SELinux RPM scriplet issue annoucement

Michael Schwendt mschwendt at gmail.com
Sun Jan 19 23:14:42 UTC 2014 

Anyone not aware of the problem and the fix, who applies the -117.fc20
selinux-policy update in _enforcing_ mode (since it has entered stable
updates meanwhile) believing it to be a normal update, will face another
failure and a partial update. Package selinux-policy updated
to -117.fc20 but -targeted remaining at -116.fc20.

Fixing that with the instructions in the Wiki wouldn't work, 

  # yum update selinux-policy
  Loaded plugins: auto-update-debuginfo, langpacks, refresh-packagekit
  No packages marked for update

since selinux-policy package is up-to-date. The enhanced fix that adds
'\*' works also for this extra problem:

  setenforce 0
  yum clean expire-cache
  yum update selinux-policy\*
  setenforce 1

[...]

Here's the full reproducer:

# yum update
Loaded plugins: auto-update-debuginfo, langpacks, refresh-packagekit
Resolving Dependencies
--> Running transaction check
---> Package selinux-policy.noarch 0:3.12.1-116.fc20 will be updated
---> Package selinux-policy.noarch 0:3.12.1-117.fc20 will be an update
---> Package selinux-policy-targeted.noarch 0:3.12.1-116.fc20 will be updated
---> Package selinux-policy-targeted.noarch 0:3.12.1-117.fc20 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

================================================== ==============================
Package Arch Version Repository Size
================================================== ==============================
Updating:
selinux-policy noarch 3.12.1-117.fc20 updates 316 k
selinux-policy-targeted noarch 3.12.1-117.fc20 updates 3.6 M

Transaction Summary
================================================== ==============================
Upgrade 2 Packages

Total download size: 3.9 M
Is this ok [y/d/N]: y
Downloading packages:
updates/20/x86_64/prestodelta | 1.3 MB 00:02
(1/2): selinux-policy-3.12.1-117.fc20.noarch.rpm | 316 kB 00:04
(2/2): selinux-policy-targeted-3.12.1-117.fc20.noarch.rpm | 3.6 MB 00:04
--------------------------------------------------------------------------------
Total 868 kB/s | 3.9 MB 00:04
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
Updating : selinux-policy-3.12.1-117.fc20.noarch 1/4
warning: %post(selinux-policy-3.12.1-117.fc20.noarch) scriptlet failed, exit status 127
Non-fatal POSTIN scriptlet failure in rpm package selinux-policy-3.12.1-117.fc20.noarch
warning: %triggerin(selinux-policy-3.12.1-117.fc20.noarch) scriptlet failed, exit status 127
Non-fatal <unknown> scriptlet failure in rpm package selinux-policy-3.12.1-117.fc20.noarch
error: %pre(selinux-policy-targeted-3.12.1-117.fc20.noarch) scriptlet failed, exit status 127
Error in PREIN scriptlet in rpm package selinux-policy-targeted-3.12.1-117.fc20.noarch
Cleanup : selinux-policy-3.12.1-116.fc20.noarch 3/4
error: selinux-policy-targeted-3.12.1-117.fc20.noarch: install failed
error: selinux-policy-targeted-3.12.1-116.fc20.noarch: erase skipped
warning: %postun(selinux-policy-3.12.1-116.fc20.noarch) scriptlet failed, exit status 127
Non-fatal POSTUN scriptlet failure in rpm package selinux-policy-3.12.1-116.fc20.noarch
Verifying : selinux-policy-3.12.1-117.fc20.noarch 1/4
selinux-policy-targeted-3.12.1-116.fc20.noarch was supposed to be removed but is not!
Verifying : selinux-policy-targeted-3.12.1-116.fc20.noarch 2/4
Verifying : selinux-policy-3.12.1-116.fc20.noarch 3/4
Verifying : selinux-policy-targeted-3.12.1-117.fc20.noarch 4/4

Updated:
selinux-policy.noarch 0:3.12.1-117.fc20

Failed:
selinux-policy-targeted.noarch 0:3.12.1-116.fc20
selinux-policy-targeted.noarch 0:3.12.1-117.fc20

Complete! 

# rpm -qa selinux-policy\*
selinux-policy-targeted-3.12.1-116.fc20.noarch
selinux-policy-3.12.1-117.fc20.noarch

# yum update selinux-policy
Loaded plugins: auto-update-debuginfo, langpacks, refresh-packagekit
No packages marked for update

# yum update selinux-policy\*
Loaded plugins: auto-update-debuginfo, langpacks, refresh-packagekit
Resolving Dependencies
--> Running transaction check
---> Package selinux-policy-targeted.noarch 0:3.12.1-116.fc20 will be updated
---> Package selinux-policy-targeted.noarch 0:3.12.1-117.fc20 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                     Arch       Version               Repository   Size
================================================================================
Updating:
 selinux-policy-targeted     noarch     3.12.1-117.fc20       updates     3.6 M

Transaction Summary
================================================================================
Upgrade  1 Package

Total size: 3.6 M
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : selinux-policy-targeted-3.12.1-117.fc20.noarch               1/2 
  Cleanup    : selinux-policy-targeted-3.12.1-116.fc20.noarch               2/2 
  Verifying  : selinux-policy-targeted-3.12.1-117.fc20.noarch               1/2 
  Verifying  : selinux-policy-targeted-3.12.1-116.fc20.noarch               2/2 

Updated:
  selinux-policy-targeted.noarch 0:3.12.1-117.fc20                              

Complete!

More information about the devel mailing list