DescriptionDominic P Geevarghese
2017-09-29 07:14:05 UTC
Description of problem:
freeipa-server-4.6.1-1.fc28 installation failed on latest Rawhide.
Version-Release number of selected component (if applicable):
freeipa-server-4.6.1-1.fc28
Fedora-Server-dvd-x86_64-Rawhide-20170928.n.1.iso
Steps to Reproduce:
Install freeipa server
Actual results:
dnf install of freeipa-server package failed with
groupadd: cannot open /etc/gshadow
useradd: group 'kdcproxy' does not exist
groupadd: cannot open /etc/gshadow
useradd: group 'ipaapi' does not exist
id: ‘apache’: no such user
usermod: group 'ipaapi' does not exist
error: %prein(freeipa-server-4.6.1-1.fc28.x86_64) scriptlet failed, exit status 6
error: freeipa-server-4.6.1-1.fc28.x86_64: install failed
Thanks,
Dominic Geevarghese
Comment 1Alexander Bokovoy
2017-09-29 07:20:38 UTC
There seems to be an issue with groupadd. I don't think a leaf package like freeipa-server is the cause of it, though. It needs to be investigated as part of shadow-utils (groupadd is part of shadow-utils).
Comment 2Alexander Bokovoy
2017-09-29 07:22:12 UTC
Moving to shadow-utils.
Comment 3Dominic P Geevarghese
2017-09-29 08:57:32 UTC
Created attachment 1332300[details]
selinux-debug-audit.log
that's right. I left machine for freeipa installation and when returned, noticed just the last error reported by freeipa.sorry guys. checked again and it turned out 'selinux' is not happy.
type=AVC msg=audit(1506675060.957:227): avc: denied { dac_override } for pid=1114 comm="groupadd" capability=1 scontext=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 tclass=capability permissive=0
attached audit.log for review.