Bug 1238055
Summary: | [SELinux] glusterfs-server-3.7.1-<>.el6rhs should have a dependency >=selinux-policy-targeted-3.7.19-279.el6.noarch and selinux-policy-3.7.19-279.el6.noarch | ||
---|---|---|---|
Product: | [Red Hat Storage] Red Hat Gluster Storage | Reporter: | Prasanth <pprakash> |
Component: | build | Assignee: | Niels de Vos <ndevos> |
Status: | CLOSED WONTFIX | QA Contact: | Prasanth <pprakash> |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | rhgs-3.1 | CC: | amainkar, annair, asrivast, barumuga, nlevinki, nsathyan, pprakash, rcyriac, rhs-bugs, rnachimu, vagarwal |
Target Milestone: | --- | ||
Target Release: | RHGS 3.1.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-07-03 18:12:08 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Prasanth
2015-07-01 06:01:50 UTC
I think a dependency on selinux-policy package is enough. It should pull in the selinux-policy-targeted package as dependency. Can you check this out ? (In reply to Rejy M Cyriac from comment #1) > I think a dependency on selinux-policy package is enough. It should pull in > the selinux-policy-targeted package as dependency. Can you check this out ? In fact, it's the other way. 'selinux-policy-targeted' pulls in 'selinux-policy' as a dependency. See below: ######### # yum install selinux-policy-targeted Loaded plugins: product-id, rhnplugin, security, subscription-manager This system is receiving updates from RHN Classic or RHN Satellite. Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package selinux-policy-targeted.noarch 0:3.7.19-279.el6 will be installed --> Processing Dependency: selinux-policy = 3.7.19-279.el6 for package: selinux-policy-targeted-3.7.19-279.el6.noarch --> Processing Dependency: selinux-policy = 3.7.19-279.el6 for package: selinux-policy-targeted-3.7.19-279.el6.noarch --> Running transaction check ---> Package selinux-policy.noarch 0:3.7.19-279.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================================================== Package Arch Version Repository Size ============================================================================================================================================================================================== Installing: selinux-policy-targeted noarch 3.7.19-279.el6 RHEL_Guest-6.7-Puddle 3.1 M Installing for dependencies: selinux-policy noarch 3.7.19-279.el6 RHEL_Guest-6.7-Puddle 881 k Transaction Summary ============================================================================================================================================================================================== Install 2 Package(s) Total download size: 3.9 M Installed size: 13 M Is this ok [y/N]: y Downloading Packages: (1/2): selinux-policy-3.7.19-279.el6.noarch.rpm | 881 kB 00:00 (2/2): selinux-policy-targeted-3.7.19-279.el6.noarch.rpm | 3.1 MB 00:05 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ######### patch is under review https://code.engineering.redhat.com/gerrit/52096 Adding a dependency on selinux-policy-targeted does not like the right approach to me. After talking to Prasanth, it was assumed that this would solve problems like this: - some package from RHGS gets updates - said package has a %post script that modifies a new selinux boolean - the new selinux boolean is not available yet, setting it fails - selinux-policy-targeted gets updated, new boolean is made available I am not sure if it is common practise to change an selinux boolean in a %post script of an RPM package. It is not something I have seen getting done before. I would assume that there is a cleaner way of doing this, maybe by providing some selinux policy module that overloads the default boolean values. This is something selinux developers should be able to assist with. For the immediate need of fixing the sketched problem, a dependency in the package(s) that modifies selinux booleans in %post is needed. The only (ugly) way to do this that I know of, is by adding a dependency like this: Requires(post): selinux-policy-targeted >= 3.7.19-279 The (post) after the Requires indicates that %post script. In case the package modifies a selinux boolean in %pre, the format would be like "Requires(pre)". This needs some testing, a versioned dependency like this is not very common. Prasanth, do you know what the plan is with this? Should I close this bug and do you open separate bugs for each of the packages that modify SElinux booleans in rpm scriptlets? RCM gave a similar response in https://bugzilla.redhat.com/show_bug.cgi?id=1237065#c5 (In reply to Niels de Vos from comment #7) > Prasanth, do you know what the plan is with this? Should I close this bug > and do you open separate bugs for each of the packages that modify SElinux > booleans in rpm scriptlets? Niels, as discussed in today's meeting, we all agreed to a common solution which is to create a dependency in the package(s) that modifies selinux booleans, instead of creating a dependency for glusterfs-server on selinux-policy. So based on that, i'm closing this bZ for now and will open new BZ's for different components that needs this fix. |