Bug 2041262
| Summary: | system_u:object_r:ipa_var_run_t:s0 for /run/ipa: Invalid argument | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | lejeczek <peljasz> |
| Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> |
| Status: | CLOSED DUPLICATE | QA Contact: | Milos Malik <mmalik> |
| Severity: | urgent | Docs Contact: | |
| Priority: | high | ||
| Version: | CentOS Stream | CC: | bstinson, jwboyer, lvrabec, mmalik, ssekidde |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | --- | Flags: | pm-rhel:
mirror+
|
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | No Doc Update | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-01-21 14:54:22 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Hmm. this?: -> $ rpm -iv --force ipa-selinux-4.9.8-1.el9.noarch.rpm Verifying packages... Preparing packages... ipa-selinux-4.9.8-1.el9.noarch Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/400/openvswitch-custom/cil:74 Failed to resolve AST /usr/sbin/semodule: Failed! uavc: op=load_policy lsm=selinux seqno=3 res=1 but, is it good that SELinux allows such "race hazard"... hmm. "work-around": -> $ dnf remove openvswitch I am afraid this is an unfortunate result of removing the lockdown class in RHEL 9. It should only be a temporary issue until openvswitch-selinux-extra-policy is updated. Disabling the module could possibly help, too: # semodule -d openvswitch-custom *** This bug has been marked as a duplicate of bug 2042911 *** |
Description of problem: latest update(s): selinux-policy-34.1.22-1.el9.noarch brake freeIPA -> $ systemctl status -l systemd-tmpfiles-setup | cat ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories Loaded: loaded (/usr/lib/systemd/system/systemd-tmpfiles-setup.service; static) Active: active (exited) since Sun 2022-01-16 20:44:37 GMT; 13min ago Docs: man:tmpfiles.d(5) man:systemd-tmpfiles(8) Process: 2581 ExecStart=systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=73) Main PID: 2581 (code=exited, status=73) CPU: 34ms Jan 16 20:44:37 swir.mine.private systemd[1]: Starting Create Volatile Files and Directories... Jan 16 20:44:37 swir.mine.private systemd-tmpfiles[2581]: Failed to set SELinux security context system_u:object_r:ipa_var_run_t:s0 for /run/ipa: Invalid argument Jan 16 20:44:37 swir.mine.private systemd-tmpfiles[2581]: Failed to create directory or subvolume "/run/ipa": Invalid argument Jan 16 20:44:37 swir.mine.private systemd-tmpfiles[2581]: Failed to set SELinux security context system_u:object_r:ipa_var_run_t:s0 for /run/ipa: Invalid argument Jan 16 20:44:37 swir.mine.private systemd-tmpfiles[2581]: Failed to validate path /run/ipa/ccaches: No such file or directory Jan 16 20:44:37 swir.mine.private systemd[1]: Finished Create Volatile Files and Directories. -> $ systemctl status -l ipa | cat × ipa.service - Identity, Policy, Audit Loaded: loaded (/usr/lib/systemd/system/ipa.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Sun 2022-01-16 20:44:46 GMT; 16min ago Process: 2900 ExecStart=/usr/sbin/ipactl start (code=exited, status=1/FAILURE) Main PID: 2900 (code=exited, status=1/FAILURE) CPU: 1.823s Jan 16 20:44:38 swir.mine.private systemd[1]: Starting Identity, Policy, Audit... Jan 16 20:44:46 swir.mine.private ipactl[2900]: Failed to start Directory Service: [Errno 2] No such file or directory: '/run/ipa/services.list' Jan 16 20:44:46 swir.mine.private ipactl[2900]: Starting Directory Service Jan 16 20:44:46 swir.mine.private systemd[1]: ipa.service: Main process exited, code=exited, status=1/FAILURE Jan 16 20:44:46 swir.mine.private systemd[1]: ipa.service: Failed with result 'exit-code'. Jan 16 20:44:46 swir.mine.private systemd[1]: Failed to start Identity, Policy, Audit. Jan 16 20:44:46 swir.mine.private systemd[1]: ipa.service: Consumed 1.823s CPU time. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: