From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20051215 Fedora/1.7.12-3 Description of problem: Running pup (now combined in the pirut rpm) from a gnome-terminal as user and giving the password for root at the pop-up GUI prompt, the above scriptlet error was encountered. A previous bug was filed https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177262 This bug was maked as resolved, but the scriptlet shows this problem still being a problem. The closure for the bug is probably due to my failure to query the rpm database before reporting an all is well. This bug is a continuation of the bug previously mentioned, but refiled to track with pirut. Version-Release number of selected component (if applicable): pam-0.99.2.1-3 pirut-0.9.4-1 selinux-policy-targeted-2.1.10-1 How reproducible: Always Steps to Reproduce: 1. open gnome-terminal 2. enter pup in terminal 3. enter password in GUI prompt requesting password 4. complete update 5. check rpm database for results from transaction Actual Results: %post and %pre scriptlet errors encountered which prevent package installation on %pre and leave trails of multirevision packages on %post errors. last transaction resulted in below output in terminal. [jim@cornette-lt ~]$ pup error: %post(lirc-0.8.0-0.2.pre4.fc5.i386) scriptlet failed, exit status 255 Expected Results: The packages should have installed properly. Additional info: I am pretty certain that this is an SELinux policy issue that needs to be adjusted. This error was seen before when policies needed adjustment. With SELinux completely disabled, no %pre or %post scriptlet errors encountered using the above steps.
removing the db entry for lirc-0.8.0-0.2.pre4.fc5 and running from a root terminal resulted in the same error. Authentication does not seem to be an influence
pup error: %post(lirc-0.8.0-0.2.pre4.fc5.i386) scriptlet failed, exit status 255 [root@cornette-lt packages]# rpm -e --justdb lirc-0.8.0-0.2.pre4.fc5 [root@cornette-lt packages]# setenforce 0 [root@cornette-lt packages]# pup [root@cornette-lt packages]# rpm -q lirc lirc-0.8.0-0.2.pre4.fc5 It seems to be SELinux. Setenforce 0 resolves issue.
Created attachment 123228 [details] grepped denied errors from audit.log This is an audit log containing errors experienced with denials.
df Filesystem 1K-blocks Used Available Use% Mounted on /dev/hda2 16425032 6194320 9382884 40% / /dev/hda1 101086 12237 83630 13% /boot /dev/shm 322352 0 322352 0% /dev/shm /dev/hda3 9920624 1335252 8073304 15% /home /dev/hda6 10605128 291960 9765756 3% /var /dev/hda3 9920624 1335252 8073304 15% /media/disk /home is also mounted as media. Another problem, I guess. Submitted for errors related to /dev/hdx entries.
Changing this bug to selinux related. The below error was just experienced. error: %post(bittorrent-gui-4.2.2-2.fc5.noarch) scriptlet failed, exit status 255
Reassigning bug for SELinux attention and transferring previous assignee to CC. Reason: Pirut and pup seem to work fine with SELinux disabled.
I am still experiencing %post and %pre scriptlet errors with selinux enabled when using pup to update system. Issuing selinux 0 before running pup allows packages to update without scriptlet exit status 255 errors.
Fixed in selinux-policy-2.2.6-1
When upgrading selinux-policy-targeted, I ended up with the below error. Selinux-policy seemed to install without complaint. I have not run in enforcing yet until policy was upgraded. I will try pup with selinux enabled to confirm when package deps are reduced n rawhide. Updating : selinux-policy-targeted ####################### [ 3/12] Traceback (most recent call last): File "/usr/sbin/genhomedircon", line 364, in ? selconf.write() File "/usr/sbin/genhomedircon", line 325, in write fd.write(self.genoutput()) File "/usr/sbin/genhomedircon", line 316, in genoutput ret += self.genHomeDirContext() File "/usr/sbin/genhomedircon", line 265, in genHomeDirContext users = self.getUsers() File "/usr/sbin/genhomedircon", line 210, in getUsers (status, list, lsize) = semanage_seuser_list(self.semanageHandle) NameError: global name 'semanage_seuser_list' is not defined libsemanage.semanage_install_sandbox: genhomedircon returned error code 1. /sbin/restorecon reset /usr/bin/rhgb context system_u:object_r:bin_t->system_u:object_r:xdm_exec_t
Yes an updated policycoreutils went in about the same time as an update to libsemanage. Unfortunately Rawhide grabbed libsemanage instead of policycoreutils. Will be in the update tonight.
Reporting back on actually using pup with selinux active, I updates a few packages and they installed without any trouble with %post or %pre scriptlets. The overall dep conflicts are higher than normal to be able to update many packages. The test was with only a few packages. Regrding the error in the terminal output, it did not look like something outputted by design. I figured I'd report the error since it seemed to relate to SELinux. Thanks for the reason behind the error output generation.
Updating to this morning's rawhide (going from selinux-policy-targeted-2.1.9-2.noarch to selinux-policy-targeted-2.2.8-1.noarch), I got just the same error that was described in comment #9: Updating : selinux-policy-targeted ################### [ 503/1171] Traceback (most recent call last): File "/usr/sbin/genhomedircon", line 364, in ? selconf.write() File "/usr/sbin/genhomedircon", line 325, in write fd.write(self.genoutput()) File "/usr/sbin/genhomedircon", line 316, in genoutput ret += self.genHomeDirContext() File "/usr/sbin/genhomedircon", line 265, in genHomeDirContext users = self.getUsers() File "/usr/sbin/genhomedircon", line 210, in getUsers (status, list, lsize) = semanage_seuser_list(self.semanageHandle) NameError: global name 'semanage_seuser_list' is not defined libsemanage.semanage_install_sandbox: genhomedircon returned error code 1. Did the fix not get picked up by rawhide? Thanks.
The fix is in policycoreutils-1.29.17-1