On 3/1/07, Jim Cornette <fc-cornette@xxxxxxxxxxxxxx> wrote:
Jonathan Rawle wrote: > I have a problem installing updates via yum. I usually type > sudo yum update > and have sudoers set up to allow this. However, I've recently started to see > messages of the form: > error: %pre(packagename) scriptlet failed, exit status 255 > It seems to install the new package, but does not remove the old one, which > has taken some sorting out! > > It also doesn't work if I su to root and type yum update. But it DOES work > if I disable SELinux with setenforce 0 > > I'm seeing the following AVC messages in dmesg: > > audit(1172787681.632:38): avc: denied { transition } for pid=7147 > comm="yum" name="bash" dev=sda1 ino=2154415 > scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 > tcontext=system_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=process > > Seeing as we don't have everyone complaining that yum is broken, I assume my > filesystem is wrongly labelled or something. I did fixfiles check and > couldn't see anything that looked significant... > > Why is it xdm_t? Is it something to do with me using kdm as my login manager > (most people use gdm)? > > So I wondered if anyone has any ideas of how to fix this? I don't want to > have to switch off enforcing every time I do an update! > > Thanks in advance, > > > Jonathan > > I'd drop to runlevel 1 and then run 'fixfiles relabel' and answer yes to remove files in /tmp. Of course if you store files there, you ought to pick a different location. After relabeling a reboot is needed especially if you cleared the /tmp files. I used to run 'setenforce 0' quite a bit before running yum because of the Exit Status 255 error with the scriptlets that were related to SELinux. Either by pure luck or because of the security content being corrected, I no longer needed to setenforce to 0 before updating after the relabeling. It is a bug and has been because of system policy in some cases and at the package level in other cases. Jim
Any chance that you have some obsolete scripts left over by performing update instead of upgrade?