Bug 1262424 - rpm fails with no error message if /etc/selinux/targeted/contexts/files/* missing
Summary: rpm fails with no error message if /etc/selinux/targeted/contexts/files/* mis...
Keywords:
Status: CLOSED DUPLICATE of bug 1204488
Alias: None
Product: Fedora
Classification: Fedora
Component: dnf
Version: 22
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Packaging Maintenance Team
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-09-11 15:33 UTC by Eric Paris
Modified: 2016-03-21 12:48 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-03-21 12:48:38 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Eric Paris 2015-09-11 15:33:48 UTC 
The selinux team has often suggest people do:

mv /etc/selinux/targeted /etc/selinux/targeted.bak
yum/dnf reinstall -y selinux-policy-targeted

To get people back to default selinux.

But rpm no longer functions without /etc/selinux/targeted/contexts/files/*

To reproduce simply move /etc/selinux/targeted away and try to install and rpm. It will return $? == 1 very quickly. 

This used to work. I don't know if an selinux library changed or if rpm changed to be more strict, but it was nice to be able to blow away etc and get it back with a fresh rpm install...

At the very least an error message really needs to propagate up about the problem rather than silence.

(it still is possible to accomplish what I wanted like so)
mv /etc/selinux/targeted /etc/selinux/targeted.bak
mkdir -p /etc/selinux/targeted/contexts/files/
cp -a /etc/selinux/targeted.bca/contexts/files/* /etc/selinux/targeted/contexts/files/
dnf reinstall -y selinux-policy-targeted
Comment 1 Ľuboš Kardoš 2016-03-07 14:51:23 UTC 
Fixed upstream [1]. Now rpm behaves like this:

# rpm --reinstall selinux-policy-targeted-3.13.1-158.7.fc23.noarch.rpm
error: Plugin selinux: hook tsm_pre failed

# rpm  -vv --reinstall selinux-policy-targeted-3.13.1-158.7.fc23.noarch.rpm
...
D: selabel_open: (/etc/selinux/targeted/contexts/files/file_contexts) No such file or directory
error: Plugin selinux: hook tsm_pre failed
...


But dnf is not able to show this error and the rpm error message is lost, it is not in any of dnf log files:

# dnf reinstall selinux-policy-targeted
...
Running transaction
Failed to obtain the transaction lock (logged in as: root).
The downloaded packages were saved in cache till the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: Could not run transaction.

I understand that dnf don't want rpmlib to directly print to stderr and logs from rpmlib are redirected somewhere. But I would expect that these rpm logs will be stored somewhere and user can examine them after transaction fails.

Also the message "Failed to obtain the transaction lock" is not very helpful. Maybe "Transaction failed. For details see some_dnf_rpm.log" would be better.


[1] https://github.com/rpm-software-management/rpm/commit/468726ece5f3ed1209460120044d2d63bd0a561b
Comment 2 Honza Silhan 2016-03-21 12:48:38 UTC 

*** This bug has been marked as a duplicate of bug 1204488 ***
Note You need to log in before you can comment on or make changes to this bug.