1379953 – Missing dependency selinux-policy-targeted

Bug 1379953 - Missing dependency selinux-policy-targeted

Summary: Missing dependency selinux-policy-targeted

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	libvirt
Sub Component:
Version:	7.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Jiri Denemark
QA Contact:	Jing Qi
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-09-28 08:36 UTC by Fabian Deutsch
Modified:	2017-04-13 07:55 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-04-12 21:06:53 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Fabian Deutsch 2016-09-28 08:36:32 UTC

Description of problem:
I was installing libvirt in a clean environment without SELinux beeing installed.
Once I tried to start libvirt, it raised some errors about labels.

I had to install selinux-policy-targeted to fix this issue.

Version-Release number of selected component (if applicable):
RHEL 7.2 (CentOS)

How reproducible:
always

Steps to Reproduce:
1. Install libvirtd with i.e. rpm --root=…
2.
3.

Actual results:
libvirtd will not pull in selinux-policy-targeted

Expected results:
libvirtd should pull in selinux-policy-targeted


Additional info:

Comment 1 Jiri Denemark 2016-11-22 11:30:07 UTC

Libvirt can happily run without SELinux if configured so (security_driver = "none" in /etc/libvirt/qemu.conf) so making it a hard dependency would be wrong.

Comment 2 Fabian Deutsch 2016-11-24 16:05:49 UTC

I do understand that libvirt can run without SELinux.

But fact is that the default configuration is expecting SELinux.

Thus IMHO libvirtd should either not require selinux by default in the configuration or oull in the selinux policy.

But teh current state is that if you install libvirtd then it will not work.

Comment 3 Jiri Denemark 2017-04-12 21:06:53 UTC

selinux-policy-targeted is installed even with the minimal installation, it is listed as a mandatory package in group "Core" (Smallest possible installation) which means it will be installed by default. So libvirt's default to use SELinux (if it is detected) works in the default installation. Creating a special environment requires treatment. And what if someone wanted to create a special installation with no SELinux policy installed? Adding a hard dependency on it in libvirt would make this impossible to achieve.

Comment 4 Jing Qi 2017-04-13 07:26:50 UTC

I tried below steps about the bug:
1. I installed with minmal installation for rhel7.3.
2. After installation finished, I removed the "selinux-policy-targeted" from the OS and checked  /etc/libvirt/qemu.conf file . The configuration was comment as default. #security_driver = "selinux"
3. Then I installed qemu-kvm-rhev & libvirt rpms successfully.
4. After that, the libvirtd service can't be started and I tried to reboot system and the system can't be started up correctly. Error message " Failed to load SELinux policy, freezing" is printed out. 

Is this situation acceptable?

Comment 5 Jiri Denemark 2017-04-13 07:55:42 UTC

Well, apparently you need to disable SELinux first to be able to boot the system without selinux-policy-targeted.

Note You need to log in before you can comment on or make changes to this bug.