1756835 – Error "Unable to read ceph module lang ext file" during multiple RPM installs

Bug 1756835 - Error "Unable to read ceph module lang ext file" during multiple RPM installs

Summary: Error "Unable to read ceph module lang ext file" during multiple RPM installs

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	libsemanage
Sub Component:
Version:	30
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Petr Lautrbach
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-09-30 04:20 UTC by Paul DeStefano
Modified:	2019-10-07 10:36 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-10-07 10:36:01 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Paul DeStefano 2019-09-30 04:20:08 UTC

Description of problem:
I've been seeing things like this for a while on dnf upgrade:

  Running scriptlet: selinux-policy-3.14.3-46.fc30.noarch   14/374
libsemanage.semanage_direct_get_module_info: Unable to read ceph module lang ext file.
semodule:  Failed!

and

  Running scriptlet: flatpak-selinux-1.4.3-1.fc30.x86_64     38/374
libsemanage.semanage_direct_get_module_info: Unable to read ceph module lang ext file.
libsemanage.semanage_direct_get_module_info: Unable to read ceph module lang ext file.
libsemanage.semanage_direct_get_module_info: Unable to read ceph module lang ext file.
/usr/sbin/semodule:  Failed on /usr/share/selinux/packages/flatpak.pp.bz2!


Version-Release number of selected component (if applicable):
libsemanage-2.9-1.fc30.x86_64

How reproducible:
Happens on a couple RPMs each week during dnf upgrade.

Steps to Reproduce:
1. dnf upgrade


Additional info:
recently had some problems with selinux producing large numbers of AVCs, possibly due to hardware issues messing up the installed policy.  After recent policy update, very few AVCs are left, but I wonder if there may still be issues with some policies.

Are these errors during RPM update something to be worried about? Is this normal?

Comment 1 Petr Lautrbach 2019-09-30 07:18:45 UTC

It looks like your SELinux module store is broken due to some hw/fs issues.

Most likely you have a directory /var/lib/selinux/targeted/active/modules/400/ceph with empty files. If this is the only problem, you should be able to fix it using the following commands:

# dnf reinstall ceph-selinux

or manually using:

# mv /var/lib/selinux/targeted/active/modules/400/ceph /root/backup/ceph-module

# semodule -i /usr/share/selinux/packages/ceph.pp

Comment 2 Paul DeStefano 2019-10-01 04:49:20 UTC

Thanks Petr.  Here's what I get...

Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                     1/1 
  Reinstalling     : ceph-selinux-2:14.2.3-1.fc30.x86_64                                                                                                                                 1/2 
  Running scriptlet: ceph-selinux-2:14.2.3-1.fc30.x86_64                                                                                                                                 1/2 
libsemanage.semanage_direct_get_module_info: Unable to read ceph module lang ext file.
libsemanage.semanage_direct_get_module_info: Unable to read pcpupstream module lang ext file. (No such file or directory).
libsemanage.semanage_direct_get_module_info: Unable to read pcpupstream module lang ext file. (No such file or directory).
/usr/sbin/semodule:  Failed on /usr/share/selinux/packages/ceph.pp!

  Cleanup          : ceph-selinux-2:14.2.3-1.fc30.x86_64                                                                                                                                 2/2 
  Running scriptlet: ceph-selinux-2:14.2.3-1.fc30.x86_64                                                                                                                                 2/2 
  Verifying        : ceph-selinux-2:14.2.3-1.fc30.x86_64                                                                                                                                 1/2 
  Verifying        : ceph-selinux-2:14.2.3-1.fc30.x86_64                                                                                                                                 2/2 

Reinstalled:
  ceph-selinux-2:14.2.3-1.fc30.x86_64                                                                                                                                                        

Complete!

Comment 3 Paul DeStefano 2019-10-07 04:17:57 UTC

Okay, you were right, the active ceph stuff was empty, so I moved that directory to a backup location.  But, when I tried to semanage install it, again, from /usr/share/... it failed complaining about pcpupstream module.

libsemanage.semanage_direct_get_module_info: Unable to read pcpupstream module lang ext file.
libsemanage.semanage_direct_get_module_info: Unable to read pcpupstream module lang ext file. (No such file or directory).
libsemanage.semanage_direct_get_module_info: Unable to read pcpupstream module lang ext file. (No such file or directory).

I'm not sure what to do.

Comment 4 Petr Lautrbach 2019-10-07 10:36:01 UTC

Apparently there's a bunch of problems. The simplest way would be to reinstall selinux-policy-targeted:

# dnf reinstall selinux-policy-targeted

or 

# mv /var/lib/selinux/targeted /root/targeted.backup

# dnf reinstall selinux-policy-targeted

and you might want to install modules - .pp or .pp.bz2 - from /usr/share/selinux/packages

Anyway, this is clearly a broken system problem and not a bug.

Note You need to log in before you can comment on or make changes to this bug.