Bug 1123279 - foreman-selinux fails to uninstall and reinstall cleanly
Summary: foreman-selinux fails to uninstall and reinstall cleanly
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: foreman-selinux
Version: 5.0 (RHEL 7)
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: ga
: 5.0 (RHEL 6)
Assignee: Lukas Zapletal
QA Contact: Ami Jeain
URL:
Whiteboard:
Depends On: 1123381
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-07-25 08:37 UTC by Mike Burns
Modified: 2014-09-08 05:20 UTC (History)
4 users (show)

Fixed In Version: foreman-selinux-1.6.0.3-2.el6sat
Doc Type: Bug Fix
Doc Text:
A post-install scriplet in the foreman-selinux package was issuing errors during uninstall. This was caused by the Elasticsearch port (9200-9300) not being removed properly before unloading the SELinux policy. This resulted in the "yum uninstall" transaction being canceled, leaving Foreman in an uninstallable state. Now, the scriplet has been fixed to remove ports prior to unloading the policy. As a result Foreman now uninstalls cleanly.
Clone Of:
: 1123381 (view as bug list)
Environment:
Last Closed: 2014-08-04 18:36:10 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 6780 0 None None None Never
Red Hat Product Errata RHEA-2014:1003 0 normal SHIPPED_LIVE Red Hat Enterprise Linux OpenStack Platform Enhancement Advisory 2014-08-04 22:31:07 UTC

Description Mike Burns 2014-07-25 08:37:31 UTC 
Description of problem:

There's a problem with foreman-selinux. It won't uninstall cleanly:

libsepol.context_from_record: type elasticsearch_port_t is not defined
libsepol.context_from_record: could not create context structure (Invalid argument).
libsepol.port_from_record: could not create port structure for range 9200:9300 (tcp) (Invalid argument).
libsepol.sepol_port_modify: could not load port range 9200 - 9300 (tcp) (Invalid argument).
libsemanage.dbase_policydb_modify: could not modify record value (Invalid argument).
libsemanage.semanage_base_merge_components: could not merge local modifications into policy (Invalid argument).
/usr/sbin/semodule:  Failed!

And it also leaves its SELinux modifications in the system; at least, that is:

# semanage port -l | grep 9200
elasticsearch_port_t           tcp      9200-9300

(When it's being installed, it does     /usr/sbin/semanage -S $selinuxvariant -i - << _EOT2
      port -a -t elasticsearch_port_t -p tcp 9200-9300
_EOT2). As a result, it cannot be installed again cleanly anymore:

/usr/sbin/semanage: Port tcp/9200-9300 already defined
warning: %post(foreman-selinux-1.6.0.3-1.el6sat.noarch) scriptlet failed, exit status 1
Comment 1 Lukas Zapletal 2014-07-25 14:29:31 UTC 
Fix for Satellite 6 provided, waiting for review and then the next compose. So can I flip the bug to POST once this is in our composes?
Comment 6 errata-xmlrpc 2014-08-04 18:36:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2014-1003.html
Note You need to log in before you can comment on or make changes to this bug.