Bug 1262424

Summary: rpm fails with no error message if /etc/selinux/targeted/contexts/files/* missing
Product: [Fedora] Fedora Reporter: Eric Paris <eparis>
Component: dnfAssignee: Packaging Maintenance Team <packaging-team-maint>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 22CC: dwalsh, jsilhan, jzeleny, lkardos, mgrepl, mluscon, novyjindrich, packaging-team-maint, pknirsch, pnemade, vmukhame
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-03-21 12:48:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Eric Paris 2015-09-11 15:33:48 UTC 
The selinux team has often suggest people do:

mv /etc/selinux/targeted /etc/selinux/targeted.bak
yum/dnf reinstall -y selinux-policy-targeted

To get people back to default selinux.

But rpm no longer functions without /etc/selinux/targeted/contexts/files/*

To reproduce simply move /etc/selinux/targeted away and try to install and rpm. It will return $? == 1 very quickly. 

This used to work. I don't know if an selinux library changed or if rpm changed to be more strict, but it was nice to be able to blow away etc and get it back with a fresh rpm install...

At the very least an error message really needs to propagate up about the problem rather than silence.

(it still is possible to accomplish what I wanted like so)
mv /etc/selinux/targeted /etc/selinux/targeted.bak
mkdir -p /etc/selinux/targeted/contexts/files/
cp -a /etc/selinux/targeted.bca/contexts/files/* /etc/selinux/targeted/contexts/files/
dnf reinstall -y selinux-policy-targeted
Comment 1 Ľuboš Kardoš 2016-03-07 14:51:23 UTC 
Fixed upstream [1]. Now rpm behaves like this:

# rpm --reinstall selinux-policy-targeted-3.13.1-158.7.fc23.noarch.rpm
error: Plugin selinux: hook tsm_pre failed

# rpm  -vv --reinstall selinux-policy-targeted-3.13.1-158.7.fc23.noarch.rpm
...
D: selabel_open: (/etc/selinux/targeted/contexts/files/file_contexts) No such file or directory
error: Plugin selinux: hook tsm_pre failed
...


But dnf is not able to show this error and the rpm error message is lost, it is not in any of dnf log files:

# dnf reinstall selinux-policy-targeted
...
Running transaction
Failed to obtain the transaction lock (logged in as: root).
The downloaded packages were saved in cache till the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: Could not run transaction.

I understand that dnf don't want rpmlib to directly print to stderr and logs from rpmlib are redirected somewhere. But I would expect that these rpm logs will be stored somewhere and user can examine them after transaction fails.

Also the message "Failed to obtain the transaction lock" is not very helpful. Maybe "Transaction failed. For details see some_dnf_rpm.log" would be better.


[1] https://github.com/rpm-software-management/rpm/commit/468726ece5f3ed1209460120044d2d63bd0a561b
Comment 2 Honza Silhan 2016-03-21 12:48:38 UTC 

*** This bug has been marked as a duplicate of bug 1204488 ***