1497091 – brlapi uninstallable on Rawhide armv7

Bug 1497091 - brlapi uninstallable on Rawhide armv7

Summary: brlapi uninstallable on Rawhide armv7

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	rawhide
Hardware:	armv7l
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Lukas Vrabec
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	TRACKER-bugs-affecting-libguestfs
TreeView+	depends on / blocked

Reported:	2017-09-29 07:33 UTC by Richard W.M. Jones
Modified:	2018-02-20 11:20 UTC (History)
CC List:	13 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-02-20 11:20:30 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Richard W.M. Jones 2017-09-29 07:33:52 UTC

Description of problem:

$ sudo dnf install /usr/lib/libbrlapi.so.0.6 
Last metadata expiration check: 1:09:12 ago on Fri 29 Sep 2017 02:20:59 EDT.
Dependencies resolved.
================================================================================
 Package         Arch             Version                Repository        Size
================================================================================
Installing:
 brlapi          armv7hl          0.6.6-9.fc28           rawhide          150 k

Transaction Summary
================================================================================
Install  1 Package

Total download size: 150 k
Installed size: 416 k
Is this ok [y/N]: y
Downloading Packages:
brlapi-0.6.6-9.fc28.armv7hl.rpm                 3.2 MB/s | 150 kB     00:00    
--------------------------------------------------------------------------------
Total                                           134 kB/s | 150 kB     00:01     
warning: /var/cache/dnf/rawhide-805c449d99b9520f/packages/brlapi-0.6.6-9.fc28.armv7hl.rpm: Header V3 RSA/SHA256 Signature, key ID 9db62fb1: NOKEY
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Running scriptlet: brlapi-0.6.6-9.fc28.armv7hl                            1/1 
groupadd: cannot open /etc/gshadow
error: %prein(brlapi-0.6.6-9.fc28.armv7hl) scriptlet failed, exit status 10
Error in PREIN scriptlet in rpm package brlapi
Error in PREIN scriptlet in rpm package brlapi
brlapi-0.6.6-9.fc28.armv7hl was supposed to be installed but is not!
  Verifying        : brlapi-0.6.6-9.fc28.armv7hl                            1/1 

Failed:
  brlapi.armv7hl 0.6.6-9.fc28                                                   

Error: Transaction failed

Comment 1 Richard W.M. Jones 2017-09-29 07:34:46 UTC

$ ll /etc/gshadow
----------. 1 root root 443 Sep 28 17:22 /etc/gshadow

Comment 2 Richard W.M. Jones 2017-09-29 07:37:09 UTC

I had to set gshadow to 0666 (!) to install this package.  Even 0600
didn't work.

Comment 3 Gwyn Ciesla 2017-09-29 12:49:46 UTC

%pre -n brlapi
getent group brlapi >/dev/null || groupadd -r brlapi >/dev/null

Sounds like a bug in setup.

Comment 4 Ondrej Vasik 2017-10-03 13:23:35 UTC

No, definitely not a bug in setup - gshadow is handled through capabilities intentionally. Let's reassign that to shadow-utils - where utilities for adding groups and users live - but gshadow will stay as 000 , 666 is just number of devil and wrong for /etc/shadow and /etc/gshadow.

Comment 5 Tomas Mraz 2017-10-03 13:39:33 UTC

This is fallout from the no dac_override policy change.

Comment 6 Lukas Vrabec 2017-10-04 08:16:48 UTC

Tomas is right. 

Fixes will be available in next selinux-policy rawhide build.

Note You need to log in before you can comment on or make changes to this bug.