search

saltstack / salt

Software to automate the management and configuration of any infrastructure or application at scale. Get access to the Salt software package repository here:
https://repo.saltproject.io/
Apache License 2.0
14.17k stars 5.48k forks source link

[BUG] selinux.fcontext_policy_present fails the first time: selinux module could not be loaded #65718

Open leeclemens opened 10 months ago

leeclemens commented 10 months ago

Description The first time state.apply is called, the state fails. The second time works as expected.

     Comment: State 'selinux.fcontext_policy_present' was not found in SLS 'files.mystate'
              Reason: 'selinux' __virtual__ returned False: selinux module could not be loaded

Setup

/custom/scripts_selinux:
  selinux.fcontext_policy_present:
    - name: /custom/scripts(/.*)?
    - filetype: a
    - sel_type: bin_t

Please be as specific as possible and give set-up details.

AWS, called from user-data in Launch Template of AlmaLinux 9 x86_64 AMI, during initial boot.

Steps to Reproduce the behavior Launch Template calls salt-call state.apply on initial boot and fails.

2023-12-17 02:49:55,409 [salt.state       :323 ][ERROR   ][11453] State 'selinux.fcontext_policy_present' was not found in SLS 'files.mystate'
Reason: 'selinux' __virtual__ returned False: selinux module could not be loaded

Expected behavior I expected the state to be applied the first time salt-call state.apply was executed.

Screenshots N/A

Versions Report

Minion ```yaml Salt Version: Salt: 3006.5 Python Version: Python: 3.10.13 (main, Nov 15 2023, 04:34:27) [GCC 11.2.0] Dependency Versions: cffi: 1.14.6 cherrypy: 18.6.1 dateutil: 2.8.1 docker-py: Not Installed gitdb: Not Installed gitpython: Not Installed Jinja2: 3.1.2 libgit2: Not Installed looseversion: 1.0.2 M2Crypto: Not Installed Mako: Not Installed msgpack: 1.0.2 msgpack-pure: Not Installed mysql-python: Not Installed packaging: 22.0 pycparser: 2.21 pycrypto: Not Installed pycryptodome: 3.9.8 pygit2: Not Installed python-gnupg: 0.4.8 PyYAML: 6.0.1 PyZMQ: 23.2.0 relenv: 0.14.2 smmap: Not Installed timelib: 0.2.4 Tornado: 4.5.3 ZMQ: 4.3.4 System Versions: dist: almalinux 9.3 Shamrock Pampas Cat locale: utf-8 machine: x86_64 release: 5.14.0-362.8.1.el9_3.x86_64 system: Linux version: AlmaLinux 9.3 Shamrock Pampas Cat ```
Master ```yaml Salt Version: Salt: 3006.5 Python Version: Python: 3.10.13 (main, Nov 15 2023, 04:34:27) [GCC 11.2.0] Dependency Versions: cffi: 1.14.6 cherrypy: unknown dateutil: 2.8.1 docker-py: Not Installed gitdb: Not Installed gitpython: Not Installed Jinja2: 3.1.2 libgit2: Not Installed looseversion: 1.0.2 M2Crypto: Not Installed Mako: Not Installed msgpack: 1.0.2 msgpack-pure: Not Installed mysql-python: Not Installed packaging: 22.0 pycparser: 2.21 pycrypto: Not Installed pycryptodome: 3.9.8 pygit2: Not Installed python-gnupg: 0.4.8 PyYAML: 6.0.1 PyZMQ: 23.2.0 relenv: 0.14.2 smmap: Not Installed timelib: 0.2.4 Tornado: 4.5.3 ZMQ: 4.3.4 System Versions: dist: centos 7.9.2009 Core locale: utf-8 machine: x86_64 release: 3.10.0-1160.105.1.el7.x86_64 system: Linux version: CentOS Linux 7.9.2009 Core ```

Additional context salt-call state.apply is called from user-data (fails), then manually in SSH (succeeds)

jzandbergen commented 7 months ago 
dnf install policycoreutils-python-utils

That should do the trick. See #62171