Description of problem: Running up2date as a normal user will bring up consolehelper. consolehelper contains "ROLE=sysadm_r". This has been removed in U2. The result is that scriplets fail when trying to restart services. Version-Release number of selected component (if applicable): How reproducible: 100% Steps to Reproduce: 1. Run up2date on a U1 system as a regular user 2. Enter root password when consolehelper requests it 3. Wait and watch. Actual results: error: %postun(at-3.1.8-60.x86_64) scriptlet failed, exit status 126 error: %postun(dbus-0.22-12.EL.2.i386) scriptlet failed, exit status 126 error: %postun(dbus-0.22-12.EL.2.x86_64) scriptlet failed, exit status 126 error: %postun(iiimf-server-12.1-13.EL.x86_64) scriptlet failed, exit status 126/var/tmp/rpm-tmp.46816: /etc/rc.d/init.d/rpcidmapd: /bin/bash: bad interpreter:Permission denied /var/tmp/rpm-tmp.46816: /etc/rc.d/init.d/rpcgssd: /bin/bash: bad interpreter: Permission denied /var/tmp/rpm-tmp.46816: /etc/rc.d/init.d/rpcsvcgssd: /bin/bash: bad interpreter: Permission denied /var/tmp/rpm-tmp.46816: /etc/rc.d/init.d/nfs: /bin/sh: bad interpreter: Permission denied error: %postun(nfs-utils-1.0.6-46.x86_64) scriptlet failed, exit status 126 error: %postun(samba-3.0.10-1.4E.x86_64) scriptlet failed, exit status 126 error: %postun(vixie-cron-4.1-20_EL.x86_64) scriptlet failed, exit status 126 error: %postun(xinetd-2.3.13-4.4E.x86_64) scriptlet failed, exit status 126 and after: # ps -eZ | grep sysadm root:sysadm_r:unconfined_t 29623 ? 00:00:00 rhnsd root:sysadm_r:unconfined_t 18201 ? 00:00:00 sshd root:sysadm_r:unconfined_t 405 ? 00:00:00 sshd Expected results: Joy, happiness, and world peace. And properly restarted services. Additional info: dmesg and full up2date transcript available upon request, but this is pretty straight forward.
Above should read /etc/security/console.apps/up2date contains "ROLE=sysadm_r".
Added role sysadm_r types initrc_t which will allow rpm to run init scripts. Policy update in -1.17.30-2.115
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2006-0049.html