Issue #5256: FreeIPA service fails to upgrade with old selinux-policy - freeipa

freeipa

#5256 FreeIPA service fails to upgrade with old selinux-policy

Closed: Fixed None Opened 8 years ago by mkosek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1252863

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

On RHEL-7.x, FreeIPA service upgrade generates AVC and fails if selinux-policy-3.13.1-23.el7.noarch is not upgraded to selinux-policy-3.13.1-23.el7_1.13.noarch BEFORE FreeIPA upgrade.

We should add Requires(pre) on the required SELinux version to make sure it is there.

mkosek commented 8 years ago

For the record, this is the AVC:

avc:  denied  { read append } for  pid=29496 comm="..." name="renewal.lock" dev="tmpfs" ino=21081 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file

jcholast commented 8 years ago

master:

aebb72e spec file: Add Requires(post) on selinux-policy

ipa-4-2:

94adf09 spec file: Add Requires(post) on selinux-policy

Metadata Update from @mkosek:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 4.2.1

7 years ago

Metadata

Assignee

jcholast

Tags

None

Blocking

None

Depending on

None

Priority

important

Milestone

FreeIPA 4.2.1

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1252863

tester

None

changelog

None

design

None

freeipa

Source Code

#5256 FreeIPA service fails to upgrade with old selinux-policy Closed: Fixed None Opened 8 years ago by mkosek.

Metadata

#5256 FreeIPA service fails to upgrade with old selinux-policy

Closed: Fixed None Opened 8 years ago by mkosek.