Bug 1497091 - brlapi uninstallable on Rawhide armv7
Summary: brlapi uninstallable on Rawhide armv7
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: armv7l
OS: Unspecified
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Fedora Extras Quality Assurance
Depends On:
Blocks: TRACKER-bugs-affecting-libguestfs
TreeView+ depends on / blocked
Reported: 2017-09-29 07:33 UTC by Richard W.M. Jones
Modified: 2018-02-20 11:20 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2018-02-20 11:20:30 UTC
Type: Bug

Attachments (Terms of Use)

Description Richard W.M. Jones 2017-09-29 07:33:52 UTC
Description of problem:

$ sudo dnf install /usr/lib/libbrlapi.so.0.6 
Last metadata expiration check: 1:09:12 ago on Fri 29 Sep 2017 02:20:59 EDT.
Dependencies resolved.
 Package         Arch             Version                Repository        Size
 brlapi          armv7hl          0.6.6-9.fc28           rawhide          150 k

Transaction Summary
Install  1 Package

Total download size: 150 k
Installed size: 416 k
Is this ok [y/N]: y
Downloading Packages:
brlapi-0.6.6-9.fc28.armv7hl.rpm                 3.2 MB/s | 150 kB     00:00    
Total                                           134 kB/s | 150 kB     00:01     
warning: /var/cache/dnf/rawhide-805c449d99b9520f/packages/brlapi-0.6.6-9.fc28.armv7hl.rpm: Header V3 RSA/SHA256 Signature, key ID 9db62fb1: NOKEY
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Running scriptlet: brlapi-0.6.6-9.fc28.armv7hl                            1/1 
groupadd: cannot open /etc/gshadow
error: %prein(brlapi-0.6.6-9.fc28.armv7hl) scriptlet failed, exit status 10
Error in PREIN scriptlet in rpm package brlapi
Error in PREIN scriptlet in rpm package brlapi
brlapi-0.6.6-9.fc28.armv7hl was supposed to be installed but is not!
  Verifying        : brlapi-0.6.6-9.fc28.armv7hl                            1/1 

  brlapi.armv7hl 0.6.6-9.fc28                                                   

Error: Transaction failed

Comment 1 Richard W.M. Jones 2017-09-29 07:34:46 UTC
$ ll /etc/gshadow
----------. 1 root root 443 Sep 28 17:22 /etc/gshadow

Comment 2 Richard W.M. Jones 2017-09-29 07:37:09 UTC
I had to set gshadow to 0666 (!) to install this package.  Even 0600
didn't work.

Comment 3 Gwyn Ciesla 2017-09-29 12:49:46 UTC
%pre -n brlapi
getent group brlapi >/dev/null || groupadd -r brlapi >/dev/null

Sounds like a bug in setup.

Comment 4 Ondrej Vasik 2017-10-03 13:23:35 UTC
No, definitely not a bug in setup - gshadow is handled through capabilities intentionally. Let's reassign that to shadow-utils - where utilities for adding groups and users live - but gshadow will stay as 000 , 666 is just number of devil and wrong for /etc/shadow and /etc/gshadow.

Comment 5 Tomas Mraz 2017-10-03 13:39:33 UTC
This is fallout from the no dac_override policy change.

Comment 6 Lukas Vrabec 2017-10-04 08:16:48 UTC
Tomas is right. 

Fixes will be available in next selinux-policy rawhide build.

Note You need to log in before you can comment on or make changes to this bug.