Bug 2082547
| Summary: | selinux-policy-targeted post install script fails when NetworkManager is not installed | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Matthew Gyurgyik <matthew> |
| Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | medium | ||
| Version: | 36 | CC: | dwalsh, grepl.miroslav, lvrabec, mmalik, omosnace, pkoncity, ppisar, ppywlkiqletw, scott.robinson55, vmojzis, zpytela |
| Target Milestone: | --- | Keywords: | Reopened, Triaged |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | selinux-policy-36.9-1.fc36 selinux-policy-36.13-3.fc36 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-08-05 01:34:23 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Matthew Gyurgyik
2022-05-06 12:02:50 UTC
Matthew, Apart from the displayed error message, does also any other problem appear? Adding the -i switch to restorecon should address this issue, will be a part of the next build. No other problems, the update completed successfully beside the above errors. The restorecon command is the last command in the post install script, so the "failure" shouldn't be impactful. Adding the -i switch seems reasonable. Just for good measure, here is the about of restorecon with -i on my system. [root@ink ~]# /usr/sbin/restorecon -Ri /usr/lib/sysimage/rpm /var/lib/rpm /etc/NetworkManager/dispatcher.d; echo $? 0 Thanks for confirmation. This problem causes a F36 kickstart installation to halt, when NetworkManager is not included. The build is on the way: https://src.fedoraproject.org/rpms/selinux-policy/pull-request/282 FEDORA-2022-148223ef3b has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-148223ef3b FEDORA-2022-148223ef3b has been pushed to the Fedora 36 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-148223ef3b` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-148223ef3b See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. The update in testing still halts a kickstart install. packaging.log reports a return code of 255.
I tried the following with success:
%{_sbindir}/restorecon -R /usr/lib/sysimage/rpm /var/lib/rpm
if [ -d /etc/NetworkManager/dispatcher.d ]; then
%{_sbindir}/restorecon -R /etc/NetworkManager/dispatcher.d
fi
I don't have a fedora account, so couldn't report in the feedback page.
FEDORA-2022-148223ef3b has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report. Latest result of update selinux-policy: Running transaction Running scriptlet: selinux-policy-targeted-36.9-1.fc36.noarch 1/1 Preparing : 1/1 Upgrading : selinux-policy-36.9-1.fc36.noarch 1/4 Running scriptlet: selinux-policy-36.9-1.fc36.noarch 1/4 Running scriptlet: selinux-policy-targeted-36.9-1.fc36.noarch 2/4 Upgrading : selinux-policy-targeted-36.9-1.fc36.noarch 2/4 Running scriptlet: selinux-policy-targeted-36.9-1.fc36.noarch 2/4 Running scriptlet: selinux-policy-36.8-2.fc36.noarch 3/4 Cleanup : selinux-policy-36.8-2.fc36.noarch 3/4 Running scriptlet: selinux-policy-36.8-2.fc36.noarch 3/4 Cleanup : selinux-policy-targeted-36.8-2.fc36.noarch 4/4 Running scriptlet: selinux-policy-targeted-36.8-2.fc36.noarch 4/4 Running scriptlet: selinux-policy-targeted-36.9-1.fc36.noarch 4/4 /usr/sbin/restorecon: SELinux: Could not get canonical path for /etc/NetworkManager/dispatcher.d restorecon: No such file or directory. warning: %posttrans(selinux-policy-targeted-36.9-1.fc36.noarch) scriptlet failed, exit status 255 Error in POSTTRANS scriptlet in rpm package selinux-policy-targeted Running scriptlet: selinux-policy-targeted-36.8-2.fc36.noarch 4/4 Verifying : selinux-policy-36.9-1.fc36.noarch 1/4 Verifying : selinux-policy-36.8-2.fc36.noarch 2/4 Verifying : selinux-policy-targeted-36.9-1.fc36.noarch 3/4 Verifying : selinux-policy-targeted-36.8-2.fc36.noarch 4/4 Even whith the -i option we get an error. # /usr/sbin/restorecon -Ri /usr/lib/sysimage/rpm /var/lib/rpm /etc/NetworkManager/dispatcher.d /usr/sbin/restorecon: SELinux: Could not get canonical path for /etc/NetworkManager/dispatcher.d restorecon: No such file or directory. FEDORA-2022-fd22b79a84 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-fd22b79a84 FEDORA-2022-fd22b79a84 has been pushed to the Fedora 36 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-fd22b79a84` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-fd22b79a84 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2022-320775eb9a has been pushed to the Fedora 36 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-320775eb9a` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-320775eb9a See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2022-139ec288ca has been pushed to the Fedora 36 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-139ec288ca` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-139ec288ca See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2022-139ec288ca has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report. You still get the error if /etc/NetworkManager does not exist -- even with the -i option Cleanup : selinux-policy-targeted-36.14-1.fc36.noarch 6/6 Running scriptlet: selinux-policy-targeted-36.14-1.fc36.noarch 6/6 /usr/sbin/restorecon: SELinux: Could not get canonical path for /etc/NetworkManager/dispatcher.d restorecon: No such file or directory. warning: %posttrans(selinux-policy-targeted-36.14-1.fc36.noarch) scriptlet failed, exit status 255 Error in POSTTRANS scriptlet in rpm package selinux-policy-targeted If /etc/NetworkManager exist, even if empty, you don't get an error. At least add "|| :" at the end of the command to make it nom-fatal. (In reply to Villy Kruse from comment #16) > You still get the error if /etc/NetworkManager does not exist -- even with > the -i option > > Cleanup : selinux-policy-targeted-36.14-1.fc36.noarch > 6/6 > Running scriptlet: selinux-policy-targeted-36.14-1.fc36.noarch > 6/6 > /usr/sbin/restorecon: SELinux: Could not get canonical path for > /etc/NetworkManager/dispatcher.d restorecon: No such file or directory. > warning: %posttrans(selinux-policy-targeted-36.14-1.fc36.noarch) scriptlet > failed, exit status 255 > > Error in POSTTRANS scriptlet in rpm package selinux-policy-targeted > > If /etc/NetworkManager exist, even if empty, you don't get an error. > > At least add "|| :" at the end of the command to make it nom-fatal. My bad, it should have been gone completely and the change got lost somehow, sorry for that. (In reply to Zdenek Pytela from comment #17) > My bad, it should have been gone completely and the change got lost somehow, > sorry for that. Branch rawhide looks good execpt for %posttrans minimum and %posttrans mls *** Bug 2093594 has been marked as a duplicate of this bug. *** |