Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1252863
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
On RHEL-7.x, FreeIPA service upgrade generates AVC and fails if selinux-policy-3.13.1-23.el7.noarch is not upgraded to selinux-policy-3.13.1-23.el7_1.13.noarch BEFORE FreeIPA upgrade.
We should add Requires(pre) on the required SELinux version to make sure it is there.
Requires(pre)
For the record, this is the AVC:
avc: denied { read append } for pid=29496 comm="..." name="renewal.lock" dev="tmpfs" ino=21081 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file
master:
ipa-4-2:
Metadata Update from @mkosek: - Issue assigned to jcholast - Issue set to the milestone: FreeIPA 4.2.1
Login to comment on this ticket.