Bug 1149790 - Module cinder depends on permission kill in class service, not satisfied
Summary: Module cinder depends on permission kill in class service, not satisfied
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 21
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-10-06 16:01 UTC by Miroslav Suchý
Modified: 2014-10-30 12:13 UTC (History)
6 users (show)

Fixed In Version: selinux-policy-3.13.1-90.fc21
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-10-30 10:34:04 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Miroslav Suchý 2014-10-06 16:01:53 UTC 
Description of problem:
During upgrade from Fedora 20 -> 21 with disabled selinux, I got this:

  Updating   : selinux-policy-targeted-3.13.1-84.fc21.noarch                                                                             2171/8173 
libsepol.permission_copy_callback: Module cinder depends on permission kill in class service, not satisfied (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
/usr/sbin/semodule:  Failed!
  Updating   : ImageMagick-perl-6.8.8.10-5.fc21.x86_64                                                                                   2172/8173 


Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.13.1-84.fc21.noarch

How reproducible:
done once

Steps to Reproduce:
1. fully upgraded Fedora 20
2. /usr/bin/yum --releasever=21 --disableplugin=presto distro-sync


Actual results:
error from post scriptlet of selinux-policy-targeted

Expected results:
no errors

Additional info:
$ getenforce 
Disabled
Comment 1 Miroslav Grepl 2014-10-07 07:47:21 UTC 
Could you execute

# yum reinstall selinux-policy-targeted
Comment 2 Miroslav Suchý 2014-10-07 08:26:29 UTC 
yum reinstall selinux-policy-targeted
  ...
  Installing : selinux-policy-targeted-3.13.1-84.fc21.noarch                                                                                  1/1 
etckeeper: post transaction commit
  Verifying  : selinux-policy-targeted-3.13.1-84.fc21.noarch

I.e. no error on reinstall. I'm not sure what was the point.
Comment 3 Miroslav Grepl 2014-10-07 08:31:59 UTC 
We needed to rebuild the policy. This is caused by upstream merge. We don't have "kill" permission in F21.

But yes, this is ugly bug.
Comment 4 Vedran Miletić 2014-10-13 12:05:42 UTC 
It happens with SELinux enabled as well.
Comment 5 Daniel Walsh 2014-10-27 23:09:34 UTC 
You will need to rebuild the policy for cinder to fix this problem.  I think we should just add back in those permissions in the file and mark them as not to use.
Comment 6 Lukas Vrabec 2014-10-30 10:34:04 UTC 
https://github.com/selinux-policy/selinux-policy/commit/f20c4e38b4443f2ab7c442c20dc42b7dc57fdebe

Related to link above, I think we can close this issue.
Comment 7 Miroslav Grepl 2014-10-30 12:13:22 UTC 
I added back those permissions because it breaks updates.
Note You need to log in before you can comment on or make changes to this bug.