Bug 186076

Summary: Yumex cant update packages under selinux=enforced
Product: [Fedora] Fedora Reporter: Tim Lauridsen <tim.lauridsen>
Component: selinux-policy-targetedAssignee: Russell Coker <rcoker>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 2.2.25-3.fc5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-04-04 09:21:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 186227    

Description Tim Lauridsen 2006-03-21 15:09:34 UTC 
Description of problem:

On a newly installed FC5, with selinux set to "Enforcing"
I have some problem when updating some packages with yumex.

I get some scriptlet error:

error: %pre(avahi-0.6.9-8.FC5.i386) scriptlet failed, exit status 255
error:   install: %pre scriptlet failed (2), skipping avahi-0.6.9-8.FC5
error: %pre(xorg-x11-server-Xorg-1.0.1-9.i386) scriptlet failed, exit
status 255
error:   install: %pre scriptlet failed (2), skipping
xorg-x11-server-Xorg-1.0.1-9
error: %post(tcsh-6.14-6.fc5.1.i386) scriptlet failed, exit status 255
error: %preun(avahi-0.6.9-3.i386) scriptlet failed, exit status 255 

The error occours because /usr/bin/yumex & /usr/share/yumex/yumex dont have the
rpm_exec_t attribute.

[tim@localhost ~]$ ls -Z /usr/bin/yum
-rwxr-xr-x  root     root     system_u:object_r:rpm_exec_t     /usr/bin/yum
[tim@localhost ~]$ ls -Z /usr/bin/yumex
lrwxrwxrwx  root     root     system_u:object_r:bin_t          /usr/bin/yumex ->
consolehelper
[tim@localhost ~]$ ls -Z /usr/share/yumex/yumex
-rwxr-xr-x  root     root     system_u:object_r:usr_t         
/usr/share/yumex/yumex
[tim@localhost ~]$ ls -Z /usr/sbin/pup
-rwxr-xr-x  root     root     system_u:object_r:rpm_exec_t     /usr/sbin/pup
[tim@localhost ~]$ ls -Z /usr/sbin/pup

I cant added with the following commands:

[root@localhost ~]# semanage fcontext -a -f -- -t rpm_exec_t /usr/share/yumex/yumex
[root@localhost ~]# restorecon  /usr/share/yumex/yumex 
[root@localhost ~]# semanage fcontext -a -f -l -t rpm_exec_t /usr/bin/yumex
[root@localhost ~]# restorecon  /usr/bin/yumex

but it would be nice to have yumex in the targeted-policy
Comment 1 Daniel Walsh 2006-04-03 15:53:04 UTC 
Fixed in 2.2.25-3.fc5
Comment 2 Tim Lauridsen 2006-04-04 07:20:37 UTC 
Thanks !!!!