Why does SELinux block script execution by yum while removing java-1.6.0-openjdk package?
Issue
- When trying to clean up some unnecessary packages on the server, getting errors in the
%post
processing, such as:
Running Transaction
Erasing : 1:java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.x86_64 1/1
warning: %postun(java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el6_7.x86_64) scriptlet failed, exit status 127
Non-fatal POSTUN scriptlet failure in rpm package java-1.6.0-openjdk
Verifying : 1:java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.x86_64 1/1
Removed:
java-1.6.0-openjdk.x86_64 1:1.6.0.36-1.13.8.1.el6_7
Complete!
- The relavent AVC log seems to be:
type=PATH msg=audit(1439230146.345:366): item=0 name="/bin/sh" inode=5929 dev=fd:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 nametype=NORMAL
type=CWD msg=audit(1439230146.345:366): cwd="/"
type=SYSCALL msg=audit(1439230146.345:366): arch=c000003e syscall=59 success=no exit=-13 a0=32443f0 a1=34deca0 a2=7fff3229c630 a3=1f items=1 ppid=7079 pid=7089 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4294967295 comm="yum" exe="/usr/bin/python" subj=system_u:system_r:inetd_child_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1439230146.345:366): avc: denied { transition } for pid=7089 comm="yum" path="/bin/bash" dev=dm-1 ino=5929 scontext=system_u:system_r:inetd_child_t:s0-s0:c0.c1023 tcontext=system_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=process
Environment
- Red Hat Enterprise Linux 6
- SELinux
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.