Description of problem: Installed Pulp on Fedora 16, called katello-configure and got AVC denial. Version-Release number of selected component (if applicable): pulp-1.1.11-1.fc16.noarch.rpm Steps to Reproduce: 1. install pulp from this repo - http://fedorapeople.org/groups/katello/releases/yum/katello-pulp/Fedora/16/x86_64/ 2. pulp-admin auth login --username admin --password xxx 3. check SELinux log Actual results: type=AVC msg=audit(1343215256.380:1884): avc: denied { getattr } for pid=11414 comm="httpd" path="/srv/pulp/webservices.wsgi" dev=dm-0 ino=1450672 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file Expected results: Working pulp
And I see this during RPM installation: libsepol.policydb_read: policydb module version 14 does not match my version range 4-13 (No such file or directory). libsepol.sepol_module_package_read: invalid module in module package (at section 0) (No such file or directory). libsemanage.semanage_load_module: Error while reading from module file /etc/selinux/targeted/modules/tmp/modules/pulp-server.pp. (No such file or directory). /usr/sbin/semanage: Could not commit semanage transaction Adding John to CCs
# yum install pulp-selinux-server Loaded plugins: langpacks, product-id, refresh-packagekit, subscription-manager Updating certificate-based repositories. Unable to read consumer identity This machine has not been registered and therefore has no access to security and other critical updates. Please register using subscription-manager. Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package pulp-selinux-server.noarch 0:1.1.11-1.fc16 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================= Package Arch Version Repository Size ============================================================================================================================================= Installing: pulp-selinux-server noarch 1.1.11-1.fc16 pulp 46 k Transaction Summary ============================================================================================================================================= Install 1 Package Total download size: 46 k Installed size: 65 k Is this ok [y/N]: y Downloading Packages: pulp-selinux-server-1.1.11-1.fc16.noarch.rpm | 46 kB 00:00 Running Transaction Check Running Transaction Test Transaction Test Succeeded Running Transaction Warning: RPMDB altered outside of yum. ** Found 1 pre-existing rpmdb problem(s), 'yum check' output follows: pulp-1.1.11-1.fc16.noarch has missing requires of pulp-selinux-server = ('0', '1.1.11', '1.fc16') Installing : pulp-selinux-server-1.1.11-1.fc16.noarch 1/1 libsepol.policydb_read: policydb module version 14 does not match my version range 4-13 (No such file or directory). libsepol.sepol_module_package_read: invalid module in module package (at section 0) (No such file or directory). libsemanage.semanage_load_module: Error while reading from module file /etc/selinux/targeted/modules/tmp/modules/pulp-server.pp. (No such file or directory). /usr/sbin/semanage: Could not commit semanage transaction Installed products updated. Installed: pulp-selinux-server.noarch 0:1.1.11-1.fc16 Complete!
Comment #2 was from the configured pulp repo Now I am attempting an install from a locally built rpm of pulp-selinux-server # yum install ./pulp-selinux-server-1.1.11-1.fc16.noarch.rpm Loaded plugins: langpacks, product-id, refresh-packagekit, subscription-manager Updating certificate-based repositories. Unable to read consumer identity This machine has not been registered and therefore has no access to security and other critical updates. Please register using subscription-manager. Setting up Install Process Examining ./pulp-selinux-server-1.1.11-1.fc16.noarch.rpm: pulp-selinux-server-1.1.11-1.fc16.noarch Marking ./pulp-selinux-server-1.1.11-1.fc16.noarch.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package pulp-selinux-server.noarch 0:1.1.11-1.fc16 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================ Package Arch Version Repository Size ============================================================================================================================================================ Installing: pulp-selinux-server noarch 1.1.11-1.fc16 /pulp-selinux-server-1.1.11-1.fc16.noarch 65 k Transaction Summary ============================================================================================================================================================ Install 1 Package Total size: 65 k Installed size: 65 k Is this ok [y/N]: y Downloading Packages: Running Transaction Check Running Transaction Test Transaction Test Succeeded Running Transaction Warning: RPMDB altered outside of yum. ** Found 1 pre-existing rpmdb problem(s), 'yum check' output follows: pulp-1.1.11-1.fc16.noarch has missing requires of pulp-selinux-server = ('0', '1.1.11', '1.fc16') Installing : pulp-selinux-server-1.1.11-1.fc16.noarch 1/1 Installed products updated. Installed: pulp-selinux-server.noarch 0:1.1.11-1.fc16 Complete! [root@aa noarch]# semodule -l | grep pulp pulp-server 1.1.11.1 [root@aa noarch]# ls -larthZ /srv/pulp/ -rw-r--r--. apache apache system_u:object_r:httpd_sys_content_t:s0 webservices.wsgi -rw-r--r--. apache apache system_u:object_r:httpd_sys_content_t:s0 repo_auth.wsgi drwxr-xr-x. root root system_u:object_r:var_t:s0 .. drwxr-xr-x. root root system_u:object_r:var_t:s0 .
I checked the pulp.repo on the system reporting this problem, the pulp.repo is pointing to a custom repo hosted on an internal machine. I fetched the pulp-selinux-server from the custom repo and attempted an install below, note same failure. # yum install koji/pulp-selinux-server-1.1.11-1.fc16.noarch.rpm Loaded plugins: langpacks, product-id, refresh-packagekit, subscription-manager Updating certificate-based repositories. Unable to read consumer identity This machine has not been registered and therefore has no access to security and other critical updates. Please register using subscription-manager. Setting up Install Process Examining koji/pulp-selinux-server-1.1.11-1.fc16.noarch.rpm: pulp-selinux-server-1.1.11-1.fc16.noarch Marking koji/pulp-selinux-server-1.1.11-1.fc16.noarch.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package pulp-selinux-server.noarch 0:1.1.11-1.fc16 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================ Package Arch Version Repository Size ============================================================================================================================================================ Installing: pulp-selinux-server noarch 1.1.11-1.fc16 /pulp-selinux-server-1.1.11-1.fc16.noarch 65 k Transaction Summary ============================================================================================================================================================ Install 1 Package Total size: 65 k Installed size: 65 k Is this ok [y/N]: y Downloading Packages: Running Transaction Check Running Transaction Test Transaction Test Succeeded Running Transaction Warning: RPMDB altered outside of yum. ** Found 1 pre-existing rpmdb problem(s), 'yum check' output follows: pulp-1.1.11-1.fc16.noarch has missing requires of pulp-selinux-server = ('0', '1.1.11', '1.fc16') Installing : pulp-selinux-server-1.1.11-1.fc16.noarch 1/1 libsepol.policydb_read: policydb module version 14 does not match my version range 4-13 (No such file or directory). libsepol.sepol_module_package_read: invalid module in module package (at section 0) (No such file or directory). libsemanage.semanage_load_module: Error while reading from module file /etc/selinux/targeted/modules/tmp/modules/pulp-server.pp. (No such file or directory). /usr/sbin/semanage: Could not commit semanage transaction Installed products updated. Installed: pulp-selinux-server.noarch 0:1.1.11-1.fc16 Complete!
The pulp-selinux-server RPM in the custom koji-katello repo is bad. I have verified that a locally built pulp-selinux-server RPM installs correctly, as well as the pulp-selinux-server RPM available from the default pulp repo: http://repos.fedorapeople.org/repos/pulp/pulp/v1/stable/ I suspect this might be a problem with the setup of the builder that produced the koji-katello repo for f16.
Sending back to Katello to verify their build setup.
Okay, Fedora16 updates did help, it was a clean installation without any updates. Maybe you would like to put this to the V1 release notes. Thanks for help! Closing.