Bug 120279
| Summary: | rpm checks selinux/file_contents when selinux is disabled | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | shmuel siegel <fedora> |
| Component: | rpm | Assignee: | Jeff Johnson <jbj> |
| Status: | CLOSED RAWHIDE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | devscott, gt, h.mayer, horsley1953, katzj, philip.r.schaffner, rkrishnamoorthy_81 |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i686 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2004-05-07 04:12:23 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 114961 | ||
"same here" on FC2test3 (didn't have this scenario on FC2test2) kernel 2.6.5-1.327 policy policy-1.11.2-13 rpm-4.3.1-0.3 Similar problems with "yum upgrade" - lots of selinux errors. (OT - yum insists on "updating" compat-db which does not appear to have been installed originally and installs several compat packages to satisfy dependencies: # yum upgrade ... grabs lots of headers ... Finding obsoleted packages Resolving dependencies ..Dependencies resolved I will do the following: [update: compat-db 4.1.25-2.1.i386] I will install/upgrade these to satisfy the dependencies: [deps: compat-libstdc++-devel 7.3-2.96.126.i386] [deps: compat-gcc 7.3-2.96.126.i386] [deps: compat-gcc-c++ 7.3-2.96.126.i386] [deps: compat-libstdc++ 7.3-2.96.126.i386] Is this ok [y/N]: y /OT) This is where the selinux errors appear... rpm -e policy will shut rpm up pretty much. Discussed in #fedora-devel
(22:57:24) jeremy: devscott: simple workaround is to put
%__file_context_path %{nil} in /etc/rpm/macros
Tis works to!
Same here. Pretty annoying, in particular since selinux is off by default! Does one need the macro in case one turns selinux on? *** Bug 120612 has been marked as a duplicate of this bug. *** *** Bug 121226 has been marked as a duplicate of this bug. *** Should be better with current SysVinit + kernel. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040312 Description of problem: I am running with SELINUX=disabled in /etc/sysconfig/selinux ls -Z says that I need a Selinux kernel getenforce says disabled so far nothing strange. However when I run up2date and it actually does something, (i.e., I have something to install) I get about a thousand invalid context warnings from /etc/security/selinux/file_contexts. Typical messages are /etc/security/selinux/file_contexts: invalid context root:object_r:staff_home_xauth_t on line number 1750 /etc/security/selinux/file_contexts: invalid context system_u:object_r:default_context_t on line number 1751 On the fedora-test-list I was told RPM is checking to see the contents of /etc/security/selinux/file_context for each file installed, and the kernel is telling rpm it has no idea what it is talking about and rpm is reporting this as an error (Warning actually). So RPM should be doing a check to is_selinux_enabled() before trying to assign context. Version-Release number of selected component (if applicable): rpm-4.3.1-0.1 How reproducible: Always Steps to Reproduce: 1.Make sure that SELinux is disabled 2.Login as root 3.run up2date when there is something to update Actual Results: up2date ran and installed the new packages but gave about a thousand warning messages Expected Results: install packages without warning messages Additional info: I am using kernel-2.6.4-1.305 and policy-1.9.2-12