Bug 986937

Summary: semanage error when installing selinux-policy-minimum
Product: Red Hat Enterprise Linux 7 Reporter: Michal Trunecka <mtruneck>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED CURRENTRELEASE QA Contact: Milos Malik <mmalik>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: ebenes, mmalik, mtruneck
Target Milestone: rcKeywords: Regression, Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-3.12.1-116.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 10:22:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michal Trunecka 2013-07-22 13:07:28 UTC 
Description of problem:

When updating selinux-policy packages I encountered following error:

  Installing : selinux-policy-minimum-3.12.1-65.el7.noarch              4/11 
semanage: error: argument subcommand: invalid choice: 'minimum' (choose from 'import', 'export', 'login', 'user', 'port', 'interface', 'module', 'node', 'fcontext', 'boolean', 'permissive', 'dontaudit')
usage: semanage [-h]
                
                {import,export,login,user,port,interface,module,node,fcontext,boolean,permissive,dontaudit}
                ...


Version-Release number of selected component (if applicable):
selinux-policy-minimum-3.12.1-65.el7.noarch 

How reproducible:
always
Comment 1 Miroslav Grepl 2013-07-30 12:45:59 UTC 
# rpm -q policycoreutils
Comment 2 Milos Malik 2013-08-14 13:03:46 UTC 
# rpm -qa | grep -e policycoreutils -e selinux-policy | sort
policycoreutils-2.1.14-74.el7.x86_64
policycoreutils-devel-2.1.14-74.el7.x86_64
policycoreutils-newrole-2.1.14-74.el7.x86_64
policycoreutils-python-2.1.14-74.el7.x86_64
selinux-policy-3.12.1-70.el7.noarch
selinux-policy-devel-3.12.1-70.el7.noarch
selinux-policy-doc-3.12.1-70.el7.noarch
selinux-policy-minimum-3.12.1-70.el7.noarch
selinux-policy-mls-3.12.1-70.el7.noarch
selinux-policy-targeted-3.12.1-70.el7.noarch
# rpm -e selinux-policy-minimum
# yum install selinux-policy-minimum
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Resolving Dependencies
--> Running transaction check
---> Package selinux-policy-minimum.noarch 0:3.12.1-70.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================================
 Package                       Arch          Version                 Repository            Size
================================================================================================
Installing:
 selinux-policy-minimum        noarch        3.12.1-70.el7           beaker-Server        3.9 M

Transaction Summary
================================================================================================
Install  1 Package

Total download size: 3.9 M
Installed size: 12 M
Is this ok [y/d/N]: y
Downloading packages:
selinux-policy-minimum-3.12.1-70.el7.noarch.rpm                          | 3.9 MB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
  Installing : selinux-policy-minimum-3.12.1-70.el7.noarch                                  1/1 
semanage: error: argument subcommand: invalid choice: 'minimum' (choose from 'import', 'export', 'login', 'user', 'port', 'interface', 'module', 'node', 'fcontext', 'boolean', 'permissive', 'dontaudit')
usage: semanage [-h]
                
                {import,export,login,user,port,interface,module,node,fcontext,boolean,permissive,dontaudit}
                ...
  Verifying  : selinux-policy-minimum-3.12.1-70.el7.noarch                                  1/1 

Installed:
  selinux-policy-minimum.noarch 0:3.12.1-70.el7                                                 

Complete!
#

The problem is in the postinstall scriptlet. Any of following commands produces an error:

# /usr/sbin/semanage -S minimum -i -
# /usr/sbin/semanage -S mls -i -
# /usr/sbin/semanage -S targeted -i -
Comment 3 Miroslav Grepl 2013-08-20 13:51:39 UTC 
Ok, you are right. I see a bug.
Comment 9 Daniel Walsh 2014-01-02 19:20:52 UTC 
70c60d82d021d5b5c954a8540b5ea33a57f6db38 fixes this in selinux-policy.spec.

diff --git a/selinux-policy.spec b/selinux-policy.spec
index 7de6797..c54c84c 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -518,7 +518,7 @@ done
 for p in $basepackages apache.pp dbus.pp inetd.pp kerberos.pp mta.pp nis.pp; do
        rm -f /etc/selinux/minimum/modules/active/modules/$p.disabled
 done
-/usr/sbin/semanage -S minimum -i - << __eof
+/usr/sbin/semanage import -S minimum -f - << __eof
 login -m  -s unconfined_u -r s0-s0:c0.c1023 __default__
 login -m  -s unconfined_u -r s0-s0:c0.c1023 root
 __eof
Comment 10 Miroslav Grepl 2014-01-06 12:30:13 UTC 
Will be a part of the next policy build.
Comment 13 Ludek Smid 2014-06-13 10:22:53 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.