Bug #23343
closed"Error: Package: 2:ceph-selinux-13.0.1-3017.g5fee268.el7.x86_64" in smoke
0%
Description
Run: http://pulpito.ceph.com/teuthology-2018-03-13_17:31:37-smoke-master-testing-basic-smithi/
Jobs: all
Logs: http://qa-proxy.ceph.com/teuthology/teuthology-2018-03-13_17:31:37-smoke-master-testing-basic-smithi/2287609/teuthology.log
2018-03-13T17:52:03.393 INFO:teuthology.orchestra.run.smithi097.stdout:--> Running transaction check 2018-03-13T17:52:03.393 INFO:teuthology.orchestra.run.smithi097.stdout:---> Package ceph-selinux.x86_64 2:13.0.1-3017.g5fee268.el7 will be installed 2018-03-13T17:52:03.393 INFO:teuthology.orchestra.run.smithi097.stdout:--> Processing Dependency: selinux-policy-base >= 3.13.1-166.el7_4.9 for package: 2:ceph-selinux-13.0.1-3017.g5fee268.el7.x86_64 2018-03-13T17:52:03.399 INFO:teuthology.orchestra.run.smithi097.stdout:---> Package python-urllib3.noarch 0:1.10.2-3.el7 will be installed 2018-03-13T17:52:03.399 INFO:teuthology.orchestra.run.smithi097.stdout:---> Package userspace-rcu.x86_64 0:0.7.16-1.el7 will be installed 2018-03-13T17:52:03.881 INFO:teuthology.orchestra.run.smithi117.stdout:No package available. 2018-03-13T17:52:04.044 INFO:teuthology.orchestra.run.smithi097.stdout:--> Finished Dependency Resolution 2018-03-13T17:52:04.178 INFO:teuthology.orchestra.run.smithi097.stdout:Error: Package: 2:ceph-selinux-13.0.1-3017.g5fee268.el7.x86_64 (ceph) 2018-03-13T17:52:04.179 INFO:teuthology.orchestra.run.smithi097.stdout: Requires: selinux-policy-base >= 3.13.1-166.el7_4.9 2018-03-13T17:52:04.179 INFO:teuthology.orchestra.run.smithi097.stdout: Installed: selinux-policy-targeted-3.13.1-166.el7_4.7.noarch (@rhel-7-server-rpms) 2018-03-13T17:52:04.179 INFO:teuthology.orchestra.run.smithi097.stdout: selinux-policy-base = 3.13.1-166.el7_4.7 2018-03-13T17:52:04.179 INFO:teuthology.orchestra.run.smithi097.stdout: Available: selinux-policy-minimum-3.12.1-153.el7.noarch (rhel-7-server-rpms) 2018-03-13T17:52:04.179 INFO:teuthology.orchestra.run.smithi097.stdout: selinux-policy-base = 3.12.1-153.el7 2018-03-13T17:52:04.179 INFO:teuthology.orchestra.run.smithi097.stdout: Available: selinux-policy-minimum-3.12.1-153.el7_0.10.noarch (rhel-7-server-rpms)
Updated by Yuri Weinstein about 6 years ago
Brad, Boris - can you pls take a look at this? This is brand new ditrso rhel 7.4 we starting use in sepia.
Updated by Brad Hubbard about 6 years ago
- Project changed from Ceph to sepia
ceph-selinux-13.0.1-3017.g5fee268.el7.x86_64 was compiled on a (CentOS) machine with selinux-policy-* version 3.13.1-166.el7_4.9 installed so that becomes the minimum requirement.
If we take a look at the environment we are trying to install in...
[root@smithi074 ~]# yum list selinux-policy-targeted --showduplicates|gawk '/rhel-7-server-rpms/&&/3.13.1-166.el7_4.[79]/' selinux-policy-targeted.noarch 3.13.1-166.el7_4.7 @rhel-7-server-rpms selinux-policy-targeted.noarch 3.13.1-166.el7_4.7 rhel-7-server-rpms
If I install and subscribe a fresh rhel7.4 system.
# yum list selinux-policy-targeted --showduplicates|gawk '/rhel-7-server-rpms/&&/3.13.1-166.el7_4.[79]/' selinux-policy-targeted.noarch 3.13.1-166.el7_4.7 rhel-7-server-rpms selinux-policy-targeted.noarch 3.13.1-166.el7_4.9 rhel-7-server-rpms
What about if I re-register it?
[root@smithi074 ~]# subscription-manager unregister Unregistering from: satellite.front.sepia.ceph.com:443/rhsm System has been unregistered. [root@smithi074 ~]# subscription-manager config --remove=server.hostname --remove=server.prefix --remove=rhsm.baseurl --remove=rhsm.full_refresh_on_yum --remove=rhsm.repo_ca_cert You have removed the value for section server and name hostname. The default value for hostname will now be used. You have removed the value for section server and name prefix. The default value for prefix will now be used. You have removed the value for section rhsm and name baseurl. The default value for baseurl will now be used. You have removed the value for section rhsm and name full_refresh_on_yum. The default value for full_refresh_on_yum will now be used. You have removed the value for section rhsm and name repo_ca_cert. The default value for repo_ca_cert will now be used. [root@smithi074 ~]# subscription-manager register --activationkey=XXX --org=XXX The system has been registered with ID: XXXX Installed Product Current Status: Product Name: Red Hat Enterprise Linux Server Status: Not Subscribed Unable to find available subscriptions for all your installed products. [root@smithi074 ~]# subscription-manager attach Installed Product Current Status: Product Name: Red Hat Enterprise Linux Server Status: Subscribed [root@smithi074 ~]# yum clean all Loaded plugins: fastestmirror, langpacks, priorities, product-id, search-disabled-repos, subscription-manager Cleaning repos: ceph ceph-noarch ceph-source epel lab-extras rhel-7-fcgi-ceph rhel-7-server-rpms Cleaning up everything Maybe you want: rm -rf /var/cache/yum, to also free up space taken by orphaned data from disabled or removed repos Cleaning up list of fastest mirrors [root@smithi074 ~]# yum list selinux-policy-targeted --showduplicates|gawk '/rhel-7-server-rpms/&&/3.13.1-166.el7_4.[79]/' selinux-policy-targeted.noarch 3.13.1-166.el7_4.7 @rhel-7-server-rpms selinux-policy-targeted.noarch 3.13.1-166.el7_4.7 rhel-7-server-rpms selinux-policy-targeted.noarch 3.13.1-166.el7_4.9 rhel-7-server-rpms
So it appears the rhel-7-server-rpms channel on satellite.front.sepia.ceph.com is not up to date.
Updated by Yuri Weinstein about 6 years ago
- Assignee set to David Galloway
David, can you take a look pls?
Updated by David Galloway about 6 years ago
- Assignee changed from David Galloway to Yuri Weinstein
D'oh. I set up a daily sync task on the Satellite but failed to add any repos to the task.
I've synced all repos. Can you try this again please and let me know if you run into the same problem?
Updated by Yuri Weinstein about 6 years ago
Updated by David Galloway about 6 years ago
Yuri Weinstein wrote:
Still errors, see => http://pulpito.ceph.com/teuthology-2018-03-14_14:24:19-smoke-master-testing-basic-smithi/
Well, you're getting SELinux denials now instead of package installation errors.
SELinux denials found on ubuntu@smithi196.front.sepia.ceph.com: ['type=AVC msg=audit(1521039078.707:2154): avc: denied { module_request } for pid=9074 comm="rhsmd" kmod=6E65746465762D70BE4916D87F scontext=system_u:system_r:rhsmcertd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=system permissive=1', 'type=AVC msg=audit(1521039156.076:2165): avc: denied { module_request } for pid=9074 comm="rhsmd" kmod=6E65746465762DC0752F16D87F scontext=system_u:system_r:rhsmcertd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=system permissive=1']
The proper thing to do would probably be to report a BZ.
The quick thing would be to whitelist rhsmd SELinux denials.
Updated by Yuri Weinstein about 6 years ago
- Assignee changed from Yuri Weinstein to Boris Ranto
Boris, what do you think?
Updated by David Galloway about 6 years ago
Re-run with teuthology branch wip-rhsm-selinux
Updated by David Galloway about 6 years ago
Looks good.
Updated by Yuri Weinstein about 6 years ago
- Status changed from New to Resolved
- Assignee changed from Boris Ranto to David Galloway