SELinux upgrade issue
Daniel J Walsh
dwalsh at redhat.com
Fri Aug 28 17:07:20 UTC 2009
On 08/28/2009 12:22 PM, Moray Henderson (ICT) wrote:
> Just encountered an interesting issue, and wondered if anyone had seen anything like it before. One of the packages I add to my CentOS-based build is a custom SELinux policy (FX: screaming, running away). During a fresh install, it works perfectly:
>
> # grep selinux install.log
> Installing libselinux-1.33.4-5.1.el5.i386
> Installing libselinux-python-1.33.4-5.1.el5.i386
> Installing libselinux-utils-1.33.4-5.1.el5.i386
> Installing selinux-policy-2.4.6-203.el5.noarch
> Installing selinux-policy-targeted-2.4.6-203.el5.noarch
> Installing sls-selinux-policy-1.0-3.sls17.noarch
> Installing selinux-policy-devel-2.4.6-203.el5.noarch
>
> But during an upgrade from CentOS 4, this happens:
>
> # grep selinux /root/upgrade.log
> Upgrading libselinux-1.33.4-5.1.el5.i386
> Upgrading libselinux-python-1.33.4-5.1.el5.i386
> Upgrading libselinux-utils-1.33.4-5.1.el5.i386
> Upgrading selinux-policy-2.4.6-203.el5.noarch
> Upgrading selinux-policy-targeted-2.4.6-203.el5.noarch
> Upgrading sls-selinux-policy-1.0-3.sls17.noarch
> libsemanage.semanage_make_sandbox: Could not copy files to sandbox /etc/selinux/targeted/modules/tmp.
> /usr/sbin/semodule: Failed on /usr/share/selinux/targeted/sls.pp!
> Upgrading selinux-policy-devel-2.4.6-203.el5.noarch
> warning: /etc/selinux/targeted/policy/policy.18 saved as /etc/selinux/targeted/policy/policy.18.rpmsave
>
> Once anaconda has finished and is on the "installation complete" screen, I can switch to Alt-F2 and say
>
> chroot /mnt/sysimage
> /usr/sbin/semodule -i /usr/share/selinux/targeted/sls.pp -s targeted
>
> and now the module installs and loads at the next boot. Any ideas how to get it to install properly the first time?
>
>
> Moray.
> "To err is human. To purr, feline"
>
>
>
> _______________________________________________
> Kickstart-list mailing list
> Kickstart-list at redhat.com
> https://www.redhat.com/mailman/listinfo/kickstart-list
I think you want to make sure selinux-policy-targeted post install is finished before you run your post.
Something like
Requires(post): selinux-policy-targeted
More information about the Kickstart-list
mailing list