Bug 1446487 - Error installation SpaceWalk on Centos 7 with spacewalk-selinux-2.3.2-1.el7.noarch.rpm
Summary: Error installation SpaceWalk on Centos 7 with spacewalk-selinux-2.3.2-1.el7.n...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Spacewalk
Classification: Community
Component: Installation
Version: 2.6
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Eric Herget
QA Contact: Red Hat Satellite QA List
URL:
Whiteboard:
Depends On:
Blocks: space27
TreeView+ depends on / blocked
 
Reported: 2017-04-28 08:16 UTC by Thierry Guyard
Modified: 2017-09-27 19:34 UTC (History)
4 users (show)

Fixed In Version: osad-5.11.84-1 spacewalk-selinux-2.7.3-1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-09-27 19:34:13 UTC
Embargoed:

Attachments (Terms of Use)

Description Thierry Guyard 2017-04-28 08:16:57 UTC 
Description of problem:
New installation of spacewalk on CENTOS 7:

error on package spacewalk-selinux-2.3.2-1.el7 :



Version-Release number of selected component (if applicable):
spacewalk-selinux-2.3.2-1.el7.noarch.rpm

How reproducible:


Steps to Reproduce:
1.rpm -ivh  --replacepkgs /tmp/spacewalk-selinux-2.3.2-1.el7.noarch.rpm
2.
3.

Actual results:

Failed to resolve roletype statement at /etc/selinux/mls/tmp/modules/400/spacewalk/cil:2
/usr/sbin/semodule:  Failed!
Failed to resolve roletype statement at /etc/selinux/strict/tmp/modules/400/spacewalk/cil:2
/usr/sbin/semodule:  Failed!


Expected results:


Additional info:
Comment 1 Eric Herget 2017-07-27 21:04:35 UTC 
The command `/usr/sbin/semodule -s ${selinuxvariant} -l` used to return a failure exit code, but that has now changed on RHEL and CentOS 7.  thanks to mmraka for pointing out an alternate command `/usr/sbin/semanage module -l -S ${selinuxvariant}` that continues to return a failure status code.

Should the `semanage module ...` command be changed to always return success status code, mmraka also suggested an alternative check with `if [ $(/usr/sbin/semodule -s ${selinuxvariant} -l | wc -l) -gt 1 ]; then` ...
Comment 2 Eric Herget 2017-07-27 21:05:30 UTC 
In addition to updating the spacewalk-selinux-enable script, the osa-dispatcher-selinux-enable script also needed the same fix.
Comment 3 Eric Herget 2017-07-27 21:06:32 UTC 
spacewalk.github:
b495b84d322ee1942096d6e0fd7771637a3033b9
Comment 4 Troels Just 2017-08-05 00:43:03 UTC 
(In reply to Eric Herget from comment #3)
> spacewalk.github:
> b495b84d322ee1942096d6e0fd7771637a3033b9

Hi Eric.
I am deploying Spacewalk for my company to manage a pile of CentOS 7 VMs, and I just ran into this SELinux error when installing the Spacewalk 2.6 packages.

I tracked down your fix on Github, and ran the two fixed loops of semanage that had otherwise bombed during the installation. I was wondering whether that was a correct approach, and also whether updated packages for Spacewalk 2.6 might be released?
Comment 5 Eric Herget 2017-08-07 17:10:26 UTC 
(In reply to Troels Just from comment #4)
> (In reply to Eric Herget from comment #3)
> > spacewalk.github:
> > b495b84d322ee1942096d6e0fd7771637a3033b9
> 
> Hi Eric.
> I am deploying Spacewalk for my company to manage a pile of CentOS 7 VMs,
> and I just ran into this SELinux error when installing the Spacewalk 2.6
> packages.
> 
> I tracked down your fix on Github, and ran the two fixed loops of semanage
> that had otherwise bombed during the installation. I was wondering whether
> that was a correct approach, and also whether updated packages for Spacewalk
> 2.6 might be released?

Hi Troels,

Yes, running the two loops of semanage should apply the necessary config.

This fix is found in the nightly builds and will be included in the upcoming Spacewalk 2.7 release in the next few weeks.
Comment 6 Eric Herget 2017-09-27 19:34:13 UTC 
Spacewalk 2.7 has been released.

https://github.com/spacewalkproject/spacewalk/wiki/ReleaseNotes27
Note You need to log in before you can comment on or make changes to this bug.