, pknirsch, pmatilai, rh, robatino, tflink, wwoods |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | AcceptedBlocker AcceptedFreezeException | ||
| Fixed In Version: | fedup-dracut-0.9.0-1.fc21 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-10-28 21:48:55 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1043124, 1043127 | ||
|
Description
Dr. David Alan Gilbert
2014-09-25 14:43:56 UTC
It looks like some kind of yum/fedup/rpm bug which is not putting labels down properly. Seems like rpm labeling is being turned off? In Fedora >= 21, selinux support of rpm was moved into a plugin, which rpm requires for now to make sure it gets dragged in on upgrades. Its of course possible that there are regressions in the selinux plugin, but given that fedup runs in a specially built initrd (AFAIK) then its probably simply missing this new thing (%{_libdir}/rpm-plugins/selinux.so) that needs to be copied into the initrd.
Ah, plugins. Magically breaking automatic dependency-gathering stuff since the invention of ldopen()... This will need to be fixed in fedup-dracut, which means the fix has to be built into the installer image. Did the SELinux mislabeling prevent your system from working in any way? wwoods just drew my attention to this. Nominating for both blocker and FE status. We are not 100% sure yet whether the mislabelling breaks stuff, but it seems fairly likely it does, and if it did, that'd probably be a blocker. Criterion: "For each one of the release-blocking package sets, it must be possible to successfully complete an upgrade from a fully updated installation of the previous stable Fedora release with that package set installed. ... Upgraded system requirements: The upgraded system must meet all release criteria." https://fedoraproject.org/wiki/Fedora_21_Beta_Release_Criteria#Upgrade_requirements I'd want to know for sure if the mislabelling causes critical breakage to vote +1 blocker, but I think it makes sense to say +1 FE right now as Will says the fix is simple and low-risk, and it's probably a good idea to get it in right now so hopefully once the udev bug is fixed we'll have fully working fedup. +1 blocker +1 FE now, +1 blocker if it turns out to cause blocking breakage. Will: 'Did the SELinux mislabeling prevent your system from working in any way?' Yes, but not disastrously. The first thing I hit was libvirt over ssh hitting problems; but then I relabelled /sbin and /usr/bin, but then I keep hitting a few more from time to time and find something else I have to relabel; probably the worst thing will be hitting random problems for ages as the effects of mislabelling trickle around. So, it boots, but is a mess. +1 FE Based on comment #7, +1 FE, at least for now to grant ack to potential fix. Discussed in 2014-10-20 Blocker Review meeting [1]. Accepted as a freeze exception. This bug would be great to get fixed for Beta. Blocker status is still undetermined, provide more information in the bug if severe breakage is found for it. [1] http://meetbot.fedoraproject.org/fedora-blocker-review/2014-10-20/ Discussed at 2014-10-22 blocker review meeting: http://meetbot.fedoraproject.org/fedora-blocker-review/2014-10-22/f21-blocker-review.2014-10-22-16.03.log.txt . We think it's pretty likely this breaks things badly enough to constitute a violation of various other criteria like 'working desktop login and browser', so this is accepted as a blocker per criterion cited in c#4. However, it's worth noting we have a bit of flexibility in re exactly how fedup gets upgrade.img; it can be specified with --instrepo and the default location comes from MirrorManager. So it's possible we may be able to fudge this as not needing to be fixed in the frozen Beta package set, if it comes down to this bug at go/no-go. For the record. This only really, really needs to be fixed in frozen Beta package set if we're going to point https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-install-21 at the frozen Beta tree. fedup-dracut-0.9.0-1.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/fedup-dracut-0.9.0-1.fc21 Package fedup-dracut-0.9.0-1.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing fedup-dracut-0.9.0-1.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-13615/fedup-dracut-0.9.0-1.fc21 then log in and leave karma (feedback). fedup-dracut-0.9.0-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. |