1412695 – SELinux prevents dnf-system-upgrade from starting

Bug 1412695 - SELinux prevents dnf-system-upgrade from starting

Summary: SELinux prevents dnf-system-upgrade from starting

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	dnf-plugins-extras
Sub Component:
Version:	25
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	rpm-software-management
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-01-12 15:10 UTC by Francois Cartegnie
Modified:	2017-12-08 12:49 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-12-08 12:47:52 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Francois Cartegnie 2017-01-12 15:10:58 UTC

Description of problem:

SELinux prevents dnf-system-upgrade.
Ends in reboot.

Unsure if the issue is a missing relabel, relabel check, or selinux disable by dnf-system-upgrade process/checks.

Steps to Reproduce:
/root(dm-1) is lvm logical volume on luks partition
1. dnf system-upgrade download --releasever 25
2. dnf system-upgrade reboot

Actual results:
endless reboot


Additional info:

Version-Release number of selected component (if applicable):
janv. 12 14:50:37 ux systemd-journald[189]: Runtime journal (/run/log/journal/) is 8.0M, max 394.0M, 386.0M free.
janv. 12 14:50:37 ux kernel: microcode: microcode updated early to revision 0x9e, date = 2016-06-22
janv. 12 14:50:37 ux kernel: Linux version 4.8.15-200.fc24.x86_64 (mockbuild.fedoraproject.org) (gcc version 6.2.1 20160916 (Red Hat 6.2.
janv. 12 14:50:37 ux kernel: Command line: BOOT_IMAGE=/vmlinuz-4.8.15-200.fc24.x86_64 root=/dev/mapper/fedora-root ro rd.lvm.lv=fedora/root rd.luks.uuid
...skipping...
janv. 12 14:50:48 ux kernel: EXT4-fs (sda2): mounted filesystem with ordered data mode. Opts: (null)
janv. 12 14:50:48 ux systemd[1]: Mounted /boot.
janv. 12 14:50:48 ux systemd[1]: Mounting /boot/efi...
janv. 12 14:50:48 ux kernel: EXT4-fs (dm-3): mounted filesystem with ordered data mode. Opts: discard
janv. 12 14:50:48 ux systemd[1]: Mounted /home.
janv. 12 14:50:48 ux systemd[1]: Mounted /boot/efi.
janv. 12 14:50:48 ux systemd[1]: Reached target Local File Systems.
janv. 12 14:50:48 ux systemd[1]: Starting Import network configuration from initramfs...
janv. 12 14:50:48 ux systemd[1]: Starting Restore /run/initramfs on shutdown...
janv. 12 14:50:48 ux systemd[1]: Starting Tell Plymouth To Write Out Runtime Data...
janv. 12 14:50:48 ux systemd[1]: Started Restore /run/initramfs on shutdown.
janv. 12 14:50:48 ux audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dracut-shutdown comm=
janv. 12 14:50:48 ux systemd[1]: Started Tell Plymouth To Write Out Runtime Data.
janv. 12 14:50:48 ux audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-read-write c
janv. 12 14:50:48 ux audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-read-write co
janv. 12 14:50:48 ux systemd[1]: Started Import network configuration from initramfs.
janv. 12 14:50:48 ux audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fedora-import-state c
janv. 12 14:50:48 ux systemd[1]: Starting Create Volatile Files and Directories...
janv. 12 14:50:48 ux systemd[1]: Started Create Volatile Files and Directories.
janv. 12 14:50:48 ux audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-tmpfiles-setu
janv. 12 14:50:48 ux systemd[1]: Starting Update UTMP about System Boot/Shutdown...
janv. 12 14:50:48 ux audit[1031]: SYSTEM_BOOT pid=1031 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="systemd-update-
janv. 12 14:50:48 ux systemd[1]: Started Update UTMP about System Boot/Shutdown.
janv. 12 14:50:48 ux audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp c
janv. 12 14:50:48 ux systemd[1]: Reached target System Initialization.
janv. 12 14:50:48 ux systemd[1]: Listening on D-Bus System Message Bus Socket.
janv. 12 14:50:48 ux systemd[1]: Starting Bluetooth service...
janv. 12 14:50:48 ux audit[1]: AVC avc:  denied  { read } for  pid=1 comm="systemd" name=".dnf-system-upgrade" dev="dm-1" ino=262158 scontext=system_u:s
janv. 12 14:50:48 ux systemd[1]: dnf-system-upgrade.service: Failed to load environment files: Permission denied
janv. 12 14:50:48 ux systemd[1]: dnf-system-upgrade.service: Failed to run 'start' task: Permission denied
janv. 12 14:50:48 ux systemd[1]: Failed to start System Upgrade.
janv. 12 14:50:48 ux systemd[1]: dnf-system-upgrade.service: Unit entered failed state.
janv. 12 14:50:48 ux systemd[1]: dnf-system-upgrade.service: Failed with result 'resources'.
janv. 12 14:50:48 ux systemd[1]: Rebooting as result of failure.
janv. 12 14:50:48 ux systemd[1]: Stopped IIO Sensor Proxy service.
janv. 12 14:50:48 ux systemd[1]: Stopped Forward Password Requests to Plymouth Directory Watch.
janv. 12 14:50:48 ux systemd[1]: Stopping Restore /run/initramfs on shutdown...
janv. 12 14:50:48 ux systemd[1]: Stopped target System Update.
janv. 12 14:50:48 ux systemd[1]: Stopped Updates the operating system whilst offline.
janv. 12 14:50:48 ux systemd[1]: Stopped Updates device firmware whilst offline.
janv. 12 14:50:48 ux systemd[1]: Stopping LVM2 PV scan on device 253:0...
janv. 12 14:50:48 ux systemd[1]: Stopped target Sound Card.
janv. 12 14:50:48 ux systemd[1]: Starting Show Plymouth Reboot Screen...
janv. 12 14:50:48 ux systemd[1]: Stopping Load/Save RF Kill Switch Status...
janv. 12 14:50:48 ux systemd[1]: Stopped target Bluetooth.
janv. 12 14:50:48 ux systemd[1]: Stopped target Remote File Systems (Pre).
janv. 12 14:50:48 ux systemd[1]: Stopping Availability of block devices...
janv. 12 14:50:48 ux systemd[1]: Stopped Load/Save RF Kill Switch Status.

Comment 1 Francois Cartegnie 2017-01-12 15:31:57 UTC

missing important info.

The dnf system-upgrade download 
was using --datadir

since the /system-upgrade points to that directory,
it seems a missing an upgrade check for the correct selinux labels
on targer dir.

Comment 2 Fedora End Of Life 2017-11-16 18:44:31 UTC

This message is a reminder that Fedora 25 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 25. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '25'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not
able to fix it before Fedora 25 is end of life. If you would still like
to see this bug fixed and are able to reproduce it against a later version
of Fedora, you are encouraged  change the 'version' to a later Fedora
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.

Comment 3 Jaroslav Mracek 2017-12-08 12:47:52 UTC

Thanks a lot for the report. I refactored internal structure of cache handling for system upgrade and even --datadir is not supported in latest version (incompatible to new workflow). Soon there will be a new implementation of --datadir option.

Comment 4 Jaroslav Mracek 2017-12-08 12:49:37 UTC

Datadir option is not present from version 2.0.2

Note You need to log in before you can comment on or make changes to this bug.