Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1329931

Summary: Error in PREIN scriptlet in rpm package
Product: Red Hat Enterprise Linux 7 Reporter: yanbing du <ydu>
Component: libselinuxAssignee: Petr Lautrbach <plautrba>
Status: CLOSED ERRATA QA Contact: Milos Malik <mmalik>
Severity: high Docs Contact:
Priority: unspecified    
Version: 7.3CC: dapospis, dwalsh, lvrabec, mgrepl, mmalik, plautrba, ssekidde, ydu
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: libselinux-2.5-3.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-04 02:12:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
libselinux: setexecfilecon() to work better in a chroot none

Description yanbing du 2016-04-25 05:08:03 UTC 
Description of problem:
Base on latest policycoreutils and libselinux, yum install with specifies insallroot always fail.

Version-Release number of selected component (if applicable):
# rpm -q policycoreutils libselinux selinux-policy
policycoreutils-2.5-2.el7.x86_64
libselinux-2.5-2.el7.x86_64
selinux-policy-3.13.1-68.el7.noarch


How reproducible:
100%

Steps to Reproduce:
1.
#yum --releasever=/ --installroot=/var/lib/libvirt/filesystems/rhel_x86_64 --nogpgcheck  groupinstall core
...
  Installing : glibc-2.17-105.el7.x86_64                                                                                                                       12/274g
warning: %post(glibc-2.17-105.el7.x86_64) scriptlet failed, exit status 127
Non-fatal POSTIN scriptlet failure in rpm package glibc-2.17-105.el7.x86_64
...

error: %pre(openssh-6.6.1p1-26.el7.x86_64) scriptlet failed, exit status 127
Error in PREIN scriptlet in rpm package openssh-6.6.1p1-26.el7.x86_64
...
...
Failed:
  ca-certificates.noarch 0:2015.2.6-70.1.el7_2  coreutils.x86_64 0:8.22-15.el7_2.1   dbus.x86_64 1:1.6.12-13.el7                     dhclient.x86_64 12:4.2.5-45.el7 
  initscripts.x86_64 0:9.49.30-1.el7_2.2        iptables.x86_64 0:1.4.21-16.el7      libutempter.x86_64 0:1.1.6-4.el7                openssh.x86_64 0:6.6.1p1-26.el7 
  openssh-server.x86_64 0:6.6.1p1-26.el7        pinentry.x86_64 0:0.8.1-17.el7       plymouth.x86_64 0:0.8.9-0.24.20140113.el7       polkit.x86_64 0:0.112-6.el7_2   
  postfix.x86_64 2:2.10.1-6.el7                 ppp.x86_64 0:2.4.5-33.el7            selinux-policy-targeted.noarch 0:3.13.1-68.el7  systemd.x86_64 0:219-20.el7     
  trousers.x86_64 0:0.3.13-1.el7                yum-rhn-plugin.noarch 0:2.0.1-5.el7 

Actual results:
About 18 packages install fail as %pre error, and many %post warning

Expected results:
No warning and error

Additional info:
Downgrade policycoreutils and libselinux can workaround this problem
# rpm -q libselinux policycoreutils
libselinux-2.2.2-6.el7.x86_64
policycoreutils-2.2.5-20.el7.x86_64
Comment 3 yanbing du 2016-04-25 07:11:39 UTC 
I'm not running beaker job to reproduce this bug, just let config a RHEL7 repo and execute yum command. The distro I'm using is: RHEL-7.2-20151030.0
Just let me know what kind of information do you want? I can provide them in bugzilla.
Comment 4 Petr Lautrbach 2016-04-26 15:24:23 UTC 
It's a problem in libselinux: int is_selinux_enabled(void) which was introduced in upstream commit 685f4aeeadc0b60f3770404d4f149610d656e3c8
Comment 5 Petr Lautrbach 2016-04-27 08:59:15 UTC 
Created attachment 1151250 [details]
libselinux: setexecfilecon() to work better in a chroot

    When setexecfilecon() is used in a process which was chrooted after
    libselinux was initialized, is_selinux_enabled() returns 1 but
    security_getenforce() returns -1 as there's no /sys/fs/selinux/enforce
    in the chroot.
    
    Generally, rpm and rpm scripts are run as unconfined domains therefore we
    don't to need to consider this state as a reason not to exec the
    script.
Comment 7 yanbing du 2016-04-27 09:31:34 UTC 
Thanks Petr,
Just test the scratch build and confirm it works fine.
Comment 11 errata-xmlrpc 2016-11-04 02:12:22 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2276.html