Description of problem: During upgrade from Fedora 20 -> 21 with disabled selinux, I got this: Updating : selinux-policy-targeted-3.13.1-84.fc21.noarch 2171/8173 libsepol.permission_copy_callback: Module cinder depends on permission kill in class service, not satisfied (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). /usr/sbin/semodule: Failed! Updating : ImageMagick-perl-6.8.8.10-5.fc21.x86_64 2172/8173 Version-Release number of selected component (if applicable): selinux-policy-targeted-3.13.1-84.fc21.noarch How reproducible: done once Steps to Reproduce: 1. fully upgraded Fedora 20 2. /usr/bin/yum --releasever=21 --disableplugin=presto distro-sync Actual results: error from post scriptlet of selinux-policy-targeted Expected results: no errors Additional info: $ getenforce Disabled
Could you execute # yum reinstall selinux-policy-targeted
yum reinstall selinux-policy-targeted ... Installing : selinux-policy-targeted-3.13.1-84.fc21.noarch 1/1 etckeeper: post transaction commit Verifying : selinux-policy-targeted-3.13.1-84.fc21.noarch I.e. no error on reinstall. I'm not sure what was the point.
We needed to rebuild the policy. This is caused by upstream merge. We don't have "kill" permission in F21. But yes, this is ugly bug.
It happens with SELinux enabled as well.
You will need to rebuild the policy for cinder to fix this problem. I think we should just add back in those permissions in the file and mark them as not to use.
https://github.com/selinux-policy/selinux-policy/commit/f20c4e38b4443f2ab7c442c20dc42b7dc57fdebe Related to link above, I think we can close this issue.
I added back those permissions because it breaks updates.