Bug 1213593

Summary: SELinux: adjust rpm macros for SUSE paths
Product: [Novell Products] SUSE Security Incidents Reporter: Johannes Segitz <jsegitz>
Component: GeneralAssignee: Johannes Segitz <jsegitz>
Status: REOPENED --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: joseph.oaks
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Johannes Segitz 2023-07-24 11:02:29 UTC 
https://github.com/rancher/rke2-selinux/issues/46

the issue is that /usr/lib/rpm/macros.d/macros.selinux-policy uses a directory that isn't present on SUSE systems
Comment 2 Maintenance Automation 2023-07-27 16:30:22 UTC 
SUSE-RU-2023:3003-1: An update that has one recommended fix can now be installed.

Category: recommended (moderate)
Bug References: 1213593
Sources used:
SUSE Linux Enterprise Micro for Rancher 5.4 (src): selinux-policy-20230511+git3.b78f5aff-150400.4.9.1
SUSE Linux Enterprise Micro 5.4 (src): selinux-policy-20230511+git3.b78f5aff-150400.4.9.1
openSUSE Leap Micro 5.4 (src): selinux-policy-20230511+git3.b78f5aff-150400.4.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Johannes Segitz 2023-08-04 11:44:00 UTC 
fixed
Comment 6 Joseph Oaks 2023-08-04 19:13:02 UTC 
This bug seems to have been overlooked in previous versions... SLE-Micro 5.3 gives the exact same error using both 0.12 and 0.14...

Retrieving: rke2-selinux-0.14-1.slemicro.noarch (Plain RPM files cache) (1/3),  20.5 KiB
(1/3) Installing: rke2-selinux-0.14-1.slemicro.noarch [..
cp: cannot create regular file '/var/lib/rpm-state/file_contexts.pre': No such file or directory
error: %prein(rke2-selinux-0.14-1.slemicro.noarch) scriptlet failed, exit status 1
error: rke2-selinux-0.14-1.slemicro.noarch: install failed
error]
Installation of rke2-selinux-0.14-1.slemicro.noarch failed:
Error: Subprocess failed. Error: RPM failed: Command exited with status 1.

Attempted to do both 0.14 and 0.12 and 0.12 had the same issue.
Comment 7 Johannes Segitz 2023-08-14 09:52:49 UTC 
I just submitted this for SLE-Micro 5.3, but this will not fix the issue. The core problem is that rk2-selinux is build on Centos and therefor uses their macros. This must be changed so that this builds on SLE Micro, because this will cause further issues down the road.
Comment 9 Maintenance Automation 2023-08-17 12:30:26 UTC 
SUSE-RU-2023:3334-1: An update that has one recommended fix can now be installed.

Category: recommended (moderate)
Bug References: 1213593
Sources used:
SUSE Linux Enterprise Micro for Rancher 5.3 (src): selinux-policy-20210716-150400.5.3.1
SUSE Linux Enterprise Micro 5.3 (src): selinux-policy-20210716-150400.5.3.1
openSUSE Leap Micro 5.3 (src): selinux-policy-20210716-150400.5.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.