salt icon indicating copy to clipboard operation
salt copied to clipboard

Published 20 hours ago verified publisher icon saltstack

[BUG] selinux module/state - almalinux 8 - semanage bash command doesnt exist. stops selinux module from loading

Open ITJamie opened this issue 3 years ago • 1 comments

Description semanage command does not exist on almalinux 8. This stops selinux module / state from being used.

Setup (Please provide relevant configs and/or SLS files (be sure to remove sensitive info. There is no general set-up of Salt.)

Please be as specific as possible and give set-up details.

  • [x] on-prem machine
  • [x] VM (Virtualbox, KVM, etc. please specify)
  • [x] VM running on a cloud service, please be explicit and add details
  • [ ] container (Kubernetes, Docker, containerd, etc. please specify)
  • [ ] or a combination, please be explicit
  • [ ] jails if it is FreeBSD

Steps to Reproduce the behavior attempt to disable selinux

disable_selinux:
   selinux.mode:
     - name: disabled

----------
          ID: disable_selinux
    Function: selinux.mode
        Name: disabled
      Result: False
     Comment: State 'selinux.mode' was not found in SLS 'linux.shared.cpanel'
              Reason: 'selinux' __virtual__ returned False: selinux module could not be loaded
     Changes:

Backtracking of errors: https://github.com/saltstack/salt/blob/master/salt/states/selinux.py#L34 https://github.com/saltstack/salt/blob/master/salt/modules/selinux.py#L41 this is where the issue tracks down to. semanage does not exist. but "setsebool" & "semodule" do.

semanage
-bash: semanage: command not found
[root@cpaneltest ~]# cat /etc/os-release
NAME="AlmaLinux"
VERSION="8.6 (Sky Tiger)"
ID="almalinux"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.6"
PLATFORM_ID="platform:el8"
PRETTY_NAME="AlmaLinux 8.6 (Sky Tiger)"
ANSI_COLOR="0;34"
CPE_NAME="cpe:/o:almalinux:almalinux:8::baseos"
HOME_URL="https://almalinux.org/"
DOCUMENTATION_URL="https://wiki.almalinux.org/"
BUG_REPORT_URL="https://bugs.almalinux.org/"

ALMALINUX_MANTISBT_PROJECT="AlmaLinux-8"
ALMALINUX_MANTISBT_PROJECT_VERSION="8.6"

Expected behavior ability to at least disable selinux which was enabled. semanage does not appear to be needed to do that but the module currently enforces it

Screenshots If applicable, add screenshots to help explain your problem.

Versions Report

salt --versions-report (Provided by running salt --versions-report. Please also mention any differences in master/minion versions.) 
Salt Version:
          Salt: 3004.1

Dependency Versions:
          cffi: 1.11.5
      cherrypy: Not Installed
      dateutil: 2.6.1
     docker-py: 5.0.3
         gitdb: Not Installed
     gitpython: Not Installed
        Jinja2: 2.10.1
       libgit2: Not Installed
      M2Crypto: 0.35.2
          Mako: Not Installed
       msgpack: 0.6.2
  msgpack-pure: Not Installed
  mysql-python: Not Installed
     pycparser: 2.14
      pycrypto: Not Installed
  pycryptodome: Not Installed
        pygit2: Not Installed
        Python: 3.6.8 (default, Apr 29 2022, 13:46:02)
  python-gnupg: Not Installed
        PyYAML: 3.12
         PyZMQ: 19.0.0
         smmap: Not Installed
       timelib: Not Installed
       Tornado: 4.5.3
           ZMQ: 4.3.4

System Versions:
          dist: almalinux 8.6 Sky Tiger
        locale: UTF-8
       machine: x86_64
       release: 4.18.0-372.9.1.el8.x86_64
        system: Linux
       version: AlmaLinux 8.6 Sky Tiger

Additional context Add any other context about the problem here.

ITJamie avatar Jun 15 '22 15:06 ITJamie

I had the same problem. With RHEL 8 one needs to install package policycoreutils-python-utils

Earlier it was policycoreutils-python.

vineetraja avatar Jul 22 '22 08:07 vineetraja

Feels like that should be added to the rhel8 packages as a dependency...

ITJamie avatar Nov 07 '22 23:11 ITJamie