Why does SELinux block script execution by yum while removing java-1.6.0-openjdk package?
Issue
- When trying to clean up some unnecessary packages on the server, getting errors in the
%postprocessing, such as:
Running Transaction
Erasing : 1:java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.x86_64 1/1
warning: %postun(java-1.6.0-openjdk-1:1.6.0.36-1.13.8.1.el6_7.x86_64) scriptlet failed, exit status 127
Non-fatal POSTUN scriptlet failure in rpm package java-1.6.0-openjdk
Verifying : 1:java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el6_7.x86_64 1/1
Removed:
java-1.6.0-openjdk.x86_64 1:1.6.0.36-1.13.8.1.el6_7
Complete!
- The relavent AVC log seems to be:
type=PATH msg=audit(1439230146.345:366): item=0 name="/bin/sh" inode=5929 dev=fd:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 nametype=NORMAL
type=CWD msg=audit(1439230146.345:366): cwd="/"
type=SYSCALL msg=audit(1439230146.345:366): arch=c000003e syscall=59 success=no exit=-13 a0=32443f0 a1=34deca0 a2=7fff3229c630 a3=1f items=1 ppid=7079 pid=7089 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4294967295 comm="yum" exe="/usr/bin/python" subj=system_u:system_r:inetd_child_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1439230146.345:366): avc: denied { transition } for pid=7089 comm="yum" path="/bin/bash" dev=dm-1 ino=5929 scontext=system_u:system_r:inetd_child_t:s0-s0:c0.c1023 tcontext=system_u:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=process
Environment
- Red Hat Enterprise Linux 6
- SELinux
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
