You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With the introduction of "Set home dir in spec" #94 we are experiencing an issue on selinux enforcing machines:
Running scriptlet: theia-1.34.1-1.x86_64 10/10
useradd: cannot create directory /usr/lib/theia
error: %prein(theia-1.34.1-1.x86_64) scriptlet failed, exit status 12
Error in PREIN scriptlet in rpm package theia
error: theia-1.34.1-1.x86_64: install failed
Apparently, the useradd command is not allowed to create directories in /usr/lib/:
[root@localhost ~]# audit2allow -w -a
type=AVC msg=audit(1678694795.019:138): avc: denied { write } for pid=27979 comm="useradd" name="lib" dev="dm-0" ino=135 scontext=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=dir permissive=0
Was caused by:
Missing type enforcement (TE) allow rule.
You can use audit2allow to generate a loadable module to allow this access.
As a workaround, it's possible to create the directory before installing the package or defining a custom selinux policy. However, I think it would be a good idea to add a mkdir in the preinstall script before executing the useradd command or allow the user to overwrite the home directory.
The text was updated successfully, but these errors were encountered:
Hi there
With the introduction of "Set home dir in spec" #94 we are experiencing an issue on selinux enforcing machines:
Apparently, the
useraddcommand is not allowed to create directories in/usr/lib/:As a workaround, it's possible to create the directory before installing the package or defining a custom selinux policy. However, I think it would be a good idea to add a
mkdirin thepreinstallscript before executing theuseraddcommand or allow the user to overwrite the home directory.The text was updated successfully, but these errors were encountered: