Bug 1756252

Summary: Missing dependency of pcp-selinux package on selinux-policy-targeted package
Product: Red Hat Enterprise Linux 7 Reporter: Jan Kurik <jkurik>
Component: pcpAssignee: Nathan Scott <nathans>
Status: CLOSED ERRATA QA Contact: Jan Kurik <jkurik>
Severity: low Docs Contact:
Priority: unspecified    
Version: 7.7CC: agerstmayr, jkurik, mgoodwin, nathans, patrickm
Target Milestone: rcKeywords: Bugfix, Triaged
Target Release: 7.9   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-09-29 19:24:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1782202    

Description Jan Kurik 2019-09-27 08:21:03 UTC 
Description of problem:
When pcp is installed using kickstart, the %post stage of pcp-selinux package fails if selinux-policy-targeted package is not already installed. It fails during "semodule -i" command in "selinux-setup.sh" script with the following error message:

Failed to resolve typeattributeset statement at /etc/selinux/targeted/tmp/modules/400/pcpupstream/cil:1


Version-Release number of selected component (if applicable):
* pcp-4.3.2-6.el7.x86_64
* pcp-selinux-4.3.2-6.el7.x86_64
* selinux-policy-3.13.1-258.el7.noarch
* selinux-policy-targeted-3.13.1-258.el7.noarch


Steps to Reproduce:
1. Prepare a basic kickstart file to install RHEL-7.7
2. In the kickstart file put "pcp" line into "%packages" section
3. Install a RHEL-7.7 system using the kickstart file

Actual results:
Just after the installation the following command does not show "pcpupstream" module:

semodule -l | grep pcpupstream

Expected results:
The following command

semodule -l | grep pcpupstream

shows "pcpupstream" module.


Additional info:

This issue is caused by missing dependency of pcp-selinux package on selinux-policy-targeted package.

However the selinux-policy-targeted package is typically installed during later stages of system installations and "semodule -i /var/lib/pcp/selinux/pcpupstream.pp" or simply "yum reinstall pcp-selinux" fixes the problem after the installation.
Comment 2 Nathan Scott 2019-10-02 04:00:50 UTC 
Jan, I've committed the spec file change upstream as:

commit ad45af6efabfa2211a66e53bdcf798be643418ec (HEAD -> master)
Author: Jan Kurik <jkurik>
Date:   Wed Oct 2 13:59:42 2019 +1000

    build: add runtime rpm dep on selinux-policy-targeted
    
    When pcp is installed using kickstart, the %post stage of pcp-selinux
    package fails if selinux-policy-targeted package is not already
    installed. It fails during "semodule -i" command in "selinux-setup.sh"
    script with the following error message:
    Failed to resolve typeattributeset statement at /etc/selinux/targeted/tmp/modules/400/pcpupstream/cil:1
    
    This issue is caused by missing dependency of pcp-selinux package on
    selinux-policy-targeted package.
    
    Running either "semodule -i /var/lib/pcp/selinux/pcpupstream.pp" or
    "yum reinstall pcp-selinux" fixes the problem after an installation.
    
    This resolves Red Hat bugzilla #1756252.
Comment 3 Jan Kurik 2019-10-02 07:12:54 UTC 
Thanks Nathan. I will wait until it lands into RHEL and then I am going to verify it.
Comment 7 errata-xmlrpc 2020-09-29 19:24:55 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Low: pcp security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:3869