[Bugs] [Bug 1470040] packaging: Upgrade glusterfs-ganesha sometimes fails to semanage ganesha_uses_fuse

bugzilla at redhat.com bugzilla at redhat.com
Wed Jul 12 10:31:21 UTC 2017 

https://bugzilla.redhat.com/show_bug.cgi?id=1470040

Kaleb KEITHLEY <kkeithle at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |Triaged
             Status|NEW                         |ASSIGNED
           Assignee|bugs at gluster.org            |kkeithle at redhat.com



--- Comment #1 from Kaleb KEITHLEY <kkeithle at redhat.com> ---
This is what is happening during an update:

According to the yum logs the system first had
selinux-policy-targeted-3.13.1-102.el7_3.16. There is no ganesha_use_fusefs in
this package.

Then the system was updated to RHEL-7.4. glusterfs-ganesha was updated at
18:00:12. Then at 18:00:37 selinux-policy-targeted was updated to
3.13.1-166.el7. This has ganesha_use_fusefs.

ganesha_use_fusefs still wasn't available when glusterfs-ganesha was updated so
the semanage command (silently) failed.

rpm only allows a 'Requires: selinux-policy-targeted >= NV'. I.e. NV = 3.13.1.
It doesn't allow a 'Requires: selinux-policy-targeted >= NVR'. I.e. NVR =
3.13.1-166.

Thus, for the purposes of upgrading, 3.13.1-102.el7_3.16 satisfies the
Requires: but doesn't have the necessary ganesha_fuse_fusefs for the %post to
work.

Of course on a fresh install you will get the correct version of
selinux-policy-targeted and everything works as expected.

Off the top of my head the only way to force selinux-policy-targeted to be
updated before glusterfs-ganesha is to explicitly update it first, before
applying the rest of the update. IOW this has to be prominently documented in
the Release Notes.

--- Additional comment from Lukas Vrabec on 2017-07-12 03:05:29 EDT ---

Kaleb, 

There is a trigger , which you can use and do the post phase on the end of the
RPM transaction. Which means, that you'll have all the new packages updated and
then you switch on the SELinux boolean on.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

More information about the Bugs mailing list