Bug 863252 - katello-selinux-enable throws error
katello-selinux-enable throws error
Status: CLOSED ERRATA
Product: Red Hat Satellite 6
Classification: Red Hat
Component: SELinux (Show other bugs)
6.0.0
Unspecified Unspecified
unspecified Severity high (vote)
: Unspecified
: --
Assigned To: Justin Sherrill
Og Maciel
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-10-04 16:04 EDT by Chandrasekar Kannan
Modified: 2015-01-04 18:52 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A script failure existed in the RPM package of katello-selinux. This bug fix removes simple and MLS from the script katello-selinux-enable. The RPM package installs correctly.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-12-04 14:56:58 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Chandrasekar Kannan 2012-10-04 16:04:58 EDT
.live.[root@x86-64-6s-v2-cfse tps]# ls -al /etc/katello/secure/passphrase
ls: cannot access /etc/katello/secure/passphrase: No such file or directory
.live.[root@x86-64-6s-v2-cfse tps]# tps-upgrade 
Upgrading 2012:13709 using command:
 rpm -Uvh  $( tps-filter-filelist -u  )
 
Preparing...                ########################################### [100%]
   1:puppet                 ########################################### [  2%]
   2:pulp-common            ########################################### [  5%]
   3:pulp-client-lib        ########################################### [  7%]
   4:rubygem-activesupport  ########################################### [  9%]
   5:rubygem-delayed_job    ########################################### [ 12%]
   6:rubygem-chunky_png     ########################################### [ 14%]
   7:rubygem-compass        ########################################### [ 16%]
   8:rubygem-compass-960-plu########################################### [ 19%]
   9:rubygem-net-ldap       ########################################### [ 21%]
  10:rubygem-ldap_fluff     ########################################### [ 23%]
  11:rubygem-mail           ########################################### [ 26%]
  12:quartz                 ########################################### [ 28%]
  13:candlepin              ########################################### [ 30%]
  14:candlepin-tomcat6      ########################################### [ 33%]
  15:candlepin-selinux      ########################################### [ 35%]
  16:katello-cli-common     ########################################### [ 37%]
  17:katello-cli            ########################################### [ 40%]
  18:grinder                ########################################### [ 42%]
  19:rubygem-apipie-rails   ########################################### [ 44%]
  20:katello-common         ########################################### [ 47%]
  21:katello-glue-pulp      ########################################### [ 49%]
  22:katello-selinux        ########################################### [ 51%]
libsepol.print_missing_requirements: katello's global requirements were not met: type/attribute unconfined_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
/usr/sbin/semanage: Could not commit semanage transaction
/sbin/restorecon reset /etc/katello/secure context system_u:object_r:etc_t:s0->system_u:object_r:katello_secetc_dir_t:s0
  23:katello-glue-candlepin ########################################### [ 53%]
  24:katello                ########################################### [ 56%]
  25:katello-certs-tools    ########################################### [ 58%]
  26:katello-configure      ########################################### [ 60%]
  27:rubygem-sqlite3        ########################################### [ 63%]
  28:pulp-selinux-server    ########################################### [ 65%]
  29:pulp                   ########################################### [ 67%]
  30:katello-all            ########################################### [ 70%]
  31:ruby-sqlite3           ########################################### [ 72%]
  32:katello-api-docs       ########################################### [ 74%]
  33:katello-cli-tests      ########################################### [ 77%]
  34:rubygem-mail-doc       ########################################### [ 79%]
  35:rubygem-compass-960-plu########################################### [ 81%]
  36:rubygem-delayed_job-doc########################################### [ 84%]
  37:rubygem-actionpack     ########################################### [ 86%]
  38:pulp-admin             ########################################### [ 88%]
  39:pulp-consumer          ########################################### [ 91%]
  40:puppet-server          ########################################### [ 93%]
  41:rubygem-sqlite3-debugin########################################### [ 95%]
  42:candlepin-devel        ########################################### [ 98%]
  43:converge-ui-devel      ########################################### [100%]
.live.[root@x86-64-6s-v2-cfse tps]# /usr/sbin/katello-selinux-enable
libsepol.print_missing_requirements: katello's global requirements were not met: type/attribute unconfined_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
/usr/sbin/semanage: Could not commit semanage transaction
.live.[root@x86-64-6s-v2-cfse tps]#
Comment 1 Justin Sherrill 2012-10-05 10:21:53 EDT
Tested a non-upgrade scenario and it worked fine.  Testing an upgrade scenario now.
Comment 2 Justin Sherrill 2012-10-05 11:59:30 EDT
I was not able to reproduce this by upgrading from SE 1.0 to 1.1 with selinux enabled.   Nor by running selinux-enable



 Installing : quartz-2.1.5-4.el6cf.noarch                                                                                                           59/93 
  Updating   : candlepin-0.7.8-1.el6cf.noarch                                                                                                        60/93 
  Updating   : candlepin-tomcat6-0.7.8-1.el6cf.noarch                                                                                                61/93 
  Installing : candlepin-selinux-0.7.8-1.el6cf.noarch                                                                                                62/93 
  Installing : rubygem-apipie-rails-0.0.11-2.el6cf.noarch                                                                                            63/93 
  Updating   : katello-common-1.1.12-12.el6cf.noarch                                                                                                 64/93 
warning: /etc/httpd/conf.d/katello.conf created as /etc/httpd/conf.d/katello.conf.rpmnew
warning: /etc/katello/katello.yml created as /etc/katello/katello.yml.rpmnew
warning: /etc/katello/thin.yml created as /etc/katello/thin.yml.rpmnew
  Updating   : katello-selinux-1.1.1-1.el6cf.noarch                                                                                                  65/93 
  Updating   : katello-glue-candlepin-1.1.12-12.el6cf.noarch                                                                                         66/93 
  Updating   : katello-glue-pulp-1.1.12-12.el6cf.noarch                                                                                              67/93 
  Updating   : katello-1.1.12-12.el6cf.noarch                                                                                                        68/93 
  Updating   : katello-all-1.1.12-12.el6cf.noarch                                                                                                    69/93 
  Updating   : 1:rubygem-actionpack-3.0.10-10.el6cf.noarch                                                                                           70/93 
  Updating   : rubygem-mail-2.3.0-3.el6cf.noarch                                                                                                     71/93 
  Cleanup    : katello-all-0.1.311-1.el6_2.noarch               

<SNIP>


Works with katello-selinux-enable too:

[root@dhcp77-152 ~]# katello-selinux-enable 
[root@dhcp77-152 ~]# 



Can you provide any other steps to reproduce?
Comment 3 Chandrasekar Kannan 2012-10-05 14:47:54 EDT
no .. I don't have any other steps to reproduce at this point. I'm trying the work around mentioned in this bug https://bugzilla.redhat.com/show_bug.cgi?id=511067 ...
Comment 4 Justin Sherrill 2012-10-05 16:37:50 EDT
This appears to be fixed in:  https://github.com/Katello/katello/commit/508a1e5912e0c3ea3347af7cb44f69034006636f

or at least making that change appears to fix katello-selinux-enable.  From what i understand that makes sense as the error is occuring when installing the selinux module for mls mode (targeted works fine).  


Mirek,  Do you see any issues with bringing this into System engine 1.1?  


Since we don't support mls i would think it would be ok.  Can you confirm?

Thanks,

-Justin
Comment 5 Miroslav Suchý 2012-10-08 11:16:27 EDT
I see no issues in cherry picking that commit to 1.1.

But I do not think it is cause of this error. I would really like to get login on machine where it reproduces or get deterministic reproducer.
Comment 6 Miroslav Suchý 2012-10-09 09:41:37 EDT
I got hands on reproducer and I agree that patch from #4 is correct fix.
Comment 11 Og Maciel 2012-10-24 10:50:45 EDT
TPS is no longer showing this issue, marking as VERIFIED:

* candlepin-0.7.8.1-1.el6cf.noarch
* candlepin-selinux-0.7.8.1-1.el6cf.noarch
* candlepin-tomcat6-0.7.8.1-1.el6cf.noarch
* katello-1.1.12-17.el6cf.noarch
* katello-all-1.1.12-17.el6cf.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.1.8-1.el6cf.noarch
* katello-cli-1.1.8-9.el6cf.noarch
* katello-cli-common-1.1.8-9.el6cf.noarch
* katello-common-1.1.12-17.el6cf.noarch
* katello-configure-1.1.9-8.el6cf.noarch
* katello-glue-candlepin-1.1.12-17.el6cf.noarch
* katello-glue-pulp-1.1.12-17.el6cf.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-1.1.1-2.el6cf.noarch
* pulp-1.1.14-1.el6cf.noarch
* pulp-common-1.1.14-1.el6cf.noarch
* pulp-selinux-server-1.1.14-1.el6cf.noarch
Comment 14 errata-xmlrpc 2012-12-04 14:56:58 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-1543.html

Note You need to log in before you can comment on or make changes to this bug.