This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to configure selinux

Hi

While configuring selinux, I am facing following known issue:

./vastool -d5 configure selinux
2019-05-13 12:39:42 [debug] (130172) _init_ipc_function_table: Initialized cache access via IPC.
2019-05-13 12:39:42 [debug] (130172) libvas_setup_krb5_plugins: Successfully registered QAS kuserok plugin

2019-05-13 12:39:42 [debug] (130172) libvas_setup_krb5_plugins: Successfully registered QAS send_to plugin

Adding vasd SELinux Policy ... 2019-05-13 12:39:42 [debug] (130172) vas_process_wait_for: WEXITSTATUS returned 1
Failed
=====BEGIN /opt/quest/libexec/vas/selinux/configure_vas_selinux.sh OUTPUT=====
Missing /usr/share/selinux/devel/Makefile, dependencies not met
=====END /opt/quest/libexec/vas/selinux/configure_vas_selinux.sh OUTPUT=====
2019-05-13 12:39:42 [debug] (130172) vastool command: /opt/quest/bin/vastool -d5 configure selinux

First, it is dependent on devel package, which is not allowed to most servers [as mentioned in foll. ticket].

https://support.oneidentity.com/authentication-services/kb/263967/-vastool-configure-selinux-command-fails

As a resolution, one of your ticket says to "Provide the SeLinux configuration functionality without a dependency on the SeLinux Dev packag""

https://support.oneidentity.com/kb/267707/unable-to-run-the-vastool-configure-selinux-command-without-selinux-devel-tools-installed

When will the package will be provided?

Is there a workaround to avoid the devel package?

Also, while installing "selinux-policy-devel" packake I am facing following error:

[root@vmx3264 bin]# yum install selinux-policy-devel
Resolving Dependencies
--> Running transaction check
---> Package selinux-policy-devel.noarch 0:3.13.1-166.el7 will be installed
--> Processing Dependency: selinux-policy = 3.13.1-166.el7 for package: selinux- policy-devel-3.13.1-166.el7.noarch
--> Processing Dependency: policycoreutils-devel >= 2.5 for package: selinux-pol icy-devel-3.13.1-166.el7.noarch
--> Running transaction check
---> Package policycoreutils-devel.x86_64 0:2.5-17.1.el7 will be installed
---> Package selinux-policy-devel.noarch 0:3.13.1-166.el7 will be installed
--> Processing Dependency: selinux-policy = 3.13.1-166.el7 for package: selinux- policy-devel-3.13.1-166.el7.noarch
--> Finished Dependency Resolution
Error: Package: selinux-policy-devel-3.13.1-166.el7.noarch (core-0)
Requires: selinux-policy = 3.13.1-166.el7
Installed: selinux-policy-3.13.1-166.el7_4.9.noarch (@rhel_errata)
selinux-policy = 3.13.1-166.el7_4.9
Available: selinux-policy-3.13.1-166.el7.noarch (core-0)
selinux-policy = 3.13.1-166.el7
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest

Regards

Raj

  • Awaiting expert advice or comments...

  • Jason Bauer here from One Identity Support. Apologies for the delay in response.

    Regarding your comments

    "First, it is dependent on devel package, which is not allowed to most servers...When will the package will be provided?"

    As you pointed out a change request has been raised for this issue:
    798361 - Provide the SeLinux configuration functionality without a dependency on the SELinux Dev package.

    At this time we do not have an ETA on this fix. You can check the list of Resolved Issues and Enhancement Requests published within the product release notes to determine if this specific Change Request is included in an upcoming release.

    You can also contact your One Identity account representative who can work the Product Manager to provide an update.

    Unfortunately I don't know the cause the error you are seeing during your install of the Linux "selinux-policy-devel" package.
    I would suggest contacting your OS Vendor for advise on how to resolve this.

    Thank you,

    Jason Bauer