Bug 1315779

Summary: Current Rawhide Workstation live image does not reach GDM due to mislabelled /run/systemd/inhibit and /run/user/1000
Product: Red Hat Enterprise Linux 7 Reporter: Lukas Vrabec <lvrabec>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED ERRATA QA Contact: Dalibor Pospíšil <dapospis>
Severity: urgent Docs Contact:
Priority: high    
Version: 7.3CC: cra, dapospis, dominick.grift, dwalsh, extras-qa, jfrieben, johannbg, juliux.pigface, lnykryn, lvrabec, mgrepl, mmalik, msekleta, muadda, petersen, plautrba, pschindl, pvrabec, robatino, satellitgo, ssekidde, s, systemd-maint, zbyszek
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-3.13.1-76.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1314372 Environment:
Last Closed: 2016-11-04 02:44:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lukas Vrabec 2016-03-08 15:14:52 UTC 
+++ This bug was initially created as a clone of Bug #1314372 +++

Currently, selinux-policy-* packages don't ship %{_sysconfdir}/selinux/%1/contexts/files/file_contexts.bin. This file is created during post install phase.

It would be useful to generate this file during build time and ship it in order to prevent cases like the one with Live workstation where selinux-policy-targeted is not installed, but only unpackaged. And since there's no .bin files,
file_contexts is parsed in selabel_open().

While it's not a fix for #1308771, it could prevent similar issues in other not-yet-discovered cases and make Live images and maybe even Atomic a little bit faster.

--- Additional comment from Lukas Vrabec on 2016-03-03 10:07:21 EST ---

commit bc10e3f4a04dbf4e88c4ad8634d6137590f62f1b
Author: Lukas Vrabec <lvrabec>
Date:   Thu Mar 3 15:18:10 2016 +0100

    Build file_contexts.bin file_context.local.bin file_context.homedir.bin during build phase. This fix issue in Fedora live images when selinux-policy-targeted is not installed but just unpackaged, since there's no .bin files, file_contexts is parsed in selabel_open(). Resolves: rhbz#1314372
Comment 3 Dalibor Pospíšil 2016-09-27 12:26:15 UTC 
*** Bug 1320973 has been marked as a duplicate of this bug. ***
Comment 6 errata-xmlrpc 2016-11-04 02:44:27 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2283.html