On 05/12/2015 09:51 AM, Petr Lautrbach wrote:
> On 05/12/2015 02:56 PM, Stephen Smalley wrote:
>> BTW, in trying to test these scenarios, I did a yum remove
>> selinux-policy-targeted at one point and was surprised to find that I
>> couldn't subsequently do a yum install selinux-policy-targeted. It
>> would always fail. Ultimately I found that if I created an empty
>> /etc/selinux/targeted/contexts/files/file_contexts file and then tried
>> installing it, it would work. So I guess rpm -i fails if there is no
>> file_contexts file? That doesn't seem right.
>>
>
> That's correct. rpm does a verification of a transaction and one of the
> steps is to check files labels. It uses selinux_file_context_path() to
> get a file path and if it can't open this file, it fails as it can't
> confirm whether contexts are ok or not. Empty file_contexts file means
> that there's no conflict.
>
> If you want to skip this check, you can use:
>
> rpm -i --nocontexts ...
> or
> yum install --setopt=tsflags=nocontexts
>
> or just reboot and install selinux-policy-targeted with disabled SELinux.
But it seems wrong that it fails silently, with no indication to the
user what went wrong or how to fix it.
# yum remove selinux-policy-targeted
...
# yum install selinux-policy-targeted
...
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction (shutdown inhibited)
selinux-policy-targeted-3.13.1-105.13.fc21.noarch was supposed to be
installed but is not!
Verifying : selinux-policy-targeted-3.13.1-105.13.fc21.noarch
1/1
Verifying : selinux-policy-targeted-3.13.1-105.13.fc21.noarch
2/1
Failed:
selinux-policy-targeted.noarch 0:3.13.1-105.13.fc21
Complete!
# yumdownloader selinux-policy-targeted
# rpm -i selinux-policy-targeted-3.13.1-105.13.fc21.noarch.rpm
# echo $?
1
# rpm -q selinux-policy-targeted
package selinux-policy-targeted is not installed
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
