Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1497091

Summary: brlapi uninstallable on Rawhide armv7
Product: [Fedora] Fedora Reporter: Richard W.M. Jones <rjones>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: dwalsh, gwync, jskarvad, karsten, lsm5, lvrabec, mgrepl, ovasik, pknirsch, plautrba, pmoore, pvrabec, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: armv7l   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-02-20 11:20:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 910269    

Description Richard W.M. Jones 2017-09-29 07:33:52 UTC 
Description of problem:

$ sudo dnf install /usr/lib/libbrlapi.so.0.6 
Last metadata expiration check: 1:09:12 ago on Fri 29 Sep 2017 02:20:59 EDT.
Dependencies resolved.
================================================================================
 Package         Arch             Version                Repository        Size
================================================================================
Installing:
 brlapi          armv7hl          0.6.6-9.fc28           rawhide          150 k

Transaction Summary
================================================================================
Install  1 Package

Total download size: 150 k
Installed size: 416 k
Is this ok [y/N]: y
Downloading Packages:
brlapi-0.6.6-9.fc28.armv7hl.rpm                 3.2 MB/s | 150 kB     00:00    
--------------------------------------------------------------------------------
Total                                           134 kB/s | 150 kB     00:01     
warning: /var/cache/dnf/rawhide-805c449d99b9520f/packages/brlapi-0.6.6-9.fc28.armv7hl.rpm: Header V3 RSA/SHA256 Signature, key ID 9db62fb1: NOKEY
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Running scriptlet: brlapi-0.6.6-9.fc28.armv7hl                            1/1 
groupadd: cannot open /etc/gshadow
error: %prein(brlapi-0.6.6-9.fc28.armv7hl) scriptlet failed, exit status 10
Error in PREIN scriptlet in rpm package brlapi
Error in PREIN scriptlet in rpm package brlapi
brlapi-0.6.6-9.fc28.armv7hl was supposed to be installed but is not!
  Verifying        : brlapi-0.6.6-9.fc28.armv7hl                            1/1 

Failed:
  brlapi.armv7hl 0.6.6-9.fc28                                                   

Error: Transaction failed
Comment 1 Richard W.M. Jones 2017-09-29 07:34:46 UTC 
$ ll /etc/gshadow
----------. 1 root root 443 Sep 28 17:22 /etc/gshadow
Comment 2 Richard W.M. Jones 2017-09-29 07:37:09 UTC 
I had to set gshadow to 0666 (!) to install this package.  Even 0600
didn't work.
Comment 3 Gwyn Ciesla 2017-09-29 12:49:46 UTC 
%pre -n brlapi
getent group brlapi >/dev/null || groupadd -r brlapi >/dev/null

Sounds like a bug in setup.
Comment 4 Ondrej Vasik 2017-10-03 13:23:35 UTC 
No, definitely not a bug in setup - gshadow is handled through capabilities intentionally. Let's reassign that to shadow-utils - where utilities for adding groups and users live - but gshadow will stay as 000 , 666 is just number of devil and wrong for /etc/shadow and /etc/gshadow.
Comment 5 Tomas Mraz 2017-10-03 13:39:33 UTC 
This is fallout from the no dac_override policy change.
Comment 6 Lukas Vrabec 2017-10-04 08:16:48 UTC 
Tomas is right. 

Fixes will be available in next selinux-policy rawhide build.