Bug 1115382
| Summary: | avc denial having updated qpid-cpp-server | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Retired] Pulp | Reporter: | mkovacik | ||||
| Component: | z_other | Assignee: | pulp-bugs | ||||
| Status: | CLOSED NOTABUG | QA Contact: | pulp-qe-list | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 2.4 Beta | CC: | mhrivnak | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | |||||||
| : | 1115540 (view as bug list) | Environment: | |||||
| Last Closed: | 2014-07-02 14:43:53 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1115540 | ||||||
| Attachments: |
|
||||||
## it seems the (pre/post)install scriptlets of the qpid-cpp-server
## package misses any semodule qpidd policy module installation whereas the
## postuininstall scriptlet always removes the qpidd semodule:
[root@ibm-x3650m4-03-vm07 ~]# rpm -q --scripts qpid-cpp-server
preinstall scriptlet (using /bin/sh):
getent group qpidd >/dev/null || groupadd -r qpidd
getent passwd qpidd >/dev/null || \
useradd -r -M -g qpidd -d /var/lib/qpidd -s /sbin/nologin \
-c "Owner of Qpidd Daemons" qpidd
exit 0
# =======
# systemd
# =======
# ========
# sysvinit
# ========
postinstall scriptlet (using /bin/sh):
# This adds the proper /etc/rc*.d links for the script
/sbin/chkconfig --add qpidd
/sbin/ldconfig
preuninstall scriptlet (using /bin/sh):
# Check that this is actual deinstallation, not just removing for upgrade.
if [ $1 = 0 ]; then
/sbin/service qpidd stop >/dev/null 2>&1 || :
/sbin/chkconfig --del qpidd
fi
postuninstall scriptlet (using /bin/sh):
if [ "$1" -ge "1" ]; then
/sbin/service qpidd condrestart >/dev/null 2>&1 || :
fi
/sbin/ldconfig
/usr/sbin/semodule -r qpidd
# === qpid-cpp-server-ha
[root@ibm-x3650m4-03-vm07 ~]#
This looks like an issue in qpid, so I suggest reporting it to them. They manage the repository at http://repos.fedorapeople.org/repos/mcpierce/qpid-cpp/, which is where I assume you got your packages. |
Created attachment 914075 [details] screen log of the update Description of problem: Having updated qpid-cpp-server avc denials appear in /var/log/audit/audit.log Version-Release number of selected component (if applicable): qpid-cpp-server-0.26-4.el6.x86_64; RHEL6.5 How reproducible: Not sure Steps to Reproduce: 1. update qpid-cpp-server 2. service qpidd restart Actual results: AVC denials with regards to qpidd pid files appear in /var/log/audit/audit.log Expected results: Having updated qpid-cpp-server, No AVC denials shown wr qpidd in /var/log/audit/audit.log Additional info: