| Summary: | Transaction failed during xguest installation (errore: scriptlet) | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Antonio T. (sagitter) <anto.trande> | ||||
| Component: | xguest | Assignee: | Daniel Walsh <dwalsh> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 16 | CC: | anto.trande, araruna, chad.schroeder, dwalsh, kelk1, luya, mgrepl, sgrubb | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2012-01-03 15:46:43 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
|
Description
Antonio T. (sagitter)
2011-10-29 10:12:44 UTC
rpm -q selinux-policy-targeted Sorry, i forget an important thing. rpm -q selinux-policy-targeted selinux-policy-targeted-3.10.0-46.fc16.noarch semanage user -a -S targeted -P xguest -R xguest_r xguest_u 2> /dev/null || : mkdir -p /var/lib/xguest (useradd -c "Guest" -Z xguest_u -d /var/lib/xguest/home xguest || semanage login -a -S targeted -s xguest_u xguest || semanage login -m -S targeted -s xguest_u xguest) 2>/dev/null || exit 1 echo "xguest:exclusive" >> /etc/security/sepermit.conf semanage -S targeted -i - << _EOF boolean -m --on allow_polyinstantiation boolean -m --on xguest_connect_network boolean -m --on xguest_mount_media boolean -m --on xguest_use_bluetooth _EOF THis is what the pre install attempts to do. Any idea what is failing? I think of yes. I'm trying to configure a special user account (with xguest) that has a very limited options in graphic mode: - No Reboot/Shutdown commands - He can use network - He can use only Firefox Setting all by Gsettings Configuration Tool. Same bug occurred by attempting to install xguest. Following the instruction from setroubleshoot: # semanage fcontext -a -t user_home_dir_t 'xguest' # restorecon -v 'xguest' did not resolve the issue. Here is the detailed report: SELinux is preventing /usr/sbin/useradd from write access on the directory xguest. Plugin: catchall_labels you want to allow useradd to have write access on the xguest directoryIf you want to allow useradd to have write access on the xguest directory You need to change the label on xguest # semanage fcontext -a -t FILE_TYPE 'xguest' where FILE_TYPE is one of the following: user_home_dir_t, httpd_user_content_type, mail_spool_t, etc_t, httpd_user_script_exec_type, user_home_type, pcscd_var_run_t, home_root_t. Then execute: restorecon -v 'xguest' It looks like the current policy prevent useradd binary to write access to xguest. Please attach your AVC messages? *** Bug 754883 has been marked as a duplicate of this bug. *** ABRT did not properly detect this report. Message included on #754883. (In reply to comment #3) > semanage -S targeted -i - << _EOF > boolean -m --on allow_polyinstantiation > boolean -m --on xguest_connect_network > boolean -m --on xguest_mount_media > boolean -m --on xguest_use_bluetooth > _EOF > > > THis is what the pre install attempts to do. Any idea what is failing? > For me, the three xguest booleans are set properly, but I cannot modify allow_polyinstantiation: # getsebool allow_polyinstantiation allow_polyinstantiation --> off # setsebool -P allow_polyinstantiation 1 Could not change policy booleans (In reply to comment #0) > Description of problem: > Installing xguest rpm both by yum and by rpm, transaction fails with error: > > Error in PREIN scriptlet in rpm package xguest-1.0.10-1.fc16.noarch > errore: scriptlet %pre(xguest-1.0.10-1.fc16.noarch) fallita, uscita con stato 1 > > Version-Release number of selected component (if applicable): > xguest-1.0.10-1.fc16 > > How reproducible: > Always during installation > > Steps to Reproduce: > 1. yum install xguest-*.rpm > > 2. yum localinstall http:// ... xguest-*.rpm > > 3. rpm -Uvh xguest-*.rpm > I've just installed xguest. To login with Guest i relabeled whole system. # setenforce 0 # yum install xguest # setenforce 1 Set relabeling at next boot. Guest login works now but appears flickers in Gnome-shell (xsession-errors in attachment). Created attachment 537911 [details]
xsession-errors of Guest login with Gnome-shell
I updated my local xguest spec file, as follows, to get it to work:
%install
rm -rf %{buildroot}
mkdir -p %{buildroot}/var/lib/xguest/home
install -Dpm 0644 xguest.conf \
%{buildroot}/%{_sysconfdir}/security/namespace.d/xguest.conf
%pre
if [ $1 -eq 1 ]; then
mkdir -p /var/lib/xguest/home
semanage user -a -S targeted -P xguest -R xguest_r xguest_u 2>/dev/null || :
chcon -R --user=xguest_u --role=object_r --type=user_home_dir_t /var/lib/xguest/home 2>/dev/null || :
useradd -c "Guest" -Z xguest_u -d /var/lib/xguest/home xguest 2>/dev/null || exit 1
restorecon -F -R /var/lib/xguest 2>/dev/null || :
<snip>
fi
Permissions/contexts (on fc16):
# ls -lZd /var/lib/xguest
drwxr-xr-x. root root system_u:object_r:var_lib_t:s0 /var/lib/xguest
# ls -lZd /var/lib/xguest/home
drwx------. xguest xguest xguest_u:object_r:user_home_dir_t:s0 /var/lib/xguest/home
# ls -lZd /home
drwxr-xr-x. root root system_u:object_r:home_root_t:s0 /home
# ls -lZd /home/test
drwx------. test test unconfined_u:object_r:user_home_dir_t:s0 /home/test
Permissions/contexts (on fc15):
# ls -lZd /home
drwxr-xr-x. root root system_u:object_r:home_root_t:s0 /home
# ls -lZd /home/xguest
drwx------. xguest xguest xguest_u:object_r:user_home_dir_t:s0 /home/xguest
# ls -lZd /home/test
drwx------. test test unconfined_u:object_r:user_home_dir_t:s0 /home/test
Have you tried xguest-1.0.10-2.fc16 Yes, just did and it worked. %post was the trick. Thanks Dan. |