Bug 1237065
| Summary: | [ISO] warning: %post(samba-vfs-glusterfs-0:4.1.17-7.el6rhs.x86_64) scriptlet failed, exit status 255 seen in install.log | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Red Hat Storage] Red Hat Gluster Storage | Reporter: | Prasanth <pprakash> | ||||
| Component: | samba | Assignee: | rhs-smb <rhs-smb> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Prasanth <pprakash> | ||||
| Severity: | urgent | Docs Contact: | |||||
| Priority: | urgent | ||||||
| Version: | rhgs-3.1 | CC: | amainkar, annair, asrivast, dpati, jarrpa, lkocman, mmalik, ndevos, nlevinki, nsathyan, pprakash, rcyriac, rhs-bugs, rnachimu, sgirijan, vagarwal | ||||
| Target Milestone: | --- | ||||||
| Target Release: | RHGS 3.1.0 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | glusterfs-3.7.1-10 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2015-07-29 05:08:39 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1202842 | ||||||
| Attachments: |
|
||||||
More details:
#######
[root@sherrif rpm]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
[root@ ~]# rpm -qa |grep policycoreutils
policycoreutils-2.0.83-24.el6.x86_64
policycoreutils-python-2.0.83-24.el6.x86_64
[root@ ~]# getsebool -a | grep samba
bacula_use_samba --> off
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_load_libgfapi --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_use_samba --> off
[root@ ~]# rpm -q --scripts samba-vfs-glusterfs
postinstall scriptlet (using /bin/sh):
if getsebool samba_load_libgfapi &>/dev/null; then
setsebool -P samba_load_libgfapi 1
fi
postuninstall scriptlet (using /bin/sh):
if getsebool samba_load_libgfapi &>/dev/null; then
setsebool -P samba_load_libgfapi 0
fi
#########
On further debugging, I strongly believe that this warning is seen because "samba-vfs-glusterfs" postinstall scriptlet is trying to set some required SELinux boo-leans even before "selinux-policy-*" packages are installed in the system. Hence, it fails to set and throws out a warning message. Apart from Samba, some other packages (nagios, ctdb, etc) also might try to set similar booleans during their rpm post installation. So a solution that I can think of to avoid this kind of situation is to re-arrange the packages during the package installation so that selinux-policy* packages are installed first before any gluster related packages. Sreenath, is it possible to fix it as mentioned in Comment 2? If you also have some other better options to fix this, please suggest that as well. This is also applicable for nagios plugins. package 'gluster-nagios-addons' should be installed after all the selinux policy rpms. Hello, why don't you simply set requires in the samba-vfs-glusterfs for require selinux-policy. Please move this to samba-vfs-glusterfs component. This won't be done by releng. Thanks for understanding Lubos rel-eng This seems to be exactly the same as what I posted in a similar bug against the glusterfs component. Each package that modifies selinux booleans in the rpm scriptlets should have is own dependency on selinux-policy(-targeted). More details in this comment: https://bugzilla.redhat.com/show_bug.cgi?id=1238055#c6 I might be wrong because I'm not a developer, but I would like to help you. Your package should require: + policycoreutils package because it brings the setsebool command + libselinux-utils package because it brings the getsebool command + selinux-policy-targeted or selinux-policy-base (virtual package) because it brings the policy where booleans are defined and stored There are few packages which change SELinux booleans either by setsebool or semanage: # rpm -qa --scripts | grep -e setsebool -e semanage Verified as fixed in the latest ISO RHGSS-3.1-20150713.n.0-RHS-x86_64-DVD1.iso
No error/warning messages are seen in the install.log after selecting ALL the available optional packages including Samba.
##############
[root@hamm ~]# cat /etc/redhat-storage-release
Red Hat Gluster Storage Server 3.1
[root@hamm ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.7 (Santiago)
[root@hamm ~]# rpm -qa selinux\*
selinux-policy-targeted-3.7.19-279.el6.noarch
selinux-policy-3.7.19-279.el6.noarch
[root@hamm ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
[root@hamm ~]# getsebool -a | grep samba
bacula_use_samba --> off
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_load_libgfapi --> on
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_use_samba --> off
[root@hamm ~]# rpm -q --scripts samba-vfs-glusterfs
postuninstall scriptlet (using /bin/sh):
if type getsebool &>/dev/null && getsebool samba_load_libgfapi &>/dev/null; then
setsebool -P samba_load_libgfapi 0 &>/dev/null || true
fi
posttrans scriptlet (using /bin/sh):
if type getsebool &>/dev/null && getsebool samba_load_libgfapi &>/dev/null; then
setsebool -P samba_load_libgfapi 1 &>/dev/null || true
fi
##############
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-1495.html |
Created attachment 1044637 [details] install.log_RHGSS-3.1-20150629.n.0-RHS-x86_64-DVD1.iso Description of problem: Following warning message is seen after an ISO install of RHGS-3.1: ##### Installing samba-vfs-glusterfs-4.1.17-7.el6rhs.x86_64 Cannot set persistent booleans without managed policy. warning: %post(samba-vfs-glusterfs-0:4.1.17-7.el6rhs.x86_64) scriptlet failed, exit status 255 Installing samba-common-4.1.17-7.el6rhs.x86_64 Installing samba-4.1.17-7.el6rhs.x86_64 Installing libsmbclient-4.1.17-7.el6rhs.x86_64 Installing samba-winbind-modules-4.1.17-7.el6rhs.x86_64 Installing samba-winbind-4.1.17-7.el6rhs.x86_64 ###### Version-Release number of selected component (if applicable): ----------- RHGSS-3.1-20150629.n.0-RHS-x86_64-DVD1.iso [root@ ~]# cat /etc/redhat-storage-release Red Hat Gluster Storage Server 3.1 [root@ ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.7 (Santiago) [root@ ~]# rpm -qa selinux\* selinux-policy-3.7.19-279.el6.noarch selinux-policy-targeted-3.7.19-279.el6.noarch ----------- How reproducible: 100% Steps to Reproduce: 1. Install RHGS-3.1 using the latest available ISO - RHGSS-3.1-20150629.n.0-RHS-x86_64-DVD1.iso 2. Post installation and reboot, check the install.log 3. Actual results: Warning messages are seen in install.log after the ISO installation. Expected results: No warning messages should be seen after an ISO installation Additional info: