Bug 624310 - SELinux module of package 389-admin not installed correctly after update
Summary: SELinux module of package 389-admin not installed correctly after update
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: 389
Classification: Retired
Component: Admin
Version: 1.2.6
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Nathan Kinder
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-08-15 23:51 UTC by Manuel Faux
Modified: 2015-01-04 23:43 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-09-24 21:18:20 UTC
Embargoed:

Attachments (Terms of Use)

Description Manuel Faux 2010-08-15 23:51:30 UTC 
Description of problem:
SELinux policy which comes with current 389-admin will not be installed correctly when updating from earlier version of 389-admin which needed 389-admin-selinux.

Version-Release number of selected component (if applicable):
Update from 389-admin-1.1.11-0.1.a1.fc13 with 389-admin-selinux-v1.1.11-0.1.a1.fc13 to 389-admin-1.1.11-0.6.rc2.fc13 (which replaces 389-admin-selinux).

How reproducible:
Install 389-admin and 389-admin-selinux from core reop and update 389-admin to latest version of updates-testing repository.

Steps to Reproduce:
1. yum install 389-admin 389-admin-selinux
2. 'semodule -l | grep dirsrv' does not contain dirsrv-admin due to bug #570912
3. yum update --enablerepo updates-testing 389-admin
4. yum will install 389-admin, install SELinux policy and remove 389-admin-selinux because current 389-admin in updates-testing contains SELinux policy
  
Actual results:
yum installs the SELinux policy correctly but removes it when erasing old 389-admin-selinux (i guess because the uninstall routine of the package tells to remove the police?).

Expected results:
The SELinux policy should be installed after updating.

Additional info:
Workaround: semodule -s targeted -i /usr/share/selinux/targeted/dirsrv-admin.pp
Comment 1 Rich Megginson 2010-08-16 14:24:03 UTC 
Nathan, perhaps this is related to the problem in 389-ds-base when upgrading from 1.2.6 alpha or rc to the latest 1.2.6 rc7 with selinux.
Comment 2 Nathan Kinder 2010-08-16 16:01:35 UTC 
(In reply to comment #1)
> Nathan, perhaps this is related to the problem in 389-ds-base when upgrading
> from 1.2.6 alpha or rc to the latest 1.2.6 rc7 with selinux.

I think the dirsrv module is installed in that case (it's just the relabelling via fixfiles that fails).

This issue seems to be a bug in the 389-admin-1.1.11-0.1.a1 spec file where it things that the dirsrv-admin policy module should be removed since the 389-admin-selinux subpackage is being removed.  It does not detect that this is indeed an upgrade since there is no new 389-admin-selinux being installed (the selinux module was merged into the 389-admin package).

I don't think that there is an easy way to fix this as the bug is in the .a1 spec file.  I think we should just release note this as it will only affect those running the early alpha builds where we had a separate selinux subpackage.
Comment 3 Manuel Faux 2010-08-16 19:14:22 UTC 
It would be possible - but not very elegant - to rename the new SELinux module. But maybe it conflicts with the old module, which would have to be removed before. Not a very nice workaround.

Would incrementing the module version solve the problem? Both modules currently have v 1.0.0.
Comment 6 Nathan Kinder 2010-09-24 21:18:20 UTC 
We cannot rename the module without causing other problems.  Since the prior version with the spec file bug was an alpha release, it does not seem worthwhile to try to fix this.  This issue should not be a problem when upgrading from any prior stable versions.
Note You need to log in before you can comment on or make changes to this bug.