Bug 1654773 - can't install a ganesha policy due to conflicts with gluster policy
Summary: can't install a ganesha policy due to conflicts with gluster policy
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 29
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-11-29 16:13 UTC by Kaleb KEITHLEY
Modified: 2019-04-08 01:52 UTC (History)
2 users (show)

Fixed In Version: selinux-policy-3.14.3-14.fc30
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-04-08 01:52:49 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Bugzilla 1639225 None MODIFIED selinux: nfs-ganesha ships its own selinux policy in f30 2019-02-06 09:14:52 UTC
Red Hat Bugzilla 1639227 None None None 2019-02-06 09:14:52 UTC

Internal Links: 1639225 1639227

Description Kaleb KEITHLEY 2018-11-29 16:13:51 UTC
Description of problem:

As an experiment I tried to install a ganesha.pp on my f29 box. It's the same as the one built in nfs-ganesha for f30/rawhide and is based on the downstream ganesha policy files in selinux-policy-3.13.1-229.el7_6.6. (At present this package only installs the ganesha.pp.bz2 at /usr/share/selinux/packages/ganesha.pp.bz2 but does not actually install the policy.

When I tried 

# semodule -X 200 -i /usr/share/selinux/packages/ganesha.pp.bz2
Re-declaration of typealias ganesha_var_log_t
Failed to create node
Bad typealias declaration at /var/lib/selinux/targeted/tmp/modules/100/glusterd/cil:1
semodule:  Failed!


As near as I can make out this is because the gluster policy has some leftover ganesha parts, e.g. this typealias
  typealias glusterd_log_t alias ganesha_var_log_t;
in glusterd.te

Looks like I'd run into the same issue on f30/rawihde.

I see that ganesha bits have been removed in the downstream gluster policy sources.

Version-Release number of selected component (if applicable):

selinux-policy-3.13.1-229.el7_6.6
selinux-policy-3.14.2-43.fc29
selinux-policy-3.14.3-13.fc30
nfs-ganesha-selinux-2.7.1-2.fc30

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Fedora Update System 2019-04-05 17:27:41 UTC
selinux-policy-3.14.2-53.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-bf377d92c7

Comment 2 Fedora Update System 2019-04-06 20:51:01 UTC
selinux-policy-3.14.2-53.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-bf377d92c7

Comment 3 Fedora Update System 2019-04-08 01:52:49 UTC
selinux-policy-3.14.2-53.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.