Bug 2082547 - selinux-policy-targeted post install script fails when NetworkManager is not installed
Summary: selinux-policy-targeted post install script fails when NetworkManager is not ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 36
Hardware: Unspecified
OS: Unspecified
medium
high
Target Milestone: ---
Assignee: Zdenek Pytela
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-05-06 12:02 UTC by Matthew Gyurgyik
Modified: 2022-08-22 09:42 UTC (History)
11 users (show)

Fixed In Version: selinux-policy-36.9-1.fc36 selinux-policy-36.13-3.fc36
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-08-05 01:34:23 UTC
Type: Bug


Attachments (Terms of Use)

Description Matthew Gyurgyik 2022-05-06 12:02:50 UTC
Description of problem: 

The post install script for selinux-policy-targeted fails because it tries to run restorecon on /etc/NetworkManager/dispatcher.d which does not exist when NetworkManager is not installed.

```
  Running scriptlet: selinux-policy-targeted-36.8-1.fc36.noarch                                                                                                                   38/38
/usr/sbin/restorecon: lstat(/etc/NetworkManager/dispatcher.d) failed: No such file or directory
warning: %posttrans(selinux-policy-targeted-36.8-1.fc36.noarch) scriptlet failed, exit status 255

Error in POSTTRANS scriptlet in rpm package selinux-policy-targeted
```

Version-Release number of selected component (if applicable):
selinux-policy-targeted-36.8-1.fc36.noarch



Additional info:

I'm using systemd-networkd and have uninstalled NetworkManager from my system.

Comment 1 Zdenek Pytela 2022-05-06 12:28:54 UTC
Matthew,

Apart from the displayed error message, does also any other problem appear?
Adding the -i switch to restorecon should address this issue, will be a part of the next build.

Comment 2 Matthew Gyurgyik 2022-05-06 12:38:06 UTC
No other problems, the update completed successfully beside the above errors. The restorecon command is the last command in the post install script, so the "failure" shouldn't be impactful. Adding the -i switch seems reasonable.

Just for good measure, here is the about of restorecon with -i on my system.

[root@ink ~]# /usr/sbin/restorecon -Ri /usr/lib/sysimage/rpm /var/lib/rpm /etc/NetworkManager/dispatcher.d; echo $?
0

Comment 3 Zdenek Pytela 2022-05-06 15:21:27 UTC
Thanks for confirmation.

Comment 4 scott.robinson55 2022-05-17 12:48:28 UTC
This problem causes a F36 kickstart installation to halt, when NetworkManager is not included.

Comment 5 Zdenek Pytela 2022-05-19 11:27:52 UTC
The build is on the way:
https://src.fedoraproject.org/rpms/selinux-policy/pull-request/282

Comment 6 Fedora Update System 2022-05-19 16:24:32 UTC
FEDORA-2022-148223ef3b has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-148223ef3b

Comment 7 Fedora Update System 2022-05-20 02:54:44 UTC
FEDORA-2022-148223ef3b has been pushed to the Fedora 36 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-148223ef3b`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-148223ef3b

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 8 scott.robinson55 2022-05-22 20:23:09 UTC
The update in testing still halts a kickstart install. packaging.log reports a return code of 255.

I tried the following with success:

%{_sbindir}/restorecon -R /usr/lib/sysimage/rpm /var/lib/rpm
if [ -d /etc/NetworkManager/dispatcher.d ]; then
%{_sbindir}/restorecon -R /etc/NetworkManager/dispatcher.d
fi

I don't have a fedora account, so couldn't report in the feedback page.

Comment 9 Fedora Update System 2022-05-28 01:14:51 UTC
FEDORA-2022-148223ef3b has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 10 Villy Kruse 2022-05-29 07:10:22 UTC
Latest result of update selinux-policy:

Running transaction
  Running scriptlet: selinux-policy-targeted-36.9-1.fc36.noarch             1/1
  Preparing        :                                                        1/1
  Upgrading        : selinux-policy-36.9-1.fc36.noarch                      1/4
  Running scriptlet: selinux-policy-36.9-1.fc36.noarch                      1/4
  Running scriptlet: selinux-policy-targeted-36.9-1.fc36.noarch             2/4
  Upgrading        : selinux-policy-targeted-36.9-1.fc36.noarch             2/4
  Running scriptlet: selinux-policy-targeted-36.9-1.fc36.noarch             2/4
  Running scriptlet: selinux-policy-36.8-2.fc36.noarch                      3/4
  Cleanup          : selinux-policy-36.8-2.fc36.noarch                      3/4
  Running scriptlet: selinux-policy-36.8-2.fc36.noarch                      3/4
  Cleanup          : selinux-policy-targeted-36.8-2.fc36.noarch             4/4
  Running scriptlet: selinux-policy-targeted-36.8-2.fc36.noarch             4/4
  Running scriptlet: selinux-policy-targeted-36.9-1.fc36.noarch             4/4
/usr/sbin/restorecon: SELinux: Could not get canonical path for /etc/NetworkManager/dispatcher.d restorecon: No such file or directory.
warning: %posttrans(selinux-policy-targeted-36.9-1.fc36.noarch) scriptlet failed, exit status 255

Error in POSTTRANS scriptlet in rpm package selinux-policy-targeted
  Running scriptlet: selinux-policy-targeted-36.8-2.fc36.noarch             4/4
  Verifying        : selinux-policy-36.9-1.fc36.noarch                      1/4
  Verifying        : selinux-policy-36.8-2.fc36.noarch                      2/4
  Verifying        : selinux-policy-targeted-36.9-1.fc36.noarch             3/4
  Verifying        : selinux-policy-targeted-36.8-2.fc36.noarch             4/4


Even whith the -i option we get an error.
# /usr/sbin/restorecon -Ri /usr/lib/sysimage/rpm /var/lib/rpm /etc/NetworkManager/dispatcher.d
/usr/sbin/restorecon: SELinux: Could not get canonical path for /etc/NetworkManager/dispatcher.d restorecon: No such file or directory.

Comment 11 Fedora Update System 2022-06-30 07:25:37 UTC
FEDORA-2022-fd22b79a84 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-fd22b79a84

Comment 12 Fedora Update System 2022-07-01 02:09:39 UTC
FEDORA-2022-fd22b79a84 has been pushed to the Fedora 36 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-fd22b79a84`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-fd22b79a84

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 13 Fedora Update System 2022-07-16 01:12:39 UTC
FEDORA-2022-320775eb9a has been pushed to the Fedora 36 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-320775eb9a`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-320775eb9a

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 14 Fedora Update System 2022-08-04 02:41:41 UTC
FEDORA-2022-139ec288ca has been pushed to the Fedora 36 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-139ec288ca`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-139ec288ca

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 15 Fedora Update System 2022-08-05 01:34:23 UTC
FEDORA-2022-139ec288ca has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 16 Villy Kruse 2022-08-21 09:36:31 UTC
You still get the error if /etc/NetworkManager does not exist -- even with the -i option

  Cleanup          : selinux-policy-targeted-36.14-1.fc36.noarch                             6/6 
  Running scriptlet: selinux-policy-targeted-36.14-1.fc36.noarch                             6/6 
/usr/sbin/restorecon: SELinux: Could not get canonical path for /etc/NetworkManager/dispatcher.d restorecon: No such file or directory.
warning: %posttrans(selinux-policy-targeted-36.14-1.fc36.noarch) scriptlet failed, exit status 255

Error in POSTTRANS scriptlet in rpm package selinux-policy-targeted

If /etc/NetworkManager exist, even if empty, you don't get an error.

At least add "|| :" at the end of the command to make it nom-fatal.

Comment 17 Zdenek Pytela 2022-08-22 08:54:07 UTC
(In reply to Villy Kruse from comment #16)
> You still get the error if /etc/NetworkManager does not exist -- even with
> the -i option
> 
>   Cleanup          : selinux-policy-targeted-36.14-1.fc36.noarch            
> 6/6 
>   Running scriptlet: selinux-policy-targeted-36.14-1.fc36.noarch            
> 6/6 
> /usr/sbin/restorecon: SELinux: Could not get canonical path for
> /etc/NetworkManager/dispatcher.d restorecon: No such file or directory.
> warning: %posttrans(selinux-policy-targeted-36.14-1.fc36.noarch) scriptlet
> failed, exit status 255
> 
> Error in POSTTRANS scriptlet in rpm package selinux-policy-targeted
> 
> If /etc/NetworkManager exist, even if empty, you don't get an error.
> 
> At least add "|| :" at the end of the command to make it nom-fatal.

My bad, it should have been gone completely and the change got lost somehow, sorry for that.

Comment 18 Villy Kruse 2022-08-22 09:42:47 UTC
(In reply to Zdenek Pytela from comment #17)

> My bad, it should have been gone completely and the change got lost somehow,
> sorry for that.

Branch rawhide looks good execpt for %posttrans minimum and %posttrans mls


Note You need to log in before you can comment on or make changes to this bug.