Why does SELinux block script execution by yum while removing java-1.6.0-openjdk package?

Solution Verified - Updated -

Issue

  • When trying to clean up some unnecessary packages on the server, getting errors in the %post processing, such as:
Running Transaction
  Erasing    : 1:java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.x86_64        1/1
warning: %postun(java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el6_7.x86_64) scriptlet failed, exit status 127
Non-fatal POSTUN scriptlet failure in rpm package java-1.6.0-openjdk
  Verifying  : 1:java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.x86_64        1/1

Removed:
  java-1.6.0-openjdk.x86_64 1:1.6.0.36-1.13.8.1.el6_7

Complete!
  • The relavent AVC log seems to be:
type=PATH msg=audit(1439230146.345:366): item=0 name="/bin/sh" inode=5929 dev=fd:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 nametype=NORMAL
type=CWD msg=audit(1439230146.345:366):  cwd="/"
type=SYSCALL msg=audit(1439230146.345:366): arch=c000003e syscall=59 success=no exit=-13 a0=32443f0 a1=34deca0 a2=7fff3229c630 a3=1f items=1 ppid=7079 pid=7089 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4294967295 comm="yum" exe="/usr/bin/python" subj=system_u:system_r:inetd_child_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1439230146.345:366): avc:  denied  { transition } for  pid=7089 comm="yum" path="/bin/bash" dev=dm-1 ino=5929 scontext=system_u:system_r:inetd_child_t:s0-s0:c0.c1023 tcontext=system_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=process

Environment

  • Red Hat Enterprise Linux 6
  • SELinux

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In