Description of problem: ctdb should have a dependency on selinux packages in RHEL-7.1 Version-Release number of selected component (if applicable): ctdb2.5-2.5.5-3.el7rhgs.x86_64 The packages that Milos mentions [1] as possible candidates for dependent packages list are + policycoreutils package because it brings the setsebool command + libselinux-utils package because it brings the getsebool command + selinux-policy-targeted or selinux-policy-base (virtual package) because it brings the policy where booleans are defined and stored If the semanage command is to be used, I would add to the list + policycoreutils-python package because it brings the semanage command It is also interesting to note that the policycoreutils-python package depends on the policycoreutils package, which further depends on the libselinux-utils package And the selinux-policy-targeted package dependency must have a minimal version restriction for that version which has all the SELinux policy rules for RHGS 3.1. See the following BZ's for more details regarding this decision: https://bugzilla.redhat.com/show_bug.cgi?id=1238055 https://bugzilla.redhat.com/show_bug.cgi?id=1237065 The only available and latest SELinux RHEL-7.1 build is: https://brewweb.devel.redhat.com/buildinfo?buildID=441837 However, I'm not very sure if this can be considered as the right candidate for setting the above required dependency as it doesn't seems to have all the fixes backported. So either we should wait for a build which has all the fixes backported or get a confirmation from the SELinux team to go with this build. Miroslav/Milos, Could you please check the above and confirm so that we can proceed further with creating this dependency.
This decision is wrong. The right thing to do is to check for and use the selinux command line tools during %posttrans and a %triggerpostin for selinux-policy-targeted. I already have a build ready for verification, just need the right flags on this BZ.
With the latest build ctdb2.5-2.5.5-4.el7rhgs : As discussed and raised regarding the dependencies for selinux package to be created for ctdb , the specific version of selinux package: selinux-policy-targeted-3.7.19-279.el6.noarch should have been made dependent. As per brew logs it seems we have a generic dependency on following package: selinux-policy-targeted Which may cause issues in certain scenarios where the booleans which we are trying to set are not available in the older selinux package and someone doesn't upgrade the selinux package. Even though we recommend to do yum update and pull in all latest package but in case if only ctdb and samba packages are updated and not selinux package then the booleans will not get set and the issue will still persist, so as discussed and decided let's have the dependency on specific verison of selinux so that while doing install/upgrade of samba and ctdb package , the selinux is up-to-date and we don't hit any AVC's or issues. Moving the BZ to assigned.
The CTDB package ctdb2.5-2.5.5-6.el7rhgs has dependency on selinux package and pulls in while installing ctdb package, but I see errors in post_install and pre_install script. Raising another BZ for this issue. The dependency issue is verified. For the pre_un and post_un raising new BZ. yum install ctdb Loaded plugins: product-id, subscription-manager Resolving Dependencies --> Running transaction check ---> Package ctdb2.5.x86_64 0:2.5.5-6.el7rhgs will be installed --> Processing Dependency: selinux-policy-targeted >= 3.13.1-23 for package: ctdb2.5-2.5.5-6.el7rhgs.x86_64 --> Processing Dependency: tdb-tools for package: ctdb2.5-2.5.5-6.el7rhgs.x86_64 --> Running transaction check ---> Package selinux-policy-targeted.noarch 0:3.13.1-23.el7_1.8 will be installed --> Processing Dependency: selinux-policy = 3.13.1-23.el7_1.8 for package: selinux-policy-targeted-3.13.1-23.el7_1.8.noarch --> Processing Dependency: selinux-policy = 3.13.1-23.el7_1.8 for package: selinux-policy-targeted-3.13.1-23.el7_1.8.noarch ---> Package tdb-tools.x86_64 0:1.3.4-1.el7rhgs will be installed --> Running transaction check ---> Package selinux-policy.noarch 0:3.13.1-23.el7_1.8 will be installed --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================================================================================== Package Arch Version Repository Size ======================================================================================================================================================================== Installing: ctdb2.5 x86_64 2.5.5-6.el7rhgs Server-RH-Gluster-3-Server 512 k Installing for dependencies: selinux-policy noarch 3.13.1-23.el7_1.8 rhel-7-server-rpms 357 k selinux-policy-targeted noarch 3.13.1-23.el7_1.8 rhel-7-server-rpms 3.9 M tdb-tools x86_64 1.3.4-1.el7rhgs Server-RH-Gluster-3-Server 29 k Transaction Summary ======================================================================================================================================================================== Install 1 Package (+3 Dependent packages) Total download size: 4.8 M Installed size: 11 M Is this ok [y/d/N]: y Downloading packages: (1/4): tdb-tools-1.3.4-1.el7rhgs.x86_64.rpm | 29 kB 00:00:00 (2/4): ctdb2.5-2.5.5-6.el7rhgs.x86_64.rpm | 512 kB 00:00:00 (3/4): selinux-policy-3.13.1-23.el7_1.8.noarch.rpm | 357 kB 00:00:01 (4/4): selinux-policy-targeted-3.13.1-23.el7_1.8.noarch.rpm | 3.9 MB 00:00:02 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Total 2.2 MB/s | 4.8 MB 00:00:02 Running transaction check Running transaction test Transaction test succeeded Installing : selinux-policy-3.13.1-23.el7_1.8.noarch 1/4 warning: Failed to open SELinux handle. semodule: Could not begin transaction: No such file or directory Installing : selinux-policy-targeted-3.13.1-23.el7_1.8.noarch 2/4 Installing : tdb-tools-1.3.4-1.el7rhgs.x86_64 3/4 Installing : ctdb2.5-2.5.5-6.el7rhgs.x86_64 4/4 /var/tmp/rpm-tmp.Q0fPKz: line 1: systemd_post: command not found warning: %post(ctdb2.5-2.5.5-6.el7rhgs.x86_64) scriptlet failed, exit status 127 Non-fatal POSTIN scriptlet failure in rpm package ctdb2.5-2.5.5-6.el7rhgs.x86_64 Verifying : tdb-tools-1.3.4-1.el7rhgs.x86_64 1/4 Verifying : selinux-policy-targeted-3.13.1-23.el7_1.8.noarch 2/4 Verifying : ctdb2.5-2.5.5-6.el7rhgs.x86_64 3/4 Verifying : selinux-policy-3.13.1-23.el7_1.8.noarch 4/4
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-1495.html