Bug 1240251

This decision is wrong. The right thing to do is to check for and use the selinux command line tools during %posttrans and a %triggerpostin for selinux-policy-targeted.

I already have a build ready for verification, just need the right flags on this BZ.

With the latest build ctdb2.5-2.5.5-4.el6rhs :
As discussed and raised regarding the dependencies for selinux package to be created for ctdb , the specific version of selinux package: selinux-policy-targeted-3.7.19-279.el6.noarch should have been made dependent.

As per brew logs it seems we have a generic dependency on following package:
selinux-policy-targeted

Which may cause issues in certain scenarios where the booleans which we are trying to set are not available in the older selinux package and somebone doesn't upgrade the selinux package.

Even though we recommend to do yum update and pull in all latest package but in case if only ctdb and samba packages are updated and not selinux package then the booleans will not get set and the issue will still persist, so as discussed and decided  let's have the dependency on specific verison of selinux so that while doing install/upgrade of samba and ctdb package , the selinux is up-to-date and we don't hit any AVC's or issues.


Moving the BZ to assigned.

Verified with the latest build ctdb2.5-2.5.5-6.el6rhs.x86_64
The ctdb package is pulling in selinux-policy-targeted-0:3.7.19-279.el6 as dependency and setting the boolean required.

Steps performed:

1.Check the boolean initially:
getsebool use_fusefs_home_dirs
use_fusefs_home_dirs --> off

2. Install/update ctdb without having repo for latest selinux package:

The install/update of ctdb fails as the dependent selinux package is not available.

http://10.10.160.20/brewroot/packages/ctdb2.5/2.5.5/6.el6rhs/x86_64/ctdb2.5-2.5.5-6.el6rhs.x86_64.rpm
Retrieving http://10.10.160.20/brewroot/packages/ctdb2.5/2.5.5/6.el6rhs/x86_64/ctdb2.5-2.5.5-6.el6rhs.x86_64.rpm
error: Failed dependencies:
	selinux-policy-targeted >= 3.7.19-279 is needed by ctdb2.5-2.5.5-6.el6rhs.x86_64

3. Now add the repo with latest selinux package:
4. Yum install/update ctdb

Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package ctdb2.5.x86_64 0:2.5.5-6.el6rhs will be installed
--> Processing Dependency: selinux-policy-targeted >= 3.7.19-279 for package: ctdb2.5-2.5.5-6.el6rhs.x86_64
--> Running transaction check
---> Package selinux-policy-targeted.noarch 0:3.7.19-279.el6 will be installed
--> Processing Dependency: selinux-policy = 3.7.19-279.el6 for package: selinux-policy-targeted-3.7.19-279.el6.noarch
--> Running transaction check
---> Package selinux-policy.noarch 0:3.7.19-279.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==================================================================================
 Package    Arch   Version        Repository                                 Size
==================================================================================
Installing:
 ctdb2.5    x86_64 2.5.5-6.el6rhs External-RH-Gluster-3-Server-Repository-3 526 k
Installing for dependencies:
 selinux-policy
            noarch 3.7.19-279.el6 External-RH-Gluster-3-Server-Repository-1 880 k
 selinux-policy-targeted
            noarch 3.7.19-279.el6 External-RH-Gluster-3-Server-Repository-1 3.1 M

Transaction Summary
==================================================================================
Install       3 Package(s)

Total download size: 4.4 M
Installed size: 14 M
Is this ok [y/N]: y
Downloading Packages:
(1/3): ctdb2.5-2.5.5-6.el6rhs.x86_64.rpm                   | 526 kB     00:00     
(2/3): selinux-policy-3.7.19-279.el6.noarch.rpm            | 880 kB     00:00     
(3/3): selinux-policy-targeted-3.7.19-279.el6.noarch.rpm   | 3.1 MB     00:00     
----------------------------------------------------------------------------------
Total                                             3.6 MB/s | 4.4 MB     00:01     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : selinux-policy-3.7.19-279.el6.noarch                           1/3 
  Installing : selinux-policy-targeted-3.7.19-279.el6.noarch                  2/3 
  Installing : ctdb2.5-2.5.5-6.el6rhs.x86_64                                  3/3 
libsemanage.dbase_llist_query: could not query record value (No such file or directory).
restorecon reset /var/run/ctdb context unconfined_u:object_r:var_run_t:s0->unconfined_u:object_r:ctdbd_var_run_t:s0
restorecon reset /usr/sbin/ctdbd_wrapper context unconfined_u:object_r:bin_t:s0->unconfined_u:object_r:ctdbd_exec_t:s0
  Verifying  : selinux-policy-3.7.19-279.el6.noarch                           1/3 
  Verifying  : selinux-policy-targeted-3.7.19-279.el6.noarch                  2/3 
  Verifying  : ctdb2.5-2.5.5-6.el6rhs.x86_64                                  3/3 

Installed:
  ctdb2.5.x86_64 0:2.5.5-6.el6rhs                                                 

Dependency Installed:
  selinux-policy.noarch 0:3.7.19-279.el6                                          
  selinux-policy-targeted.noarch 0:3.7.19-279.el6                                 

Complete!


5. Check the boolean again:
 getsebool use_fusefs_home_dirs
use_fusefs_home_dirs --> on

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-1495.html