Hide Forgot
Description of problem: Installing xguest rpm both by yum and by rpm, transaction fails with error: Error in PREIN scriptlet in rpm package xguest-1.0.10-1.fc16.noarch errore: scriptlet %pre(xguest-1.0.10-1.fc16.noarch) fallita, uscita con stato 1 Version-Release number of selected component (if applicable): xguest-1.0.10-1.fc16 How reproducible: Always during installation Steps to Reproduce: 1. yum install xguest-*.rpm 2. yum localinstall http:// ... xguest-*.rpm 3. rpm -Uvh xguest-*.rpm Actual results: Expected results: Additional info:
rpm -q selinux-policy-targeted
Sorry, i forget an important thing. rpm -q selinux-policy-targeted selinux-policy-targeted-3.10.0-46.fc16.noarch
semanage user -a -S targeted -P xguest -R xguest_r xguest_u 2> /dev/null || : mkdir -p /var/lib/xguest (useradd -c "Guest" -Z xguest_u -d /var/lib/xguest/home xguest || semanage login -a -S targeted -s xguest_u xguest || semanage login -m -S targeted -s xguest_u xguest) 2>/dev/null || exit 1 echo "xguest:exclusive" >> /etc/security/sepermit.conf semanage -S targeted -i - << _EOF boolean -m --on allow_polyinstantiation boolean -m --on xguest_connect_network boolean -m --on xguest_mount_media boolean -m --on xguest_use_bluetooth _EOF THis is what the pre install attempts to do. Any idea what is failing?
I think of yes. I'm trying to configure a special user account (with xguest) that has a very limited options in graphic mode: - No Reboot/Shutdown commands - He can use network - He can use only Firefox Setting all by Gsettings Configuration Tool.
Same bug occurred by attempting to install xguest. Following the instruction from setroubleshoot: # semanage fcontext -a -t user_home_dir_t 'xguest' # restorecon -v 'xguest' did not resolve the issue. Here is the detailed report: SELinux is preventing /usr/sbin/useradd from write access on the directory xguest. Plugin: catchall_labels you want to allow useradd to have write access on the xguest directoryIf you want to allow useradd to have write access on the xguest directory You need to change the label on xguest # semanage fcontext -a -t FILE_TYPE 'xguest' where FILE_TYPE is one of the following: user_home_dir_t, httpd_user_content_type, mail_spool_t, etc_t, httpd_user_script_exec_type, user_home_type, pcscd_var_run_t, home_root_t. Then execute: restorecon -v 'xguest' It looks like the current policy prevent useradd binary to write access to xguest.
Please attach your AVC messages?
*** Bug 754883 has been marked as a duplicate of this bug. ***
ABRT did not properly detect this report. Message included on #754883.
(In reply to comment #3) > semanage -S targeted -i - << _EOF > boolean -m --on allow_polyinstantiation > boolean -m --on xguest_connect_network > boolean -m --on xguest_mount_media > boolean -m --on xguest_use_bluetooth > _EOF > > > THis is what the pre install attempts to do. Any idea what is failing? > For me, the three xguest booleans are set properly, but I cannot modify allow_polyinstantiation: # getsebool allow_polyinstantiation allow_polyinstantiation --> off # setsebool -P allow_polyinstantiation 1 Could not change policy booleans
(In reply to comment #0) > Description of problem: > Installing xguest rpm both by yum and by rpm, transaction fails with error: > > Error in PREIN scriptlet in rpm package xguest-1.0.10-1.fc16.noarch > errore: scriptlet %pre(xguest-1.0.10-1.fc16.noarch) fallita, uscita con stato 1 > > Version-Release number of selected component (if applicable): > xguest-1.0.10-1.fc16 > > How reproducible: > Always during installation > > Steps to Reproduce: > 1. yum install xguest-*.rpm > > 2. yum localinstall http:// ... xguest-*.rpm > > 3. rpm -Uvh xguest-*.rpm > I've just installed xguest. To login with Guest i relabeled whole system. # setenforce 0 # yum install xguest # setenforce 1 Set relabeling at next boot. Guest login works now but appears flickers in Gnome-shell (xsession-errors in attachment).
Created attachment 537911 [details] xsession-errors of Guest login with Gnome-shell
I updated my local xguest spec file, as follows, to get it to work: %install rm -rf %{buildroot} mkdir -p %{buildroot}/var/lib/xguest/home install -Dpm 0644 xguest.conf \ %{buildroot}/%{_sysconfdir}/security/namespace.d/xguest.conf %pre if [ $1 -eq 1 ]; then mkdir -p /var/lib/xguest/home semanage user -a -S targeted -P xguest -R xguest_r xguest_u 2>/dev/null || : chcon -R --user=xguest_u --role=object_r --type=user_home_dir_t /var/lib/xguest/home 2>/dev/null || : useradd -c "Guest" -Z xguest_u -d /var/lib/xguest/home xguest 2>/dev/null || exit 1 restorecon -F -R /var/lib/xguest 2>/dev/null || : <snip> fi Permissions/contexts (on fc16): # ls -lZd /var/lib/xguest drwxr-xr-x. root root system_u:object_r:var_lib_t:s0 /var/lib/xguest # ls -lZd /var/lib/xguest/home drwx------. xguest xguest xguest_u:object_r:user_home_dir_t:s0 /var/lib/xguest/home # ls -lZd /home drwxr-xr-x. root root system_u:object_r:home_root_t:s0 /home # ls -lZd /home/test drwx------. test test unconfined_u:object_r:user_home_dir_t:s0 /home/test Permissions/contexts (on fc15): # ls -lZd /home drwxr-xr-x. root root system_u:object_r:home_root_t:s0 /home # ls -lZd /home/xguest drwx------. xguest xguest xguest_u:object_r:user_home_dir_t:s0 /home/xguest # ls -lZd /home/test drwx------. test test unconfined_u:object_r:user_home_dir_t:s0 /home/test
Have you tried xguest-1.0.10-2.fc16
Yes, just did and it worked. %post was the trick. Thanks Dan.