On 05/12/2015 03:59 PM, Stephen Smalley wrote: > On 05/12/2015 09:51 AM, Petr Lautrbach wrote: >> On 05/12/2015 02:56 PM, Stephen Smalley wrote: >>> BTW, in trying to test these scenarios, I did a yum remove >>> selinux-policy-targeted at one point and was surprised to find that I >>> couldn't subsequently do a yum install selinux-policy-targeted. It >>> would always fail. Ultimately I found that if I created an empty >>> /etc/selinux/targeted/contexts/files/file_contexts file and then tried >>> installing it, it would work. So I guess rpm -i fails if there is no >>> file_contexts file? That doesn't seem right. >>> >> >> That's correct. rpm does a verification of a transaction and one of the >> steps is to check files labels. It uses selinux_file_context_path() to >> get a file path and if it can't open this file, it fails as it can't >> confirm whether contexts are ok or not. Empty file_contexts file means >> that there's no conflict. >> >> If you want to skip this check, you can use: >> >> rpm -i --nocontexts ... >> or >> yum install --setopt=tsflags=nocontexts >> >> or just reboot and install selinux-policy-targeted with disabled SELinux. > > But it seems wrong that it fails silently, with no indication to the > user what went wrong or how to fix it. > > # yum remove selinux-policy-targeted > ... > # yum install selinux-policy-targeted > ... > Running transaction check > Running transaction test > Transaction test succeeded > Running transaction (shutdown inhibited) > selinux-policy-targeted-3.13.1-105.13.fc21.noarch was supposed to be > installed but is not! > Verifying : selinux-policy-targeted-3.13.1-105.13.fc21.noarch > 1/1 > Verifying : selinux-policy-targeted-3.13.1-105.13.fc21.noarch > 2/1 > > Failed: > selinux-policy-targeted.noarch 0:3.13.1-105.13.fc21 > > > Complete! > > # yumdownloader selinux-policy-targeted > # rpm -i selinux-policy-targeted-3.13.1-105.13.fc21.noarch.rpm > # echo $? > 1 > # rpm -q selinux-policy-targeted > package selinux-policy-targeted is not installed > I've filed a bug about it - https://bugzilla.redhat.com/show_bug.cgi?id=1220822 Thanks, Petr -- Petr Lautrbach SELinux Solutions Red Hat Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
