Bug 1756835

Summary: Error "Unable to read ceph module lang ext file" during multiple RPM installs
Product: [Fedora] Fedora Reporter: Paul DeStefano <prd-fedora>
Component: libsemanageAssignee: Petr Lautrbach <plautrba>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 30CC: dwalsh, mgrepl, plautrba, vmojzis
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-10-07 10:36:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Paul DeStefano 2019-09-30 04:20:08 UTC 
Description of problem:
I've been seeing things like this for a while on dnf upgrade:

  Running scriptlet: selinux-policy-3.14.3-46.fc30.noarch   14/374
libsemanage.semanage_direct_get_module_info: Unable to read ceph module lang ext file.
semodule:  Failed!

and

  Running scriptlet: flatpak-selinux-1.4.3-1.fc30.x86_64     38/374
libsemanage.semanage_direct_get_module_info: Unable to read ceph module lang ext file.
libsemanage.semanage_direct_get_module_info: Unable to read ceph module lang ext file.
libsemanage.semanage_direct_get_module_info: Unable to read ceph module lang ext file.
/usr/sbin/semodule:  Failed on /usr/share/selinux/packages/flatpak.pp.bz2!


Version-Release number of selected component (if applicable):
libsemanage-2.9-1.fc30.x86_64

How reproducible:
Happens on a couple RPMs each week during dnf upgrade.

Steps to Reproduce:
1. dnf upgrade


Additional info:
recently had some problems with selinux producing large numbers of AVCs, possibly due to hardware issues messing up the installed policy.  After recent policy update, very few AVCs are left, but I wonder if there may still be issues with some policies.

Are these errors during RPM update something to be worried about? Is this normal?
Comment 1 Petr Lautrbach 2019-09-30 07:18:45 UTC 
It looks like your SELinux module store is broken due to some hw/fs issues.

Most likely you have a directory /var/lib/selinux/targeted/active/modules/400/ceph with empty files. If this is the only problem, you should be able to fix it using the following commands:

# dnf reinstall ceph-selinux

or manually using:

# mv /var/lib/selinux/targeted/active/modules/400/ceph /root/backup/ceph-module

# semodule -i /usr/share/selinux/packages/ceph.pp
Comment 2 Paul DeStefano 2019-10-01 04:49:20 UTC 
Thanks Petr.  Here's what I get...

Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                     1/1 
  Reinstalling     : ceph-selinux-2:14.2.3-1.fc30.x86_64                                                                                                                                 1/2 
  Running scriptlet: ceph-selinux-2:14.2.3-1.fc30.x86_64                                                                                                                                 1/2 
libsemanage.semanage_direct_get_module_info: Unable to read ceph module lang ext file.
libsemanage.semanage_direct_get_module_info: Unable to read pcpupstream module lang ext file. (No such file or directory).
libsemanage.semanage_direct_get_module_info: Unable to read pcpupstream module lang ext file. (No such file or directory).
/usr/sbin/semodule:  Failed on /usr/share/selinux/packages/ceph.pp!

  Cleanup          : ceph-selinux-2:14.2.3-1.fc30.x86_64                                                                                                                                 2/2 
  Running scriptlet: ceph-selinux-2:14.2.3-1.fc30.x86_64                                                                                                                                 2/2 
  Verifying        : ceph-selinux-2:14.2.3-1.fc30.x86_64                                                                                                                                 1/2 
  Verifying        : ceph-selinux-2:14.2.3-1.fc30.x86_64                                                                                                                                 2/2 

Reinstalled:
  ceph-selinux-2:14.2.3-1.fc30.x86_64                                                                                                                                                        

Complete!
Comment 3 Paul DeStefano 2019-10-07 04:17:57 UTC 
Okay, you were right, the active ceph stuff was empty, so I moved that directory to a backup location.  But, when I tried to semanage install it, again, from /usr/share/... it failed complaining about pcpupstream module.

libsemanage.semanage_direct_get_module_info: Unable to read pcpupstream module lang ext file.
libsemanage.semanage_direct_get_module_info: Unable to read pcpupstream module lang ext file. (No such file or directory).
libsemanage.semanage_direct_get_module_info: Unable to read pcpupstream module lang ext file. (No such file or directory).

I'm not sure what to do.
Comment 4 Petr Lautrbach 2019-10-07 10:36:01 UTC 
Apparently there's a bunch of problems. The simplest way would be to reinstall selinux-policy-targeted:

# dnf reinstall selinux-policy-targeted

or 

# mv /var/lib/selinux/targeted /root/targeted.backup

# dnf reinstall selinux-policy-targeted

and you might want to install modules - .pp or .pp.bz2 - from /usr/share/selinux/packages

Anyway, this is clearly a broken system problem and not a bug.