[Users] engine-cleanup and then engine-setup - Failed to enable SELinux boolean

Itamar Heim iheim at redhat.com
Tue Sep 4 07:52:51 UTC 2012 

On 09/03/2012 08:56 PM, Mohsen Saeedi wrote:
> Another failure occur when handling HTTPD
> Handling HTTPD...                                               [ ERROR ]
> Failed to enable SELinux boolean
>
> I found the related line in log:
> 2012-09-03 22:18:23::DEBUG::setup_sequences::59::root:: running
> _configureSelinuxBoolean
> 2012-09-03 22:18:23::DEBUG::engine-setup::672::root:: Enable
> httpd_can_network_connect boolean
> 2012-09-03 22:18:23::DEBUG::common_utils::309::root:: Executing command
> --> '/usr/sbin/setsebool -P httpd_can_network_connect 1'
> 2012-09-03 22:18:44::DEBUG::common_utils::335::root:: output =
> 2012-09-03 22:18:44::DEBUG::common_utils::336::root:: stderr =
> libsepol.sepol_context_from_string: malformed context "(/.*)?" (Invalid
> argument).
> libsepol.sepol_context_from_string: could not construct context from
> string (Invalid argument).
> libsemanage.fcontext_parse: invalid security context "(/.*)?"
> (/etc/selinux/targeted/modules/tmp//file_contexts.local: 6)
> /virt/iso    (/.*)?    system_u:object_r:public_content_rw_t:s0 (Invalid
> argument).
> libsemanage.fcontext_parse: could not parse file context record (Invalid
> argument).
> libsemanage.dbase_file_cache: could not cache file database (Invalid
> argument).
> libsemanage.enter_ro: could not enter read-only section (Invalid argument).
> Could not change policy booleans
>
> 2012-09-03 22:18:44::DEBUG::common_utils::337::root:: retcode = 255
> 2012-09-03 22:18:44::DEBUG::setup_sequences::62::root:: Traceback (most
> recent call last):
>    File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 60,
> in run
>      function()
>    File "/usr/bin/engine-setup", line 674, in _configureSelinuxBoolean
>      out, rc = utils.execCmd(cmd, None, True,
> output_messages.ERR_FAILED_UPDATING_SELINUX_BOOLEAN)
>    File "/usr/share/ovirt-engine/scripts/common_utils.py", line 340, in
> execCmd
>      raise Exception(msg)
> Exception: Failed to enable SELinux boolean
>
> Any help? is it a bug?
>
>
> /*Tim Hildred <thildred at redhat.com>*/ wrote on Sun, 2 Sep 2012 19:30:39
> -0400 (EDT):
>> Hey Mohsen;
>>
>> Did you check /etc/sysconfig/selinux to ensure that "SELINUX=enforcing"?
>>
>> If you set it with setenforce, it would have reverted to whatever is in that file on any reboots.
>>
>> At least that was my problem when I got that error.
>>
>> Tim Hildred, RHCE
>> Content Author II - Engineering Content Services, Red Hat, Inc.
>> Brisbane, Australia
>> Email:thildred at redhat.com
>> Internal: 8588287
>> Mobile: +61 4 666 25242
>> IRC: thildred
>>
>> ----- Original Message -----
>>> From: "Mohsen Saeedi"<mohsen.saeedi at gmail.com>
>>> To:users at ovirt.org
>>> Sent: Monday, September 3, 2012 6:59:47 AM
>>> Subject: [Users] engine-cleanup and then engine-setup - Failed to enable	SELinux boolean
>>>
>>>
>>> Hi
>>> i'm usign Ovirt 3.1 on the Centos 6.3 x64.
>>> I use engine-cleanup and then use engine-setup again. everything was
>>> ok but i got the SELinux error at the end of configuration:
>>>
>>> Proceed with the configuration listed above? (yes|no): yes
>>>
>>> Installing:
>>> AIO: Validating CPU Compatibility... [ DONE ]
>>> Configuring oVirt-engine... [ DONE ]
>>> Creating CA... [ DONE ]
>>> Editing JBoss Configuration... [ DONE ]
>>> Setting Database Configuration... [ DONE ]
>>> Setting Database Security... [ DONE ]
>>> Creating Database... [ DONE ]
>>> Updating the Default Data Center Storage Type... [ DONE ]
>>> Editing oVirt Engine Configuration... [ DONE ]
>>> Editing Postgresql Configuration... [ DONE ]
>>> Configuring the Default ISO Domain... [ DONE ]
>>> Configuring Firewall (iptables)... [ DONE ]
>>> Starting JBoss Service... [ DONE ]
>>> Handling HTTPD... [ ERROR ]
>>> Failed to enable SELinux boolean
>>> Please check log file
>>> /var/log/ovirt-engine/engine-setup_2012_09_03_01_17_41.log for more
>>> information
>>>
>>> I Attached the log file.
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>

the last patch i see touching selinux (not sure if made ovirt 3.1) is:

commit bab7eadb8dc239c451142ec7130e19f1d13781de
Author: Ofer Schreiber <oschreib at redhat.com>
Date:   Sun Jun 24 10:38:03 2012 +0300

     packaging: engine-setup - Use semange instead of setsebool

     engine-setup should use semanage commands insteam of setsebool, since
     setsebool works only when selinux is enabled.

     Change-Id: Ia7cd17036c503c7765887bb7bf26b131c727f0df
     Signed-off-by: Ofer Schreiber <oschreib at redhat.com>

More information about the Users mailing list