Description of problem: I've been seeing things like this for a while on dnf upgrade: Running scriptlet: selinux-policy-3.14.3-46.fc30.noarch 14/374 libsemanage.semanage_direct_get_module_info: Unable to read ceph module lang ext file. semodule: Failed! and Running scriptlet: flatpak-selinux-1.4.3-1.fc30.x86_64 38/374 libsemanage.semanage_direct_get_module_info: Unable to read ceph module lang ext file. libsemanage.semanage_direct_get_module_info: Unable to read ceph module lang ext file. libsemanage.semanage_direct_get_module_info: Unable to read ceph module lang ext file. /usr/sbin/semodule: Failed on /usr/share/selinux/packages/flatpak.pp.bz2! Version-Release number of selected component (if applicable): libsemanage-2.9-1.fc30.x86_64 How reproducible: Happens on a couple RPMs each week during dnf upgrade. Steps to Reproduce: 1. dnf upgrade Additional info: recently had some problems with selinux producing large numbers of AVCs, possibly due to hardware issues messing up the installed policy. After recent policy update, very few AVCs are left, but I wonder if there may still be issues with some policies. Are these errors during RPM update something to be worried about? Is this normal?
It looks like your SELinux module store is broken due to some hw/fs issues. Most likely you have a directory /var/lib/selinux/targeted/active/modules/400/ceph with empty files. If this is the only problem, you should be able to fix it using the following commands: # dnf reinstall ceph-selinux or manually using: # mv /var/lib/selinux/targeted/active/modules/400/ceph /root/backup/ceph-module # semodule -i /usr/share/selinux/packages/ceph.pp
Thanks Petr. Here's what I get... Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Reinstalling : ceph-selinux-2:14.2.3-1.fc30.x86_64 1/2 Running scriptlet: ceph-selinux-2:14.2.3-1.fc30.x86_64 1/2 libsemanage.semanage_direct_get_module_info: Unable to read ceph module lang ext file. libsemanage.semanage_direct_get_module_info: Unable to read pcpupstream module lang ext file. (No such file or directory). libsemanage.semanage_direct_get_module_info: Unable to read pcpupstream module lang ext file. (No such file or directory). /usr/sbin/semodule: Failed on /usr/share/selinux/packages/ceph.pp! Cleanup : ceph-selinux-2:14.2.3-1.fc30.x86_64 2/2 Running scriptlet: ceph-selinux-2:14.2.3-1.fc30.x86_64 2/2 Verifying : ceph-selinux-2:14.2.3-1.fc30.x86_64 1/2 Verifying : ceph-selinux-2:14.2.3-1.fc30.x86_64 2/2 Reinstalled: ceph-selinux-2:14.2.3-1.fc30.x86_64 Complete!
Okay, you were right, the active ceph stuff was empty, so I moved that directory to a backup location. But, when I tried to semanage install it, again, from /usr/share/... it failed complaining about pcpupstream module. libsemanage.semanage_direct_get_module_info: Unable to read pcpupstream module lang ext file. libsemanage.semanage_direct_get_module_info: Unable to read pcpupstream module lang ext file. (No such file or directory). libsemanage.semanage_direct_get_module_info: Unable to read pcpupstream module lang ext file. (No such file or directory). I'm not sure what to do.
Apparently there's a bunch of problems. The simplest way would be to reinstall selinux-policy-targeted: # dnf reinstall selinux-policy-targeted or # mv /var/lib/selinux/targeted /root/targeted.backup # dnf reinstall selinux-policy-targeted and you might want to install modules - .pp or .pp.bz2 - from /usr/share/selinux/packages Anyway, this is clearly a broken system problem and not a bug.