Jonathan Rawle wrote:
I have a problem installing updates via yum. I usually type
sudo yum update
and have sudoers set up to allow this. However, I've recently started to see
messages of the form:
error: %pre(packagename) scriptlet failed, exit status 255
It seems to install the new package, but does not remove the old one, which
has taken some sorting out!
It also doesn't work if I su to root and type yum update. But it DOES work
if I disable SELinux with setenforce 0
I'm seeing the following AVC messages in dmesg:
audit(1172787681.632:38): avc: denied { transition } for pid=7147
comm="yum" name="bash" dev=sda1 ino=2154415
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=process
Seeing as we don't have everyone complaining that yum is broken, I assume my
filesystem is wrongly labelled or something. I did fixfiles check and
couldn't see anything that looked significant...
Why is it xdm_t? Is it something to do with me using kdm as my login manager
(most people use gdm)?
So I wondered if anyone has any ideas of how to fix this? I don't want to
have to switch off enforcing every time I do an update!
Thanks in advance,
Jonathan
I'd drop to runlevel 1 and then run 'fixfiles relabel' and answer yes to
remove files in /tmp. Of course if you store files there, you ought to
pick a different location.
After relabeling a reboot is needed especially if you cleared the /tmp
files.
I used to run 'setenforce 0' quite a bit before running yum because of
the Exit Status 255 error with the scriptlets that were related to
SELinux. Either by pure luck or because of the security content being
corrected, I no longer needed to setenforce to 0 before updating after
the relabeling.
It is a bug and has been because of system policy in some cases and at
the package level in other cases.
Jim
--
Excellent time to become a missing person.
