Bug 185594 - rpm and/or up2date not installing some packages with %pre or %post scriptlets and selinux enabled
Summary: rpm and/or up2date not installing some packages with %pre or %post scriptlets...
Keywords:
Status: CLOSED CANTFIX
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: rpm
Version: 4.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Paul Nasrat
QA Contact: Mike McLean
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-03-16 00:15 UTC by Marcelo Giles
Modified: 2007-11-30 22:07 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-08-08 22:21:23 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
CLI output from up2date and rpm commands (2.33 KB, text/plain)
2006-03-16 00:15 UTC, Marcelo Giles
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 148922 0 medium CLOSED Error messages during upgrade from RHEL 4 to RHEL 4 U1 2021-02-22 00:41:40 UTC
Red Hat Bugzilla 149499 0 medium CLOSED RPM scriptlets fail when they try to run chkconfig --add/--del with selinux targetted mode 2021-02-22 00:41:40 UTC
Red Hat Bugzilla 158392 0 medium CLOSED yum misreports update errors 2021-02-22 00:41:40 UTC

Description Marcelo Giles 2006-03-16 00:15:01 UTC
Description of problem:

This happened when I was running up2date on my system.

After downloading and updating most of the new packages present in RHEL ES 4 U3,
up2date finished with some errors. Running up2date again, just to verify, showed
that several packages were indeed not installed.

After several more attempts with up2date, I downloaded some of the packages from
RHN and tried to install them individually using rpm, but this failed, too.

I found this RH mailing list thread where they mention almost the same problem.
https://www.redhat.com/archives/redhat-list/2005-October/msg00281.html and state
that if selinux was disabled, up2date and/or rpm should work as expected.
 

Steps to Reproduce:

1) run up2date to update to download and install new packages.
2) run rpm to install packages

Actual Results:

Both up2date and rpm failed to install some packages (selinux was enabled,
permissive mode).

See attached file for details (for the sake of brevity, I illustrated the case
with one package: diskdumputils).

Expected Results:

Both up2date and rpm shuld have been able to install these packages with selinux
enabled.

Additional info:

I enabled selinux some time AFTER the system's initial installation. Maybe this
is not an issue with systems installed with selinux enabled from the start.

Comment 1 Marcelo Giles 2006-03-16 00:15:01 UTC
Created attachment 126180 [details]
CLI output from up2date and rpm commands

Comment 2 Paul Nasrat 2006-03-16 15:45:42 UTC
Where there any related avc messages?

If you are a Red Hat Enterprise Linux customer and have an active support
entitlement, you should also log the call with support, to be properly tracked.
 See the https://bugzilla.redhat.com/ homepage for more details.

Comment 3 Marcelo Giles 2006-03-16 18:27:57 UTC
No avc messages at all.


Comment 4 Todd Weaver 2006-04-05 16:10:08 UTC
I recently had a very similar issue, up2date would not install updates and rpm
would not install or remove anything unless the --noscripts flag was set. 
SELinux was disabled in /etc/selinux/config but the problem persisted.

I finally narrowed the problem down to a kernel option, enforcing=0 in my
grub.conf.  After removing this all is well again.

Hope someone can use this info because I was banging my head for a day or so to
figure it out.

Comment 5 Jeff Johnson 2006-08-08 04:55:57 UTC
If "enforcing=0" in grub.conf fixed a problem, then the up2date/rpm failure was due to SELinux,
probably bad policy.

Comment 6 Paul Nasrat 2006-08-08 22:21:23 UTC
Without avc errors we can't really diagnose this.  If you enabled selinux post
install you would have needed to do a full relabel and reboot.  Closing.

If you have additional information to add to this bug please reopen and update.

Comment 7 Adam Thompson 2007-03-05 02:16:28 UTC
Bizarre...

I can confirm the exact same behaviour in RHEL4.4, and also in CentOS 4.4 (for 
what that's worth).  Don't have a current support contract for RHEL, so can't 
open a ticket there.  

Even weirder - on the CentOS system, I have 7 boxes that are *exact* clones of 
each other (i.e. used disk duplication, same IBM server hardware).  One of them 
is on production, the other 6 are sitting idle.

Only *ONE* of them (an idle system!) is having these problems.  Spontaneously.  
One thing did happen differently on this system, now that I think about it - I 
used tar(1) to re-copy a bunch of files (I was testing some automation scripts) 
in the root filesystem.  The RHEL4 system has had all sorts of things happen to 
it over time, and I would expect that selinux labels could very well be not 
100% correct (it's a test box).

Does GNU tar, as shipped, understand SELinux labels?

And, more importantly, why would that matter with SELinux disabled???

Is this really an RPM bug, a tar bug, an selinux bug, or something else 
altogether?

... I've just tried relabeling the CentOS box, that didn't change anything.  
(Of course, with SELinux disabled, it shouldn't!)


Comment 8 Adam Thompson 2007-03-05 02:18:25 UTC
(adding myself to CC list)


Note You need to log in before you can comment on or make changes to this bug.