Bug 1740421 - selinux is preventing mock-1.4.17-1 from executing RPM scriptlets
Summary: selinux is preventing mock-1.4.17-1 from executing RPM scriptlets
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: mock
Version: 31
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
Assignee: Miroslav Suchý
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-08-12 22:25 UTC by Miro Hrončok
Modified: 2020-05-05 07:17 UTC (History)
15 users (show)

Fixed In Version: mock-1.4.18-1.fc29 mock-1.4.18-1.fc31 mock-1.4.19-1.fc30 mock-1.4.19-1.el8 mock-1.4.19-1.el7 mock-2.0-2.fc30 mock-2.0-2.fc31
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-02-20 04:45:47 UTC
Type: Bug


Attachments (Terms of Use)

Description Miro Hrončok 2019-08-12 22:25:45 UTC
As reported in epel7, f29 and f30 mock updates:

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-b8a4ee539c
https://bodhi.fedoraproject.org/updates/FEDORA-2019-fb9320e658
https://bodhi.fedoraproject.org/updates/FEDORA-2019-2b689a0720

selinux prevents mock-1.4.17-1 from executing shell scriptlets.

The error looks like this:

error: failed to exec scriptlet interpreter /bin/sh: Permission denied
error: %prein(gdb-8.3.50.20190802-21.fc31.x86_64) scriptlet failed, exit status 127

Error in PREIN scriptlet in rpm package gdb
error: gdb-8.3.50.20190802-21.fc31.x86_64: install failed
error: failed to exec scriptlet interpreter /bin/sh: Permission denied
warning: %triggerin(glibc-common-2.30-1.fc31.x86_64) scriptlet failed, exit status 127


Error in <unknown> scriptlet in rpm package gdb
error: failed to exec scriptlet interpreter /bin/sh: Permission denied
warning: %triggerin(info-6.6-2.fc31.x86_64) scriptlet failed, exit status 127</unknown>


Error in <unknown> scriptlet in rpm package gdb
  Running scriptlet: glib2-2.61.1-3.fc31.x86_64                                                                          14/14 
error: failed to exec scriptlet interpreter /bin/sh: Permission denied
warning: %triggerin(glib2-2.61.1-3.fc31.x86_64) scriptlet failed, exit status 127</unknown>


Error in <unknown> scriptlet in rpm package glib2


Or this:


  Running scriptlet: binutils-2.32-23.fc31.x86_64                                                                                                                                                                          22/53 
error: failed to exec scriptlet interpreter /bin/sh: Permission denied
error: %preun(binutils-2.32-23.fc31.x86_64) scriptlet failed, exit status 127

Error in PREUN scriptlet in rpm package binutils
  Erasing          : libssh-config-0.9.0-6.fc31.noarch                                                                                                                                                                     23/53 
error: binutils-2.32-23.fc31.x86_64: erase failed


And the output of sealert is:

$ sealert -l '*'
...
SELinux is preventing dnf from entrypoint access on the file /usr/bin/bash.

*****  Plugin restorecon (99.5 confidence) suggests   ************************

If you want to fix the label. 
/usr/bin/bash default label should be shell_exec_t.
Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly.
Do
# /sbin/restorecon -v /usr/bin/bash

*****  Plugin catchall (1.49 confidence) suggests   **************************

If you believe that dnf should be allowed entrypoint access on the bash file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'dnf' --raw | audit2allow -M my-dnf
# semodule -X 300 -i my-dnf.pp


Additional Information:
Source Context                unconfined_u:unconfined_r:rpm_script_t:s0-s0:c0.c1
                              023
Target Context                unconfined_u:object_r:mock_var_lib_t:s0
Target Objects                /usr/bin/bash [ file ]
Source                        dnf
Source Path                   dnf
Port                          <Unknown>
Host                          carbon
Source RPM Packages           
Target RPM Packages           bash-5.0.7-1.fc30.x86_64
Policy RPM                    selinux-policy-3.14.3-41.fc30.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     carbon
Platform                      Linux carbon 5.1.19-300.fc30.x86_64 #1 SMP Mon Jul
                              22 16:32:45 UTC 2019 x86_64 x86_64
Alert Count                   4
First Seen                    2019-08-10 15:51:55 CEST
Last Seen                     2019-08-10 15:52:09 CEST
Local ID                      7e4896a3-a0f7-41a8-b8a5-ac7622bf68c5

Raw Audit Messages
type=AVC msg=audit(1565445129.101:549): avc:  denied  { entrypoint } for  pid=30796 comm="dnf" path="/usr/bin/bash" dev="dm-1" ino=1728912 scontext=unconfined_u:unconfined_r:rpm_script_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:mock_var_lib_t:s0 tclass=file permissive=0


Hash: dnf,rpm_script_t,mock_var_lib_t,file,entrypoint

SELinux is preventing groupadd from read access on the lnk_file run.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that groupadd should be allowed read access on the run lnk_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'groupadd' --raw | audit2allow -M my-groupadd
# semodule -X 300 -i my-groupadd.pp


Additional Information:
Source Context                unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c102
                              3
Target Context                unconfined_u:object_r:mock_var_lib_t:s0
Target Objects                run [ lnk_file ]
Source                        groupadd
Source Path                   groupadd
Port                          <Unknown>
Host                          carbon
Source RPM Packages           
Target RPM Packages           filesystem-3.10-1.fc30.x86_64
Policy RPM                    selinux-policy-3.14.3-41.fc30.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     carbon
Platform                      Linux carbon 5.1.19-300.fc30.x86_64 #1 SMP Mon Jul
                              22 16:32:45 UTC 2019 x86_64 x86_64
Alert Count                   12
First Seen                    2019-08-10 15:46:58 CEST
Last Seen                     2019-08-10 15:57:42 CEST
Local ID                      c73a2255-ca38-4478-90f1-89e6386c8b9d

Raw Audit Messages
type=AVC msg=audit(1565445462.986:646): avc:  denied  { read } for  pid=2278 comm="groupadd" name="run" dev="dm-1" ino=1710665 scontext=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:mock_var_lib_t:s0 tclass=lnk_file permissive=0


Hash: groupadd,groupadd_t,mock_var_lib_t,lnk_file,read


This makes mock practically unusable once the cache has expired.

Comment 1 Lukas Slebodnik 2019-08-12 22:35:52 UTC
Just a note that AVC is not reproducible with old chroot or new-chroot + bootstrap

mock --rebuild ./python36-3.6.8-1.el7.src.rpm --new-chroot --bootstrap-chroot
mock --rebuild ./python36-3.6.8-1.el7.src.rpm --old-chroot

Comment 2 Lukas Slebodnik 2019-08-12 22:55:04 UTC
There are some AVCs which is not important to allow e.g.

time->Tue Aug 13 00:49:10 2019
type=PROCTITLE msg=audit(1565650150.119:1171): proctitle=75736572616464002D72002D75003831002D67003831002D64002F002D73002F7362696E2F6E6F6C6F67696E002D630053797374656D206D657373616765206275730064627573
type=PATH msg=audit(1565650150.119:1171): item=0 name="/var/run/nscd/socket" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1565650150.119:1171): cwd="/"
type=SOCKADDR msg=audit(1565650150.119:1171): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000684DB810FF7F00000000000000000000E05954A3C17F00001CDD55A3C17F0000008057A3C17F0000366C49A3C17F00000000000000000000056255A3C17F00000100000001000000000000000000
type=SYSCALL msg=audit(1565650150.119:1171): arch=c000003e syscall=42 success=no exit=-13 a0=5 a1=7fff10b84c80 a2=6e a3=0 items=1 ppid=43745 pid=43750 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1565650150.119:1171): avc:  denied  { read } for  pid=43750 comm="useradd" name="run" dev="tmpfs" ino=707512 scontext=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:mock_var_lib_t:s0 tclass=lnk_file permissive=0
----
time->Tue Aug 13 00:49:10 2019
type=PROCTITLE msg=audit(1565650150.119:1172): proctitle=75736572616464002D72002D75003831002D67003831002D64002F002D73002F7362696E2F6E6F6C6F67696E002D630053797374656D206D657373616765206275730064627573
type=PATH msg=audit(1565650150.119:1172): item=0 name="/var/run/nscd/socket" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1565650150.119:1172): cwd="/"
type=SOCKADDR msg=audit(1565650150.119:1172): saddr=01002F7661722F72756E2F6E7363642F736F636B65740000B01B010000000000B02B010000000000B02B0100000000005010000000000000581000000000000000100000000000000200000006000000601C010000000000602C010000000000602C010000000000007265EF45C0
type=SYSCALL msg=audit(1565650150.119:1172): arch=c000003e syscall=42 success=no exit=-13 a0=5 a1=7fff10b84e40 a2=6e a3=7fff10b85464 items=1 ppid=43745 pid=43750 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1565650150.119:1172): avc:  denied  { read } for  pid=43750 comm="useradd" name="run" dev="tmpfs" ino=707512 scontext=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:mock_var_lib_t:s0 tclass=lnk_file permissive=0

I do not expect nscd running in nspawn container. So donaudit should be enough

Comment 3 Lukas Slebodnik 2019-08-12 22:58:40 UTC
Others are tricky as well

time->Tue Aug 13 00:49:09 2019
type=PROCTITLE msg=audit(1565650149.417:1131): proctitle=67726F7570616464002D720072656E646572
type=PATH msg=audit(1565650149.417:1131): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=717012 dev=00:31 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=
NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(1565650149.417:1131): item=0 name="/sbin/groupadd" inode=719500 dev=00:31 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:groupadd_exec_t:s0 nametype=NORMA
L cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1565650149.417:1131): cwd="/"
type=EXECVE msg=audit(1565650149.417:1131): argc=3 a0="groupadd" a1="-r" a2="render"
type=SYSCALL msg=audit(1565650149.417:1131): arch=c000003e syscall=59 success=yes exit=0 a0=562899da07f0 a1=562899da0810 a2=562899d9cdf0 a3=1b6 items=2 ppid=43704 pid=43715 auid=1000 uid=
0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="groupadd" exe="/usr/sbin/groupadd" subj=unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1565650149.417:1131): avc:  denied  { write } for  pid=43715 comm="groupadd" path="/dev/null" dev="tmpfs" ino=709645 scontext=unconfined_u:unconfined_r:groupadd_t:s0-s0
:c0.c1023 tcontext=unconfined_u:object_r:mock_var_lib_t:s0 tclass=chr_file permissive=0
type=AVC msg=audit(1565650149.417:1131): avc:  denied  { write } for  pid=43715 comm="groupadd" path="/dev/null" dev="tmpfs" ino=709645 scontext=unconfined_u:unconfined_r:groupadd_t:s0-s0
:c0.c1023 tcontext=unconfined_u:object_r:mock_var_lib_t:s0 tclass=chr_file permissive=0

time->Tue Aug 13 00:49:09 2019
type=PROCTITLE msg=audit(1565650149.427:1147): proctitle=75736572616464002D72002D6C002D670073797374656D642D636F726564756D70002D64002F002D73002F7362696E2F6E6F6C6F67696E002D630073797374656D
6420436F72652044756D7065720073797374656D642D636F726564756D70
type=PATH msg=audit(1565650149.427:1147): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=717012 dev=00:31 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=
NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(1565650149.427:1147): item=0 name="/sbin/useradd" inode=719511 dev=00:31 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:useradd_exec_t:s0 nametype=NORMAL 
cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1565650149.427:1147): cwd="/"
type=EXECVE msg=audit(1565650149.427:1147): argc=12 a0="useradd" a1="-r" a2="-l" a3="-g" a4="systemd-coredump" a5="-d" a6="/" a7="-s" a8="/sbin/nologin" a9="-c" a10=73797374656D6420436F72
652044756D706572 a11="systemd-coredump"
type=SYSCALL msg=audit(1565650149.427:1147): arch=c000003e syscall=59 success=yes exit=0 a0=562899da1690 a1=562899da0870 a2=562899d9cdf0 a3=1b6 items=2 ppid=43704 pid=43721 auid=1000 uid=
0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1565650149.427:1147): avc:  denied  { write } for  pid=43721 comm="useradd" path="/dev/null" dev="tmpfs" ino=709645 scontext=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:mock_var_lib_t:s0 tclass=chr_file permissive=0
type=AVC msg=audit(1565650149.427:1147): avc:  denied  { write } for  pid=43721 comm="useradd" path="/dev/null" dev="tmpfs" ino=709645 scontext=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:mock_var_lib_t:s0 tclass=chr_file permissive=0

/dev/null has fcontext mock_var_lib_t because of container :-)

Comment 4 Ben Cotton 2019-08-13 16:58:23 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle.
Changing version to '31'.

Comment 5 Ben Cotton 2019-08-13 17:03:59 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle.
Changing version to 31.

Comment 6 Pavel Raiskup 2019-08-19 13:30:14 UTC
IMO this is caused by [1], namely:


```patch
-            FileSystemMountPoint(filetype='sysfs',
-                                 device='mock_chroot_sys',
-                                 path=rootObj.make_chroot_path('/sys')),
+            # Instead of mounting a fresh sysfs, we bind mount /sys.
+            # This avoids problems with kernel restrictions if running within a
+            # user namespace, and is pretty much identical otherwise. The
+            # bind mount additionally needs to be recursive, because the
+            # kernel forbids mounts that might reveal parts of /sys that
+            # a container runtime overmounted to hide from the container.
+            BindMountPoint(srcpath='/sys',
+                           bindpath=rootObj.make_chroot_path('/sys'),
+                           recursive=True,
+                           options="nodev,noexec,nosuid,readonly"),
```

It seems like the groupadd utility behaves differently when called from
`dnf --installroot` when the /sys is bindmounted instead of mounted
(because the chroot directory has the same selinux labels as before, same as
the processes have).

Owen, any idea?

[1] https://github.com/rpm-software-management/mock/pull/234

Comment 7 Miroslav Suchý 2019-08-19 14:34:24 UTC
Fixed in:
* 964235a (HEAD -> devel, origin/devel, origin/HEAD) enable selinux plugin for nspawn [RHBZ#1740421]

You can try it from:
https://copr.fedorainfracloud.org/coprs/g/mock/mock/

Comment 8 Owen Taylor 2019-08-19 15:43:52 UTC
Thanks for the fix, msuchy!

I think what happened is that previously when a *new* sys was mounted, /sys/fs/selinux wasn't present in the chroot, so the libselinux code that looks for it didn't find it, but with the recursive bind mount of /sys, /sys/fs/selinux was now there for the chroot install.

I'm suspecting that the code in the selinux plugin that overmounts /proc/filesystems is actually not doing anything - since libselinux checks for /sys/fs/selinux *before* it checks /proc/filesystems and looks through the mount table. Perhaps the --setopt=tsflags=nocontexts is sufficient by itself? If there are residual problems, it might be necessary to overmount /sys/fs/selinux to hide it.

Comment 9 Pavel Raiskup 2019-08-20 13:34:54 UTC
The fix doesn't seem to be complete...   I tried epel-7-x86_64 chroot with
this srpm [1], and it still has problems, even though a bit later -- when
processing BuildRequires.  The AVC I get is:

  type=AVC msg=audit(1566307102.34:2069): avc:  denied  { entrypoint } for
  pid=15145 comm="yum-builddep" path="/usr/bin/bash" dev="tmpfs" ino=1844013
  scontext=unconfined_u:unconfined_r:rpm_script_t:s0-s0:c0.c1023
  tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file

This happens both with having `/usr/bin/yum-deprecated` or `/usr/bin/yum`
available on my F30 box, but it is much more apparent if yum-deprecated
is used.  Btw., the build continues (in my case), but AVCs keep showing up.

[1] https://kojipkgs.fedoraproject.org//packages/tar/1.32/2.fc31/src/tar-1.32-2.fc31.src.rpm

Comment 10 Pavel Raiskup 2019-08-20 13:36:42 UTC
Also this (when /bin/yum, which is from dnf-yum.rpm, is used):

    type=AVC msg=audit(1566308151.761:2142): avc:  denied  { read } for
    pid=1220 comm="systemd-machine" name="/" dev="tmpfs" ino=2005811
    scontext=system_u:system_r:systemd_machined_t:s0
    tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=0

Comment 11 Pavel Raiskup 2019-08-22 10:17:30 UTC
Something like this could help:
https://github.com/rpm-software-management/mock/pull/315

Comment 12 Fedora Update System 2019-08-27 13:05:46 UTC
FEDORA-2019-0b43d7a848 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-0b43d7a848

Comment 13 Fedora Update System 2019-08-27 13:05:46 UTC
FEDORA-2019-f04222503c has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-f04222503c

Comment 14 Fedora Update System 2019-08-27 13:05:54 UTC
FEDORA-2019-21420476c0 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-21420476c0

Comment 15 Fedora Update System 2019-08-27 13:05:55 UTC
FEDORA-EPEL-2019-047f59dd65 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-047f59dd65

Comment 16 Fedora Update System 2019-08-27 13:06:03 UTC
FEDORA-EPEL-2019-09b55870bc has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-09b55870bc

Comment 17 Fedora Update System 2019-08-29 21:01:16 UTC
mock-1.4.18-1.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-f04222503c

Comment 18 Fedora Update System 2019-08-29 22:23:50 UTC
mock-1.4.18-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-047f59dd65

Comment 19 Fedora Update System 2019-08-30 00:04:14 UTC
mock-1.4.18-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-21420476c0

Comment 20 Fedora Update System 2019-08-30 00:25:21 UTC
mock-1.4.18-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-0b43d7a848

Comment 21 Fedora Update System 2019-08-30 01:38:47 UTC
mock-1.4.18-1.el8 has been pushed to the Fedora EPEL 8 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-09b55870bc

Comment 22 Fedora Update System 2019-09-06 12:58:38 UTC
mock-1.4.18-1.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.

Comment 23 Fedora Update System 2019-09-10 15:04:28 UTC
FEDORA-EPEL-2019-dc67f1a15b has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-dc67f1a15b

Comment 24 Fedora Update System 2019-09-10 15:04:35 UTC
FEDORA-EPEL-2019-48d5120c58 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-48d5120c58

Comment 25 Fedora Update System 2019-09-10 15:04:45 UTC
FEDORA-2019-26635f4002 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-26635f4002

Comment 26 Fedora Update System 2019-09-11 02:59:09 UTC
mock-1.4.19-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-26635f4002

Comment 27 Fedora Update System 2019-09-11 04:20:16 UTC
mock-1.4.19-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-48d5120c58

Comment 28 Fedora Update System 2019-09-11 06:07:22 UTC
mock-1.4.19-1.el8 has been pushed to the Fedora EPEL 8 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-dc67f1a15b

Comment 29 Fedora Update System 2019-09-14 00:06:04 UTC
mock-1.4.18-1.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.

Comment 30 Fedora Update System 2019-09-14 16:30:28 UTC
mock-1.4.18-1.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.

Comment 31 Fedora Update System 2019-09-19 01:30:15 UTC
mock-1.4.19-1.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.

Comment 32 Fedora Update System 2019-09-26 00:08:57 UTC
mock-1.4.19-1.el8 has been pushed to the Fedora EPEL 8 stable repository. If problems still persist, please make note of it in this bug report.

Comment 33 Fedora Update System 2019-09-26 03:08:09 UTC
mock-1.4.19-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.

Comment 34 Paul Howarth 2019-10-03 06:51:35 UTC
Getting this on Fedora 30 builder with CentOS 7 target:

...
Error in POSTIN scriptlet in rpm package gettext-libs
error: failed to exec scriptlet interpreter /bin/sh: Permission denied
warning: %post(gettext-0.19.8.1-2.el7.x86_64) scriptlet failed, exit status 127

Error in POSTIN scriptlet in rpm package gettext
error: failed to exec scriptlet interpreter /sbin/ldconfig: Permission denied
warning: %post(libnetfilter_conntrack-1.0.6-1.el7_3.x86_64) scriptlet failed, exit status 127

Error in POSTIN scriptlet in rpm package libnetfilter_conntrack
error: failed to exec scriptlet interpreter /bin/sh: Permission denied
error: %prein(iptables-1.4.21-33.el7.x86_64) scriptlet failed, exit status 127

Error in PREIN scriptlet in rpm package iptables
error: iptables-1.4.21-33.el7.x86_64: install failed

error: failed to exec scriptlet interpreter /sbin/ldconfig: Permission denied
warning: %post(libgusb-0.2.9-1.el7.x86_64) scriptlet failed, exit status 127
...
lots more

This is with mock-1.4.19-1.fc30.

Comment 35 Brian J. Murrell 2019-10-22 13:17:31 UTC
Yes, also seeing on Fedora 30 with mock-1.4.20-1.fc30.noarch.

Do we need to reopen this ticket?

Comment 36 Paul Howarth 2019-10-22 13:28:23 UTC
This change seems to fix it for me:

https://github.com/rpm-software-management/mock/commit/69a85004fe2aa73f85abd82c0d74f68d8398edf9

Comment 37 Brian J. Murrell 2019-10-22 14:05:53 UTC
Yes, that seems to fix it for me too.

Comment 38 Michael Hampton 2019-10-25 18:19:00 UTC
Still not resolved in mock 1.4.20-1.fc30. The patch linked in comment #36 also resolves the issue for me, though.

Comment 39 Fedora Update System 2020-02-08 16:50:24 UTC
FEDORA-EPEL-2020-56dcc5ffbf has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-56dcc5ffbf

Comment 40 Fedora Update System 2020-02-08 16:51:05 UTC
FEDORA-2020-4ab9c18a6a has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2020-4ab9c18a6a

Comment 41 Fedora Update System 2020-02-08 16:51:18 UTC
FEDORA-2020-8c3f06d776 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-8c3f06d776

Comment 42 Fedora Update System 2020-02-09 01:20:49 UTC
mock-2.0-2.fc31, mock-core-configs-32.1-1.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-8c3f06d776

Comment 43 Fedora Update System 2020-02-09 01:35:52 UTC
mock-2.0-2.el8, mock-core-configs-32.1-1.el8 has been pushed to the Fedora EPEL 8 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-4f9536de5b

Comment 44 Fedora Update System 2020-02-09 01:43:43 UTC
mock-2.0-2.fc30, mock-core-configs-32.1-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-4ab9c18a6a

Comment 45 Fedora Update System 2020-02-09 01:47:53 UTC
mock-2.0-2.el7, mock-core-configs-32.1-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-56dcc5ffbf

Comment 46 Fedora Update System 2020-02-20 04:45:47 UTC
mock-2.0-2.fc30, mock-core-configs-32.1-1.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.

Comment 47 Fedora Update System 2020-02-20 05:03:20 UTC
mock-2.0-2.fc31, mock-core-configs-32.1-1.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.

Comment 48 Fedora Update System 2020-02-20 09:23:18 UTC
FEDORA-EPEL-2020-4f9536de5b has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-4f9536de5b

Comment 49 Fedora Update System 2020-02-20 09:23:58 UTC
FEDORA-EPEL-2020-56dcc5ffbf has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-56dcc5ffbf

Comment 50 Fedora Update System 2020-02-21 01:54:58 UTC
mock-2.0-2.el8, mock-core-configs-32.2-1.el8 has been pushed to the Fedora EPEL 8 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-4f9536de5b

Comment 51 Fedora Update System 2020-02-21 01:55:48 UTC
mock-2.0-2.el7, mock-core-configs-32.2-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-56dcc5ffbf

Comment 52 Fedora Update System 2020-02-21 19:45:40 UTC
FEDORA-EPEL-2020-4f9536de5b has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-4f9536de5b

Comment 53 Fedora Update System 2020-02-21 19:46:22 UTC
FEDORA-EPEL-2020-56dcc5ffbf has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-56dcc5ffbf

Comment 54 Fedora Update System 2020-02-22 01:37:33 UTC
mock-2.0-2.el7, mock-core-configs-32.3-2.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-56dcc5ffbf

Comment 55 Fedora Update System 2020-02-22 02:36:31 UTC
mock-2.0-2.el8, mock-core-configs-32.3-2.el8 has been pushed to the Fedora EPEL 8 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-4f9536de5b

Comment 56 Fedora Update System 2020-03-11 09:40:16 UTC
FEDORA-EPEL-2020-88ef4b4d66 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-88ef4b4d66

Comment 57 Fedora Update System 2020-03-12 22:25:35 UTC
mock-2.1-1.el8, mock-core-configs-32.4-1.el8 has been pushed to the Fedora EPEL 8 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-5a84e15907

Comment 58 Fedora Update System 2020-03-12 23:31:51 UTC
mock-2.1-1.el7, mock-core-configs-32.4-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-88ef4b4d66

Comment 59 Fedora Update System 2020-03-26 16:23:33 UTC
FEDORA-EPEL-2020-88ef4b4d66 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-88ef4b4d66

Comment 60 Fedora Update System 2020-03-27 08:01:53 UTC
FEDORA-EPEL-2020-5a84e15907 has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-5a84e15907

Comment 61 Fedora Update System 2020-03-27 13:23:03 UTC
FEDORA-EPEL-2020-5a84e15907 has been pushed to the Fedora EPEL 8 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-5a84e15907

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 62 Fedora Update System 2020-03-27 13:39:55 UTC
FEDORA-EPEL-2020-88ef4b4d66 has been pushed to the Fedora EPEL 7 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-88ef4b4d66

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 63 Fedora Update System 2020-04-02 07:53:25 UTC
FEDORA-EPEL-2020-5a84e15907 has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-5a84e15907

Comment 64 Fedora Update System 2020-04-02 07:54:46 UTC
FEDORA-EPEL-2020-88ef4b4d66 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-88ef4b4d66

Comment 65 Fedora Update System 2020-04-03 20:19:45 UTC
FEDORA-EPEL-2020-5a84e15907 has been pushed to the Fedora EPEL 8 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-5a84e15907

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 66 Fedora Update System 2020-04-03 21:18:15 UTC
FEDORA-EPEL-2020-88ef4b4d66 has been pushed to the Fedora EPEL 7 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-88ef4b4d66

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 67 Fedora Update System 2020-05-05 05:46:20 UTC
FEDORA-EPEL-2020-5a84e15907 has been pushed to the Fedora EPEL 8 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 68 Fedora Update System 2020-05-05 07:17:18 UTC
FEDORA-EPEL-2020-88ef4b4d66 has been pushed to the Fedora EPEL 7 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.