Bug 5579 - distribution upgrade and SELinux can make it impossible to upgrade
Summary: distribution upgrade and SELinux can make it impossible to upgrade
Status: CLOSED WORKSFORME
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Server OS (show other bugs)
Version: pre-1.0
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.15.0
Assignee: Bugzilla mail exporter
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-06-30 09:13 CEST by Pierre Ossman
Modified: 2023-05-16 13:33 CEST (History)
1 user (show)

See Also:
Acceptance Criteria:


Attachments

Description Pierre Ossman cendio 2015-06-30 09:13:52 CEST
I stumbled on a fun little corner case when I upgraded my Fedora 21 machine to Fedora 22.

The base SELinux policy was upgraded in a sufficiently large way that modules need to be recompiled. This means that it fails to load the "thinlinc.pp" module that was left over from my previous installation of ThinLinc. Not a problem in itself, except unfortunately it still somehow managed to remember the file context globs. So what happens is that RPM tries to fix up the contexts as it is installing the new packages, but fails because the contexts are unknown as our module failed to load.

The error you get is this:

2015-06-30 08:59:45,361:     error: unpacking of archive failed on file /opt/thinlinc/libexec/tl-session;55923e61: cpio: (error 0x2)
2015-06-30 08:59:45,361:     error: thinlinc-vsm-4.4.0post-4807.x86_64: install failed

Turning up RPM logging tells you the details:

D: Plugin: calling hook fsm_file_prepare in selinux plugin
D: lsetfilecon: (/opt/thinlinc/libexec/tl-session;55923f48, system_u:object_r:thinlinc_session_exec_t:s0) 
fdio:     140 reads,    55944 total bytes in 0.000327 secs
################################# [ 50%]
error: unpacking of archive failed on file /opt/thinlinc/libexec/tl-session;55923f48: cpio: (error 0x2)

Workarounds would be to manually remove the thinlinc module, or to re-run tl-setup so that the SELinux module gets recompiled. Still would be nice if we could automate this somehow.

Not sure if a Platform Specific Note is necessary. The enterprise distributions generally don't support upgrades like this.
Comment 1 Pierre Ossman cendio 2023-05-16 13:33:45 CEST
We haven't seen this issue in many years, so we'll assume the SELinux packages handle this case more gracefully now.

Note You need to log in before you can comment on or make changes to this bug.