Bug 1240253
Summary: | [SELinux] ctdb should have a dependency on selinux packages (RHEL-7.1) | ||
---|---|---|---|
Product: | [Red Hat Storage] Red Hat Gluster Storage | Reporter: | Prasanth <pprakash> |
Component: | samba | Assignee: | Jose A. Rivera <jarrpa> |
Status: | CLOSED ERRATA | QA Contact: | surabhi <sbhaloth> |
Severity: | high | Docs Contact: | |
Priority: | urgent | ||
Version: | rhgs-3.1 | CC: | amainkar, annair, asrivast, gdeschner, jarrpa, mgrepl, mmalik, nlevinki, nsathyan, pprakash, rcyriac, sbhaloth, vagarwal |
Target Milestone: | --- | ||
Target Release: | RHGS 3.1.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ctdb2.5-2.5.5-6.el7rhgs | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-07-29 05:10:08 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1202842, 1212796 |
Description
Prasanth
2015-07-06 11:10:55 UTC
This decision is wrong. The right thing to do is to check for and use the selinux command line tools during %posttrans and a %triggerpostin for selinux-policy-targeted. I already have a build ready for verification, just need the right flags on this BZ. With the latest build ctdb2.5-2.5.5-4.el7rhgs : As discussed and raised regarding the dependencies for selinux package to be created for ctdb , the specific version of selinux package: selinux-policy-targeted-3.7.19-279.el6.noarch should have been made dependent. As per brew logs it seems we have a generic dependency on following package: selinux-policy-targeted Which may cause issues in certain scenarios where the booleans which we are trying to set are not available in the older selinux package and someone doesn't upgrade the selinux package. Even though we recommend to do yum update and pull in all latest package but in case if only ctdb and samba packages are updated and not selinux package then the booleans will not get set and the issue will still persist, so as discussed and decided let's have the dependency on specific verison of selinux so that while doing install/upgrade of samba and ctdb package , the selinux is up-to-date and we don't hit any AVC's or issues. Moving the BZ to assigned. The CTDB package ctdb2.5-2.5.5-6.el7rhgs has dependency on selinux package and pulls in while installing ctdb package, but I see errors in post_install and pre_install script. Raising another BZ for this issue. The dependency issue is verified. For the pre_un and post_un raising new BZ. yum install ctdb Loaded plugins: product-id, subscription-manager Resolving Dependencies --> Running transaction check ---> Package ctdb2.5.x86_64 0:2.5.5-6.el7rhgs will be installed --> Processing Dependency: selinux-policy-targeted >= 3.13.1-23 for package: ctdb2.5-2.5.5-6.el7rhgs.x86_64 --> Processing Dependency: tdb-tools for package: ctdb2.5-2.5.5-6.el7rhgs.x86_64 --> Running transaction check ---> Package selinux-policy-targeted.noarch 0:3.13.1-23.el7_1.8 will be installed --> Processing Dependency: selinux-policy = 3.13.1-23.el7_1.8 for package: selinux-policy-targeted-3.13.1-23.el7_1.8.noarch --> Processing Dependency: selinux-policy = 3.13.1-23.el7_1.8 for package: selinux-policy-targeted-3.13.1-23.el7_1.8.noarch ---> Package tdb-tools.x86_64 0:1.3.4-1.el7rhgs will be installed --> Running transaction check ---> Package selinux-policy.noarch 0:3.13.1-23.el7_1.8 will be installed --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================================================================================== Package Arch Version Repository Size ======================================================================================================================================================================== Installing: ctdb2.5 x86_64 2.5.5-6.el7rhgs Server-RH-Gluster-3-Server 512 k Installing for dependencies: selinux-policy noarch 3.13.1-23.el7_1.8 rhel-7-server-rpms 357 k selinux-policy-targeted noarch 3.13.1-23.el7_1.8 rhel-7-server-rpms 3.9 M tdb-tools x86_64 1.3.4-1.el7rhgs Server-RH-Gluster-3-Server 29 k Transaction Summary ======================================================================================================================================================================== Install 1 Package (+3 Dependent packages) Total download size: 4.8 M Installed size: 11 M Is this ok [y/d/N]: y Downloading packages: (1/4): tdb-tools-1.3.4-1.el7rhgs.x86_64.rpm | 29 kB 00:00:00 (2/4): ctdb2.5-2.5.5-6.el7rhgs.x86_64.rpm | 512 kB 00:00:00 (3/4): selinux-policy-3.13.1-23.el7_1.8.noarch.rpm | 357 kB 00:00:01 (4/4): selinux-policy-targeted-3.13.1-23.el7_1.8.noarch.rpm | 3.9 MB 00:00:02 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Total 2.2 MB/s | 4.8 MB 00:00:02 Running transaction check Running transaction test Transaction test succeeded Installing : selinux-policy-3.13.1-23.el7_1.8.noarch 1/4 warning: Failed to open SELinux handle. semodule: Could not begin transaction: No such file or directory Installing : selinux-policy-targeted-3.13.1-23.el7_1.8.noarch 2/4 Installing : tdb-tools-1.3.4-1.el7rhgs.x86_64 3/4 Installing : ctdb2.5-2.5.5-6.el7rhgs.x86_64 4/4 /var/tmp/rpm-tmp.Q0fPKz: line 1: systemd_post: command not found warning: %post(ctdb2.5-2.5.5-6.el7rhgs.x86_64) scriptlet failed, exit status 127 Non-fatal POSTIN scriptlet failure in rpm package ctdb2.5-2.5.5-6.el7rhgs.x86_64 Verifying : tdb-tools-1.3.4-1.el7rhgs.x86_64 1/4 Verifying : selinux-policy-targeted-3.13.1-23.el7_1.8.noarch 2/4 Verifying : ctdb2.5-2.5.5-6.el7rhgs.x86_64 3/4 Verifying : selinux-policy-3.13.1-23.el7_1.8.noarch 4/4 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-1495.html |