Removing selinux-policy- package when another selinux-policy- package is present may break dnf (error: selabel_open: (/etc/selinux/targeted/contexts/files/file_contexts) No such file or directory error: Plugin selinux: hook psm_pre failed) and potentially the system (reboot may fail).
This is user error since they are supposed to adjust /etc/selinux/config, but because of the possibility of preventing the next boot, we should address it.
checkConfigConsistency does not address the issue unless some selinux-policy- is installed/updated in the same transaction as the selinux-policy- currently in use is removed (e.g. when selinux-policy-mls is installed in the same transaction as selinux-policy-targeted is removed and SELINUXTYPE=targeted).
How reproducible:
# dnf install selinux-policy-mls
# dnf remove selinux-policy-targeted
# dnf reinstall vim-enhanced
Reinstalling:
vim-enhanced x86_64 2:8.2.2637-20.el9_1 rhel-AppStream 1.8 M
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
RPM: error: selabel_open: (/etc/selinux/targeted/contexts/files/file_contexts) No such file or directory
RPM: error: Plugin selinux: hook tsm_pre failed
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: Could not run transaction.
Removing selinux-policy- package when another selinux-policy- package is present may break dnf (
error: selabel_open: (/etc/selinux/targeted/contexts/files/file_contexts) No such file or directory error: Plugin selinux: hook psm_pre failed
) and potentially the system (reboot may fail). This is user error since they are supposed to adjust /etc/selinux/config, but because of the possibility of preventing the next boot, we should address it.checkConfigConsistency
does not address the issue unless some selinux-policy- is installed/updated in the same transaction as the selinux-policy- currently in use is removed (e.g. when selinux-policy-mls is installed in the same transaction as selinux-policy-targeted is removed and SELINUXTYPE=targeted).How reproducible: