Red Hat Bugzilla – Bug 1008742
http://fedoraproject.org/wiki/FedUp missing selinux info
Last modified: 2014-01-07 02:34:52 EST
Description of problem:
One of the pieces that can potentially get messed up after a fedup upgrade is selinux... specifically old modules (not custom, but from a previous install) still hanging around. Which will cause selinux errors to be printed out during upgrades of the selinux-policy-targeted module.
Version-Release number of selected component (if applicable):
unclear what goes wrong during the upgrade to cause this to happen.
Steps to Reproduce:
1. Install fedora 17
2. Run fedup to 19
tribute entropyd_var_run_t (No such file or directory)
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory)
No errors :)
After a lot of googling, I came to some old bugzillas such as 511067, which led me to find that after running fedup to f19, I had old selinux targeted policy modules still left over from f17 (and possibly older). For whatever reason, the postinstall script of fedup did not remove the older modules (does fedup run postinstall or require postupgrades -- which would mean the selinux-policy-targeted rpm needs to be fixed -- ).
The solution was quite simple, following what was in the referenced bugzilla:
> #setenforce 0
> #mv /etc/selinux/targeted /etc/selinux/targeted.old
mkdir -p /etc/selinux/targeted # added by me, since without this, the rpm would complain that it could not touch /etc/selinux/targeted/.rebuild -- no such file or directory /etc/selinux/targeted
> #yum reinstall selinux-policy-targeted
> #restorecon -R -v /etc/selinux
> #setenforce 1
Documenting this on the wiki page would be useful in case others run into it.
Fedup documentation is in the Installation Guide, and there is an open bug requesting better coverage of SELinux issues encountered with Fedup; I'm marking this as a duplicate of that bug, because broadly, you're asking for better documentation of Selinux issues encountered with fedup..
The wiki is a wiki. You can edit it.
*** This bug has been marked as a duplicate of bug 1044541 ***