Bug 1570829 - ovirt-vmconsole must require selinux-policy-targeted in post section
Summary: ovirt-vmconsole must require selinux-policy-targeted in post section
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: ovirt-vmconsole
Classification: oVirt
Component: Packaging.rpm
Version: master
Hardware: Unspecified
OS: Unspecified
unspecified
high vote
Target Milestone: ovirt-4.2.3
: ---
Assignee: Francesco Romani
QA Contact: Nikolai Sednev
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-23 13:22 UTC by Sandro Bonazzola
Modified: 2018-05-10 06:33 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-05-10 06:33:55 UTC
oVirt Team: Virt
rule-engine: ovirt-4.2+
rule-engine: exception+

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1563737 0 unspecified CLOSED Unable to connect via serial console to HE. /bin/sh: Permission denied. 2021-02-22 00:41:40 UTC

Internal Links: 1563737

Description Sandro Bonazzola 2018-04-23 13:22:55 UTC 
ovirt-vmconsole uses semanage in %post section and requires libselinux-utils in %post but requires selinux-policy-targeted only at runtime.

This allow to install ovirt-vmconsole before selinux-policy-targeted while building the engine appliance with anaconda as reported in https://bugzilla.redhat.com/show_bug.cgi?id=1563737#c12.


07:01:38,622 INFO packaging: ovirt-vmconsole-1.0.4-1.el7ev.noarch (821/996)
07:01:38,623 INFO packaging: Failed to resolve booleanif statement at /etc/selinux/targeted/tmp/modules/400/ovirt_vmconsole/cil:588
07:01:38,623 INFO packaging: semodule:  Failed!
07:01:38,623 INFO packaging: ovirt-vmconsole-proxy-1.0.4-1.el7ev.noarch (822/996)
07:01:38,624 INFO packaging: Traceback (most recent call last):
07:01:38,624 INFO packaging:   File "/sbin/semanage", line 32, in <module>
07:01:38,624 INFO packaging:     import seobject
07:01:38,625 INFO packaging:   File "/usr/lib64/python2.7/site-packages/seobject/__init__.py", line 36, in <module>
07:01:38,625 INFO packaging:     import sepolicy
07:01:38,626 INFO packaging:   File "/usr/lib64/python2.7/site-packages/sepolicy/__init__.py", line 921, in <module>
07:01:38,626 INFO packaging:     raise e
07:01:38,626 INFO packaging: ValueError: No SELinux Policy installed

Workaround is available in https://bugzilla.redhat.com/show_bug.cgi?id=1563737#c11 so not marking this bug as blocker but marking it as exception for 4.2.3.
Comment 1 Nikolai Sednev 2018-04-23 14:01:41 UTC 
Please provide reproduction steps.
Comment 2 Francesco Romani 2018-04-23 14:28:12 UTC 
will be fixed by Id71c0a22b2bac8714743a2272616b76dff3d8490 and ovirt-vmconsole 1.0.5-1. Tag ready. I just need to make the packages.
Comment 3 Sandro Bonazzola 2018-04-24 15:32:26 UTC 
(In reply to Nikolai Sednev from comment #1)
> Please provide reproduction steps.

This is reproducible by building the RHV-M Appliance and checking the building logs. Effects of the bug are explained in bug #1563737
Comment 7 Michal Skrivanek 2018-04-25 13:26:22 UTC 
in 4.2.3rc3 as https://github.com/oVirt/releng-tools/commit/f5bf96921e0620bc7d4991b0ba87d35b9d200e6d
Comment 9 Nikolai Sednev 2018-05-01 12:47:18 UTC 
Regular Node 0 deployment works for me on these components:
ovirt-engine-4.2.3.3-0.1.el7.noarch
rhvm-appliance-4.2-20180427.0.el7.noarch
ovirt-hosted-engine-setup-2.2.19-1.el7ev.noarch
ovirt-hosted-engine-ha-2.2.11-1.el7ev.noarch
Linux 3.10.0-862.el7.x86_64 #1 SMP Wed Mar 21 18:14:51 EDT 2018 x86_64 x86_64 x86_64 GNU/Linux
Red Hat Enterprise Linux Server release 7.5 (Maipo)

Moving to verified, please reopen if you still see this issue.
Comment 10 Sandro Bonazzola 2018-05-10 06:33:55 UTC 
This bugzilla is included in oVirt 4.2.3 release, published on May 4th 2018.

Since the problem described in this bug report should be
resolved in oVirt 4.2.3 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.
Note You need to log in before you can comment on or make changes to this bug.