Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1268883
Summary: | Installation of chroot failed with package manager yum. | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Lukas Slebodnik <lslebodn> | ||||
Component: | rpm | Assignee: | Packaging Maintenance Team <packaging-team-maint> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 23 | CC: | crobinso, dwalsh, jdisnard, jzeleny, lkardos, marcus.moeller, mebrown, mgrepl, msimacek, msuchy, novyjindrich, packaging-team-maint, pknirsch, pmatilai, praiskup, stefw, vmukhame, williams | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | rpm-4.13.0-0.rc1.4.fc23 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2015-11-01 02:39:55 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Lukas Slebodnik
2015-10-05 14:15:49 UTC
Created attachment 1079977 [details]
root.log
I can confirm that it fails with --yum and succeed with --dnf. Mock on F23 use python3, F22 use python2. However even if I changed shebang of mock to python2 it still behave the same, so that is not an issue. I tested it in permissive mode - it still fails. I will try it in disabled tomorrow. Valentina - as this happen only with yum, do you have an idea what can be the cause? It works fine on fedora 22 with the same root (fedora-23-x86_64). It works with yum and dnf. It works with SELinux disabled - therefore flipping to selinux component. If you find that there is something bad in mock then do not hesitate to flip it back. Strange part is that in audit.log there is no denied lines. Only those (beside success ones): type=USER_AUTH msg=audit(1444120441.643:548): pid=2832 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="msuchy" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=failed' type=USER_CMD msg=audit(1444120441.643:549): pid=2832 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/msuchy" cmd="bash" terminal=pts/0 res=failed' type=DEL_USER msg=audit(1444121209.633:570): pid=4039 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=deleting-user-not-found acct="mockbuild" exe="/usr/sbin/userdel" hostname=? addr=? terminal=? res=failed' type=DEL_USER msg=audit(1444121209.676:571): pid=4040 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=deleting-user-not-found acct="mockbuild" exe="/usr/sbin/userdel" hostname=? addr=? terminal=? res=failed' type=GRP_MGMT msg=audit(1444121209.701:572): pid=4041 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=delete-group acct="mockbuild" exe="/usr/sbin/groupdel" hostname=? addr=? terminal=? res=failed' type=DEL_USER msg=audit(1444121577.931:612): pid=11168 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=deleting-user-not-found acct="mockbuild" exe="/usr/sbin/userdel" hostname=? addr=? terminal=? res=failed' type=GRP_MGMT msg=audit(1444121577.957:613): pid=11169 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=delete-group acct="mockbuild" exe="/usr/sbin/groupdel" hostname=? addr=? terminal=? res=failed' type=DEL_USER msg=audit(1444121897.037:653): pid=12462 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=deleting-user-not-found acct="mockbuild" exe="/usr/sbin/userdel" hostname=? addr=? terminal=? res=failed' type=GRP_MGMT msg=audit(1444121897.063:654): pid=12463 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=delete-group acct="mockbuild" exe="/usr/sbin/groupdel" hostname=? addr=? terminal=? res=failed' type=DEL_USER msg=audit(1444122350.434:673): pid=12736 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=deleting-user-not-found acct="mockbuild" exe="/usr/sbin/userdel" hostname=? addr=? terminal=? res=failed' type=GRP_MGMT msg=audit(1444122350.460:674): pid=12737 uid=0 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=delete-group acct="mockbuild" exe="/usr/sbin/groupdel" hostname=? addr=? terminal=? res=failed' type=SERVICE_START msg=audit(1444122403.155:729): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dracut-shutdown comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' type=SERVICE_START msg=audit(1444122403.301:738): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=firewalld comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' type=SERVICE_START msg=audit(1444122403.301:739): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=abrtd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' type=DEL_USER msg=audit(1444122554.620:545): pid=2623 uid=0 auid=1000 ses=1 msg='op=deleting-user-not-found acct="mockbuild" exe="/usr/sbin/userdel" hostname=? addr=? terminal=? res=failed' type=GRP_MGMT msg=audit(1444122554.645:546): pid=2624 uid=0 auid=1000 ses=1 msg='op=delete-group acct="mockbuild" exe="/usr/sbin/groupdel" hostname=? addr=? terminal=? res=failed' (In reply to Miroslav Suchý from comment #5) > It works with SELinux disabled - therefore flipping to selinux component. If > you find that there is something bad in mock then do not hesitate to flip it > back. Do you mean with permissive mode? Let me to test it. > > Strange part is that in audit.log there is no denied lines. Only those > (beside success ones): > type=USER_AUTH msg=audit(1444120441.643:548): pid=2832 uid=1000 auid=1000 > ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > msg='op=PAM:authentication grantors=? acct="msuchy" exe="/usr/bin/sudo" > hostname=? addr=? terminal=/dev/pts/0 res=failed' > type=USER_CMD msg=audit(1444120441.643:549): pid=2832 uid=1000 auid=1000 > ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > msg='cwd="/home/msuchy" cmd="bash" terminal=pts/0 res=failed' > type=DEL_USER msg=audit(1444121209.633:570): pid=4039 uid=0 auid=1000 ses=1 > subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > msg='op=deleting-user-not-found acct="mockbuild" exe="/usr/sbin/userdel" > hostname=? addr=? terminal=? res=failed' > type=DEL_USER msg=audit(1444121209.676:571): pid=4040 uid=0 auid=1000 ses=1 > subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > msg='op=deleting-user-not-found acct="mockbuild" exe="/usr/sbin/userdel" > hostname=? addr=? terminal=? res=failed' > type=GRP_MGMT msg=audit(1444121209.701:572): pid=4041 uid=0 auid=1000 ses=1 > subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > msg='op=delete-group acct="mockbuild" exe="/usr/sbin/groupdel" hostname=? > addr=? terminal=? res=failed' > type=DEL_USER msg=audit(1444121577.931:612): pid=11168 uid=0 auid=1000 ses=1 > subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > msg='op=deleting-user-not-found acct="mockbuild" exe="/usr/sbin/userdel" > hostname=? addr=? terminal=? res=failed' > type=GRP_MGMT msg=audit(1444121577.957:613): pid=11169 uid=0 auid=1000 ses=1 > subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > msg='op=delete-group acct="mockbuild" exe="/usr/sbin/groupdel" hostname=? > addr=? terminal=? res=failed' > type=DEL_USER msg=audit(1444121897.037:653): pid=12462 uid=0 auid=1000 ses=1 > subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > msg='op=deleting-user-not-found acct="mockbuild" exe="/usr/sbin/userdel" > hostname=? addr=? terminal=? res=failed' > type=GRP_MGMT msg=audit(1444121897.063:654): pid=12463 uid=0 auid=1000 ses=1 > subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > msg='op=delete-group acct="mockbuild" exe="/usr/sbin/groupdel" hostname=? > addr=? terminal=? res=failed' > type=DEL_USER msg=audit(1444122350.434:673): pid=12736 uid=0 auid=1000 ses=1 > subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > msg='op=deleting-user-not-found acct="mockbuild" exe="/usr/sbin/userdel" > hostname=? addr=? terminal=? res=failed' > type=GRP_MGMT msg=audit(1444122350.460:674): pid=12737 uid=0 auid=1000 ses=1 > subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > msg='op=delete-group acct="mockbuild" exe="/usr/sbin/groupdel" hostname=? > addr=? terminal=? res=failed' > type=SERVICE_START msg=audit(1444122403.155:729): pid=1 uid=0 > auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 > msg='unit=dracut-shutdown comm="systemd" exe="/usr/lib/systemd/systemd" > hostname=? addr=? terminal=? res=failed' > type=SERVICE_START msg=audit(1444122403.301:738): pid=1 uid=0 > auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 > msg='unit=firewalld comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? > addr=? terminal=? res=failed' > type=SERVICE_START msg=audit(1444122403.301:739): pid=1 uid=0 > auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 > msg='unit=abrtd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? > addr=? terminal=? res=failed' > type=DEL_USER msg=audit(1444122554.620:545): pid=2623 uid=0 auid=1000 ses=1 > msg='op=deleting-user-not-found acct="mockbuild" exe="/usr/sbin/userdel" > hostname=? addr=? terminal=? res=failed' > type=GRP_MGMT msg=audit(1444122554.645:546): pid=2624 uid=0 auid=1000 ses=1 > msg='op=delete-group acct="mockbuild" exe="/usr/sbin/groupdel" hostname=? > addr=? terminal=? res=failed' (In reply to Miroslav Grepl from comment #6) > (In reply to Miroslav Suchý from comment #5) > > It works with SELinux disabled - therefore flipping to selinux component. If > > you find that there is something bad in mock then do not hesitate to flip it > > back. > > Do you mean with permissive mode? Let me to test it. > Ah, I see it. You mean disabled ;-). I cannot see any avc or user_avc even with disabled dontaudit. IMHO, the most important fact is that it works on fedora 22. So I tried to downgrade few mock dependencies (f23->f22) and it seems that bug is caused by one of following packages: Downgrading : rpm-plugin-selinux-4.12.0.1-12.fc22.x86_64 1/26 Downgrading : rpm-libs-4.12.0.1-12.fc22.x86_64 2/26 Downgrading : rpm-4.12.0.1-12.fc22.x86_64 3/26 Downgrading : drpm-0.2.0-2.fc22.x86_64 4/26 Downgrading : rpm-build-libs-4.12.0.1-12.fc22.x86_64 5/26 Downgrading : createrepo_c-libs-0.9.0-3.fc22.x86_64 6/26 Downgrading : grub2-tools-1:2.02-0.16.fc22.x86_64 7/26 Downgrading : grub2-1:2.02-0.16.fc22.x86_64 8/26 Downgrading : createrepo_c-0.9.0-3.fc22.x86_64 9/26 Downgrading : rpm-python3-4.12.0.1-12.fc22.x86_64 10/26 Downgrading : rpm-python-4.12.0.1-12.fc22.x86_64 11/26 Downgrading : deltarpm-3.6-8.fc22.x86_64 12/26 Downgrading : rpm-plugin-systemd-inhibit-4.12.0.1-12.fc22.x86_64 13/26 Erasing : rpm-python-4.13.0-0.rc1.3.fc23.x86_64 14/26 Erasing : rpm-python3-4.13.0-0.rc1.3.fc23.x86_64 15/26 Erasing : createrepo_c-0.9.0-4.fc23.x86_64 16/26 Erasing : grub2-1:2.02-0.23.fc23.x86_64 17/26 Erasing : createrepo_c-libs-0.9.0-4.fc23.x86_64 18/26 Erasing : drpm-0.2.0-3.fc23.x86_64 19/26 Erasing : grub2-tools-1:2.02-0.23.fc23.x86_64 20/26 Erasing : rpm-build-libs-4.13.0-0.rc1.3.fc23.x86_64 21/26 Erasing : rpm-plugin-systemd-inhibit-4.13.0-0.rc1.3.fc23.x86_64 22/26 Erasing : deltarpm-3.6-11.fc23.x86_64 23/26 Erasing : rpm-plugin-selinux-4.13.0-0.rc1.3.fc23.x86_64 24/26 Erasing : rpm-libs-4.13.0-0.rc1.3.fc23.x86_64 25/26 Erasing : rpm-4.13.0-0.rc1.3.fc23.x86_64 26/26 I had to downgrade them in bulk due to dependencies. So chroot can be prepared with yum after downgrading packages and it also fix errors in scriptlets. e.g. DEBUG util.py:393: Error unpacking rpm package sgml-common-0.6.3-43.fc23.noarch DEBUG util.py:393: error: unpacking of archive failed on file /etc/sgml/sgml.conf;56136a41: cpio: open DEBUG util.py:393: Installing : docbook-dtds-1.0-64.fc23.noarch 110/152 DEBUG util.py:393: error: sgml-common-0.6.3-43.fc23.noarch: install failed DEBUG util.py:393: warning: %post(docbook-dtds-1.0-64.fc23.noarch) scriptlet failed, exit status 126 DEBUG util.py:393: Non-fatal POSTIN scriptlet failure in rpm package docbook-dtds-1.0-64.fc23.noarch DEBUG util.py:393: Installing : procps-ng-3.3.10-9.fc23.x86_64 111/152 DEBUG util.py:393: warning: %post(procps-ng-3.3.10-9.fc23.x86_64) scriptlet failed, exit status 126 DEBUG util.py:393: Non-fatal POSTIN scriptlet failure in rpm package procps-ng-3.3.10-9.fc23.x86_64 DEBUG util.py:393: Installing : initscripts-9.64-1.fc23.x86_64 112/152 DEBUG util.py:393: error: unpacking of archive failed on file /usr/lib/systemd/system/basic.target.wants/fedora-autorelabel-mark.service;56136a41: cpio: symlinkError unpacking rpm package initscripts-9.64-1.fc23.x86_64 DEBUG util.py:393: error: initscripts-9.64-1.fc23.x86_64: install failed DEBUG util.py:393: error: %prein(cyrus-sasl-2.1.26-25.2.fc23.x86_64) scriptlet failed, exit status 126 DEBUG util.py:393: Error in PREIN scriptlet in rpm package cyrus-sasl-2.1.26-25.2.fc23.x86_64 DEBUG util.py:393: Installing : cyrus-sasl-devel-2.1.26-25.2.fc23.x86_64 114/152 DEBUG util.py:393: error: cyrus-sasl-2.1.26-25.2.fc23.x86_64: install failed DEBUG util.py:393: Installing : jsoncpp-0.6.0-0.18.rc2.fc23.x86_64 115/152 DEBUG util.py:393: warning: %post(jsoncpp-0.6.0-0.18.rc2.fc23.x86_64) scriptlet failed, exit status 126 DEBUG util.py:393: Non-fatal POSTIN scriptlet failure in rpm package jsoncpp-0.6.0-0.18.rc2.fc23.x86_64 DEBUG util.py:393: Installing : cmake-3.3.2-1.fc23.x86_64 116/152 DEBUG util.py:393: Installing : libverto-devel-0.2.6-5.fc23.x86_64 117/152 DEBUG util.py:393: Installing : m4-1.4.17-8.fc23.x86_64 118/152 Yes, I see the same issue. How is it possible that it works with selinux disabled and it does not work in permissive mode? I am only aware of: http://danwalsh.livejournal.com/?skip=20#post-danwalsh-67855 but I do not see those in logs. *** Bug 1269675 has been marked as a duplicate of this bug. *** I'd say this is a regression in the rpm plugin, caused by this commit: http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=148e82833a384b438547c2d3610e3df4a50cf997 The new code path using setexecfilecon() misses this fairly subtle quirk: http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=9c082fb8689efdaa5a595d3043e67ccec4ed930c (In reply to Panu Matilainen from comment #14) > I'd say this is a regression in the rpm plugin, caused by this commit: > http://rpm.org/gitweb?p=rpm.git;a=commitdiff; > h=148e82833a384b438547c2d3610e3df4a50cf997 > > The new code path using setexecfilecon() misses this fairly subtle quirk: > http://rpm.org/gitweb?p=rpm.git;a=commitdiff; > h=9c082fb8689efdaa5a595d3043e67ccec4ed930c Do you know why there is not a problem with dnf? /usr/bin/mock --dnf --root fedora-23-x86_64 --resultdir . --rebuild sssd-1.13.1-1.fc24.src.rpm Does the dnf ignores such errors or does dnf implement something differently which should be fixed? Sorry, no idea. Could be many things, like differences between rpm transaction flags (plugins or no plugins, contexts or no contexts) and whatnot. (In reply to Panu Matilainen from comment #16) > Sorry, no idea. Could be many things, like differences between rpm > transaction flags (plugins or no plugins, contexts or no contexts) and > whatnot. It might be worth to file a tracking ticket to investigate it. I hope dnf do not ignore such important things as setexecfilecon or some rpm plugins. (In reply to Lukas Slebodnik from comment #17) > (In reply to Panu Matilainen from comment #16) > > Sorry, no idea. Could be many things, like differences between rpm > > transaction flags (plugins or no plugins, contexts or no contexts) and > > whatnot. > > It might be worth to file a tracking ticket to investigate it. > I hope dnf do not ignore such important things as setexecfilecon or some rpm > plugins. Yeah, figuring out where exactly the difference comes from is indeed important. That dnf is not affected by this suggests it might not be setting the contexts at all, but whether its due to differences from mock cli options or dnf vs yum themselves... Panu, Could you backport patch to fedora rawhide and fedora 23? ATM, I am not able to rebuild src.rpm for epel* on my fedora 23. Neither yum nor dnf is usable with mock on my machine. That is up to the current rpm maintainers. I'm no longer directly involved, I merely pointed out the likely culprit. rpm-4.13.0-0.rc1.4.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-303d802c91 rpm-4.13.0-0.rc1.4.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update rpm' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-303d802c91 *** Bug 1270663 has been marked as a duplicate of this bug. *** *** Bug 1276068 has been marked as a duplicate of this bug. *** rpm-4.13.0-0.rc1.4.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. |