Red Hat Bugzilla – Bug 1198307
Cannot build foreman-selinux on RHEL 7.1
Last modified: 2017-02-23 15:24:08 EST
Description of problem: Error is: + make NAME=targeted -f /usr/share/selinux/devel/Makefile DISTRO=rhel7 Compiling targeted foreman module foreman.te:394: Warning: miscfiles_read_certs() has been deprecated, please use miscfiles_read_generic_certs() instead. /usr/bin/checkmodule: loading policy configuration from tmp/foreman.tmp foreman.te":148:ERROR 'unknown type httpd_foreman_script_t' at token ';' on line 4713: #line 148 typeattribute httpd_foreman_script_t syslog_client_type; /usr/bin/checkmodule: error(s) encountered while parsing configuration make: *** [tmp/foreman.mod] Error 1 error: Bad exit status from /var/tmp/rpm-tmp.yn94cK (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.yn94cK (%build) Child returncode was: 1 EXCEPTION: Command failed. See logs for output. # ['bash', '--login', '-c', 'rpmbuild -bb --target noarch --nodeps builddir/build/SPECS/foreman-selinux.spec'] Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/mockbuild/trace_decorator.py", line 70, in trace result = func(*args, **kw) File "/usr/lib/python2.6/site-packages/mockbuild/util.py", line 345, in do raise mockbuild.exception.Error, ("Command failed. See logs for output.\n # %s" % (command,), child.returncode) Error: Command failed. See logs for output. # ['bash', '--login', '-c', 'rpmbuild -bb --target noarch --nodeps builddir/build/SPECS/foreman-selinux.spec'] LEAVE do --> EXCEPTION RAISED Version-Release number of selected component (if applicable): foreman-selinux-1.7.2.9-1.el7sat foreman-selinux-1.7.2.9-1.el6_6sat built OK.
Regression for RHEL 7.1, reported as https://bugzilla.redhat.com/show_bug.cgi?id=1202695
Ugly workaround is to comment out: logging_send_syslog_msg(httpd_foreman_script_t) Because this is unused in the default configuration I think.
This is breaking anywhere httpd_foreman_script_t is. Can I comment out all 7 lines without breaking the policy?
This is the new one: Compiling targeted foreman module foreman.te:376: Warning: miscfiles_read_certs() has been deprecated, please use miscfiles_read_generic_certs() instead. /usr/bin/checkmodule: loading policy configuration from tmp/foreman.tmp foreman.te":196:ERROR 'unknown type httpd_foreman_script_exec_t' at token ';' on line 5817: #line 196 allow passenger_t httpd_foreman_script_exec_t:dir { getattr search open }; /usr/bin/checkmodule: error(s) encountered while parsing configuration make: *** [tmp/foreman.mod] Error 1 error: Bad exit status from /var/tmp/rpm-tmp.vcRTxX (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.vcRTxX (%build) Child returncode was: 1 EXCEPTION: Command failed. See logs for output. # ['bash', '--login', '-c', 'rpmbuild -bb --target noarch --nodeps builddir/build/SPECS/foreman-selinux.spec'] Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/mockbuild/trace_decorator.py", line 70, in trace result = func(*args, **kw) File "/usr/lib/python2.6/site-packages/mockbuild/util.py", line 345, in do raise mockbuild.exception.Error, ("Command failed. See logs for output.\n # %s" % (command,), child.returncode) Error: Command failed. See logs for output. # ['bash', '--login', '-c', 'rpmbuild -bb --target noarch --nodeps builddir/build/SPECS/foreman-selinux.spec'] LEAVE do --> EXCEPTION RAISED
moving back to MODIFIED as we had to roll this back for : https://bugzilla.redhat.com/show_bug.cgi?id=1204301
Unfortunately upstream fix was not yet merged and properly tested. There was an issue. Jason this line should not have been deleted: manage_files_pattern(passenger_t, foreman_log_t , foreman_log_t)
QE: I don't think there is anything to test here, more of a dev task. If you want you can verify that your systems get: foreman-selinux-1.7.2.13-1 nothing todo beyond that.
Verified in Satellite-6.1.0-RHEL-7-20150324.0
This bug is slated to be released with Satellite 6.1.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2015:1592