Bug 1570829

Summary: ovirt-vmconsole must require selinux-policy-targeted in post section
Product: [oVirt] ovirt-vmconsole Reporter: Sandro Bonazzola <sbonazzo>
Component: Packaging.rpmAssignee: Francesco Romani <fromani>
Status: CLOSED CURRENTRELEASE QA Contact: Nikolai Sednev <nsednev>
Severity: high Docs Contact:
Priority: unspecified    
Version: masterCC: bugs, fromani, michal.skrivanek, sbonazzo
Target Milestone: ovirt-4.2.3Keywords: Triaged
Target Release: ---Flags: rule-engine: ovirt-4.2+
rule-engine: exception+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-05-10 06:33:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Virt RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sandro Bonazzola 2018-04-23 13:22:55 UTC 
ovirt-vmconsole uses semanage in %post section and requires libselinux-utils in %post but requires selinux-policy-targeted only at runtime.

This allow to install ovirt-vmconsole before selinux-policy-targeted while building the engine appliance with anaconda as reported in https://bugzilla.redhat.com/show_bug.cgi?id=1563737#c12.


07:01:38,622 INFO packaging: ovirt-vmconsole-1.0.4-1.el7ev.noarch (821/996)
07:01:38,623 INFO packaging: Failed to resolve booleanif statement at /etc/selinux/targeted/tmp/modules/400/ovirt_vmconsole/cil:588
07:01:38,623 INFO packaging: semodule:  Failed!
07:01:38,623 INFO packaging: ovirt-vmconsole-proxy-1.0.4-1.el7ev.noarch (822/996)
07:01:38,624 INFO packaging: Traceback (most recent call last):
07:01:38,624 INFO packaging:   File "/sbin/semanage", line 32, in <module>
07:01:38,624 INFO packaging:     import seobject
07:01:38,625 INFO packaging:   File "/usr/lib64/python2.7/site-packages/seobject/__init__.py", line 36, in <module>
07:01:38,625 INFO packaging:     import sepolicy
07:01:38,626 INFO packaging:   File "/usr/lib64/python2.7/site-packages/sepolicy/__init__.py", line 921, in <module>
07:01:38,626 INFO packaging:     raise e
07:01:38,626 INFO packaging: ValueError: No SELinux Policy installed

Workaround is available in https://bugzilla.redhat.com/show_bug.cgi?id=1563737#c11 so not marking this bug as blocker but marking it as exception for 4.2.3.
Comment 1 Nikolai Sednev 2018-04-23 14:01:41 UTC 
Please provide reproduction steps.
Comment 2 Francesco Romani 2018-04-23 14:28:12 UTC 
will be fixed by Id71c0a22b2bac8714743a2272616b76dff3d8490 and ovirt-vmconsole 1.0.5-1. Tag ready. I just need to make the packages.
Comment 3 Sandro Bonazzola 2018-04-24 15:32:26 UTC 
(In reply to Nikolai Sednev from comment #1)
> Please provide reproduction steps.

This is reproducible by building the RHV-M Appliance and checking the building logs. Effects of the bug are explained in bug #1563737
Comment 7 Michal Skrivanek 2018-04-25 13:26:22 UTC 
in 4.2.3rc3 as https://github.com/oVirt/releng-tools/commit/f5bf96921e0620bc7d4991b0ba87d35b9d200e6d
Comment 9 Nikolai Sednev 2018-05-01 12:47:18 UTC 
Regular Node 0 deployment works for me on these components:
ovirt-engine-4.2.3.3-0.1.el7.noarch
rhvm-appliance-4.2-20180427.0.el7.noarch
ovirt-hosted-engine-setup-2.2.19-1.el7ev.noarch
ovirt-hosted-engine-ha-2.2.11-1.el7ev.noarch
Linux 3.10.0-862.el7.x86_64 #1 SMP Wed Mar 21 18:14:51 EDT 2018 x86_64 x86_64 x86_64 GNU/Linux
Red Hat Enterprise Linux Server release 7.5 (Maipo)

Moving to verified, please reopen if you still see this issue.
Comment 10 Sandro Bonazzola 2018-05-10 06:33:55 UTC 
This bugzilla is included in oVirt 4.2.3 release, published on May 4th 2018.

Since the problem described in this bug report should be
resolved in oVirt 4.2.3 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.