Creating a Dogtag 9 instance on RHEL/CentOS 6.x may fail due to outdated selinux-policy.
Currently the default selinux-policy on these platforms is version 3.7.19-231. Installing Dogtag 9 packages does not update the current selinux-policy. There are error messages generated during package installation, but the package installation itself will actually complete, so people might not notice the error (especially if it's automated):
Installing : pki-selinux-9.0.3-38.el6_6.noarch 1/1 libsepol.print_missing_requirements: pki's global requirements were not met: type/attribute tomcat_cache_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!
Later when a Dogtag instance is created, it may fail with the following message:
/usr/bin/runcon: invalid context: unconfined_u:system_r:pki_ca_script_t:s0: Invalid argument
To fix the problem the selinux-policy has to be updated to version 3.7.19-260. So the dependency on selinux-policy should be updated to require the latest version.
See also:
Proposed milestone: 9.0.3-x
Resolved in 'pki-core-9.0.3-40.el6'.
Metadata Update from @edewata: - Issue set to the milestone: 9.0
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1805
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.