Selinux error while installing engine from master in ovirt-system-test: Installing : ovirt-vmconsole-1.0.4-1.el7.centos.noarch 163/345 Failed to resolve booleanif statement at /etc/selinux/targeted/tmp/modules/400/ovirt_vmconsole/cil:588 semodule: Failed! Installing : ovirt-vmconsole-proxy-1.0.4-1.el7.centos.noarch 164/345 libsemanage.semanage_read_policydb: Could not open kernel policy /etc/selinux/targeted/active/policy.kern for reading. (No such file or directory). OSError: No such file or directory Looks like a dependency is missing, providing /etc/selinux/targeted/active/policy.kern at pre/post stage. Seen in: http://jenkins.ovirt.org/job/ovirt-system-tests_manual/664/artifact/exported-artifacts/lago_logs/lago.log
Please provide a full description for this bug, including logs, what you actually did and reproduction steps.
Created attachment 1290059 [details] lago logs
(In reply to Sandro Bonazzola from comment #2) > Created attachment 1290059 [details] > lago logs Attached logs to preserve them from jenkis cleanups. full description: installing ovirt-vmconsole raises selinux issues as in comment #0 due to possible missing dependency in %pre / %post sections of the spec file. I actually run ovirt-system-test in jenkins: http://jenkins.ovirt.org/job/ovirt-system-tests_manual/664 Step to reproduce: rebuild http://jenkins.ovirt.org/job/ovirt-system-tests_manual/664
Thanks to the input of Sandro, I believe this happens only when the packages are installed through kickstart (or similar). We need to make sure that the last selinux-policy-targeted is installed when ovirt-vmconsole packages are installed. This doesn't seem the case in the provided logs, hence the bug. The fix should be simple: just add the dependency in the spec file to ensure the correct ordering. This bug should never trigger on installed system (e.g. on CentOS), because the selinux-policy-targeted is part of basesystem.
fix should be trivial, lets try to get it into 4.1.4
need info provided in comment #3
it is a corner case and it is not so easy to verify - pushing out of z-stream due to capacity
published on master
Successfully installed ovirt-vmconsole-1.0.4-1.el7.noarch and ovirt-vmconsole-host-1.0.4-1.el7.noarch, during installation of ovirt-hosted-engine-setup-2.2.0-0.0.master.20171009203744.gitd01cc03.el7.centos.noarch on RHEL7.4 host. Moving to verified.
This bugzilla is included in oVirt 4.2.0 release, published on Dec 20th 2017. Since the problem described in this bug report should be resolved in oVirt 4.2.0 release, published on Dec 20th 2017, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report.