Bug 1403843 (remove_gear)

Summary: Installing container-selinux-1.12.3-10.el7.x86_64 produces errors
Product: Red Hat Enterprise Linux 7 Reporter: Jan Pazdziora (Red Hat) <jpazdziora>
Component: dockerAssignee: Lokesh Mandvekar <lsm5>
Status: CLOSED ERRATA QA Contact: atomic-bugs <atomic-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.3CC: amurdaca, dwalsh, jpazdziora, lsm5, lsu, peter
Target Milestone: rcKeywords: Extras, Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: docker-1.12.4-1.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-01-17 20:44:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Lokesh I added this patch to a different bug, but this will fix the SELinux issues. none

Description Jan Pazdziora (Red Hat) 2016-12-12 13:35:37 UTC 
Description of problem:

Attempt to install docker-1.12.3-10.el7.x86_64 and its dependency container-selinuc produce error.

Version-Release number of selected component (if applicable):

docker-1.12.3-10.el7.x86_64
container-selinux-1.12.3-10.el7.x86_64

How reproducible:

Seen once, assume deterministic.

Steps to Reproduce:
1. Have RHEL-7.3 GA system.
2. Enable latest Extras repo.
3. yum install -y docker

Actual results:

Running transaction
  Installing : libsemanage-python-2.5-4.el7.x86_64                      1/16 
  Installing : setools-libs-3.3.8-1.1.el7.x86_64                        2/16 
  Installing : 2:docker-common-1.12.3-10.el7.x86_64                     3/16 
  Installing : 1:oci-register-machine-0-1.10.gitfcdbff0.el7.x86_64      4/16 
  Installing : yajl-2.0.4-4.el7.x86_64                                  5/16 
  Installing : 1:oci-systemd-hook-0.1.4-7.gita9c551a.el7.x86_64         6/16 
  Installing : libcgroup-0.41-11.el7.x86_64                             7/16 
  Installing : python-IPy-0.75-6.el7.noarch                             8/16 
  Installing : audit-libs-python-2.6.5-3.el7.x86_64                     9/16 
  Installing : 1:skopeo-containers-0.1.17-0.7.git1f655f3.el7.x86_64    10/16 
  Installing : checkpolicy-2.5-4.el7.x86_64                            11/16 
  Installing : policycoreutils-python-2.5-8.el7.x86_64                 12/16 
  Installing : 2:container-selinux-1.12.3-10.el7.x86_64                13/16 
libsemanage.semanage_direct_remove_key: Unable to remove module docker at priority 200. (No such file or directory).
libsemanage.semanage_direct_remove_key: Unable to remove module docker at priority 400. (No such file or directory).
/etc/selinux/final/targeted/contexts/files/file_contexts: Multiple different specifications for /var/lib/containers(/.*)?  (system_u:object_r:gear_var_lib_t:s0 and system_u:object_r:container_var_lib_t:s0).
/etc/selinux/final/targeted/contexts/files/file_contexts: Invalid argument
libsemanage.semanage_validate_and_compile_fcontexts: setfiles returned error code 1.
/usr/sbin/semodule:  Failed!
  Installing : 2:docker-rhel-push-plugin-1.12.3-10.el7.x86_64          14/16 
  Installing : libseccomp-2.3.1-2.el7.x86_64                           15/16 
  Installing : 2:docker-1.12.3-10.el7.x86_64                           16/16 
warning: /etc/sysconfig/docker-storage-setup created as /etc/sysconfig/docker-storage-setup.rpmnew

Expected results:

No errors, no warnings.

Additional info:
Comment 1 Jan Pazdziora (Red Hat) 2016-12-12 13:40:22 UTC 
That "Unable to remove" was present with container-selinux-1.10.3-59 as well:

  Installing : 2:container-selinux-1.10.3-59.el7.x86_64                13/17 
libsemanage.semanage_direct_remove_key: Unable to remove module docker at priority 200. (No such file or directory).
libsemanage.semanage_direct_remove_key: Unable to remove module docker at priority 400. (No such file or directory).
  Installing : libseccomp-2.3.1-2.el7.x86_64                           14/17 

But the "Multiple different" message is new, hence marking as Regression.
Comment 2 Daniel Walsh 2016-12-12 14:27:48 UTC 
Created attachment 1230803 [details]
Lokesh I added this patch to a different bug, but this will fix the SELinux issues.
Comment 3 Lokesh Mandvekar 2016-12-12 18:29:18 UTC 
Dan, I think the change in %post is missing a '-X 100' before the first '-d gear', could you please double check?
Comment 7 Luwen Su 2017-01-10 03:09:52 UTC 
Installing of container-selinux-1.12.5-9.el7.x86_64 works well , move to verified
Comment 9 errata-xmlrpc 2017-01-17 20:44:38 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2017-0116.html