Description of problem: The %post script is not working when SELinux is enabled after the package installation but was disabled during installation. This is happening when building an image in a container that doesn't have SELinux enable, and later is installed in bare metal or in a VM that enabled SELinux. More references: ESSNTL-4875 Version-Release number of selected component (if applicable): rhc-0.2.3-1.el9
Version of rhc: [root@kvm-02-guest08 ~]# rhc --version rhc version 0.2.2 Disable SELinux: [root@kvm-02-guest08 ~]# cat /etc/selinux/config | grep SELINUX # SELINUX= can take one of these three values: # NOTE: In earlier Fedora kernel builds, SELINUX=disabled would also SELINUX=disabled # SELINUXTYPE= can take one of these three values: SELINUXTYPE=targeted [root@kvm-02-guest08 ~]# reboot [root@kvm-02-guest08 ~]# selinuxenabled [root@kvm-02-guest08 ~]# echo $? 1 ^^ SELinux is disabled Installing rhc: [root@kvm-02-guest08 ~]# yum install rhc -y Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:08:23 ago on Mon 07 Aug 2023 11:37:18 AM CEST. Dependencies resolved. ======================================================================================================================================== Package Architecture Version Repository Size ======================================================================================================================================== Installing: rhc x86_64 1:0.2.2-1.el9 beaker-AppStream 9.5 M ... Installed: rhc-1:0.2.2-1.el9.x86_64 Complete! Checking for permissive packages: [root@kvm-02-guest08 ~]# semanage permissive -l Builtin Permissive Types mptcpd_t rshim_t Customized Permissive Types insights_client_t ^^ rhcd_t is missing --> bug successfully reproduced I removed the rhc package and reinstalled it with a newer package that has fixed the issue: [root@kvm-02-guest08 ~]# rhc --version rhc version 0.2.4 [root@kvm-02-guest08 ~]# semanage permissive -l Builtin Permissive Types mptcpd_t rshim_t Customized Permissive Types insights_client_t rhcd_t ^^ rhcd_t is here --> pre-verification PASSED
[root@kvm-02-guest10 ~]# rhc --version rhc version 0.2.4 Disabling SELinux: [root@kvm-02-guest10 ~]# cat /etc/selinux/config | grep SELINUX= # SELINUX= can take one of these three values: # NOTE: In earlier Fedora kernel builds, SELINUX=disabled would also SELINUX=disabled [root@kvm-02-guest10 ~]# reboot [root@kvm-02-guest10 ~]# selinuxenabled [root@kvm-02-guest10 ~]# echo $? 1 ^^ SELinux is disabled Installing rhc: [root@kvm-02-guest10 ~]# yum install rhc -y Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:15:53 ago on Wed 09 Aug 2023 02:14:47 PM CEST. Dependencies resolved. ====================================================================================================== Package Architecture Version Repository Size ====================================================================================================== Installing: rhc x86_64 1:0.2.4-1.el9 beaker-AppStream 9.8 M ... Installed: rhc-1:0.2.4-1.el9.x86_64 Complete! [root@kvm-02-guest10 ~]# semanage permissive -l Builtin Permissive Types mptcpd_t rshim_t Customized Permissive Types insights_client_t rhcd_t ^^ rhcd_t is present as expected --> VERIFICATION PASSED